Access to a web server from outside(ASA 5505)
Heelo, need kindly advice
i`ve configured NAT rules as following:
object network HWebServer
host 10.43.1.11
description OutsideWebserver
object network HWebServer
nat (inside,outside) static interface service tcp 80 8087
then set access rules to allow 8087 port on outside interface.
but still, cannot open 10.43.1.11:8087 from internet side
what can be done to solve?
thanks in advance
Komil
Hi,
The NAT configurations is fine but the problem is with the ACL you have configured.
Since Cisco introduced the new NAT configuration format in the ASA Software versin 8.3 (and above) you have to allow traffic always to the real IP address and to the real port also.
Your problem seems to be that you have allowed traffic to the mapped port TCP/8087 and not the real port TCP/80.
So make a rule that allows port TCP/80 from the external network and then try again.
The reason why you need to allow connections to the real IP address and real port is because the ASA first does the UN-NAT for the destination address and port and after that it checks the interface ACL and since the UN-NAT has been done the destination in that case is the Real IP and the destination port the Real Port.
Hope this helps :)
- Jouni
Similar Messages
-
Cannot access internal web server from same lan
i cant resolve one problem in may 1921 ISR router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it works fine but i cannot view that site from internal workstations can you suggest me what to do. i need packets to go out the outgoing interface of router and then come back and enter the static nat wich will direct to the web server is it possible?
static nat is
ip nat inside source static tcp <local web server adress> 80 <global address> 80
also i have set up dinamic nat for outgoing trafic
ip nat inside source list <access-list> interface <outgoing interface>
and it is working fine too.
on external interface i have nat outside
on internal interface i have nat insideThis is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic
Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler
M
Sent from Cisco Technical Support iPad App -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Can't access server from Outside
Hi all,
I couldn't access my server from Outside. Seem the setting is OK as i see it but please see if I missed out anything.
From Outside, I need to access http://60.x.x.50:8080. but failed to access. Please help. Thanks.
Below I attached part of the config.
: Saved
ASA Version 8.0(4)
name 172.47.1.10 NarayaServer description Naraya Server
name 62.x.x.172 NarayaTelco1
name 62.x.x.178 NarayaTelco2
interface Ethernet0/0
nameif outside
security-level 0
ip address 60.x.x.50 255.255.255.252
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.27.17.100 255.255.0.0
access-list inside_access_in extended deny ip any Japan02 255.255.255.0
access-list inside_access_in extended deny tcp object-group PermitInternet any object-group torrent1
access-list inside_access_in extended permit ip object-group PermitInternet any
access-list inside_access_in extended permit ip host NAVNew any
access-list inside_access_in extended permit ip host NarayaServer any
access-list inside_access_in extended permit ip host IPVSSvr any
access-list inside_access_in extended permit ip host 172.17.100.30 any
access-list outside_access_in extended permit object-group NECareService object-group NECare any
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 host NarayaServer
access-list outside_1_cryptomap extended permit ip host NarayaServer object-group Nry_Png
access-list outsidein extended permit tcp any host 60.x.x.50 eq https
access-list outsidein extended permit tcp any host 60.x.x.50 eq 8080
access-list outsidein extended permit ip object-group DM_INLINE_NETWORK_3 host IPVSSvr
access-list outsidein extended permit object-group rdp any host 60.x.x.50
access-list inside_mpc extended permit object-group TCPUDP any any eq www
access-list inside_mpc extended permit tcp any any eq www
access-list inside_nat0_outbound extended permit ip host NarayaServer any
ip local pool lot10ippool 172.27.17.240-172.27.17.245 mask 255.255.255.0
ip verify reverse-path interface outside
global (outside) 10 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 8080 NarayaServer 8080 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 NAVNew 3389 netmask 255.255.255.255
access-group outsidein in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 60.54.140.49 1
route inside 0.0.0.0 255.255.255.255 60.54.140.49 1
route inside 172.17.100.20 255.255.255.255 172.27.17.100 1
route inside NAVNew 255.255.255.255 172.27.17.100 1
route inside 172.17.100.30 255.255.255.255 172.27.17.100 1
route inside NarayaServer 255.255.255.255 172.27.17.100 1
http server enable
http 172.17.100.30 255.255.255.255 inside
http NAVNew 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outsideHello Mohd,
Here are the facts:
I honestly think you need to change that route statement as it basically says if you want to contact the NARAYASERVER send the packet via the INSIDE interface to the IP address 172.27.17.100
route inside NarayaServer 255.255.255.255 172.27.17.100
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.27.17.100 255.255.0.0
So basically send the packet to yourself (Does not make any sense.. Try to read it so you can understand what I mean.
The NAT 0 is breaking the translation.
access-list inside_nat0_outbound extended permit ip host NarayaServer any
nat (inside) 0 access-list inside_nat0_outbound
Do the following :
access-list inside_nat0_outbound permit ip host NarayaServer OTHER_site_VPN_subnet
no access-list inside_nat0_outbound extended permit ip host NarayaServer any
Then u should be able to connect,
Let me know if you will follow my instructions, otherwise I think I am not helping here
Note: As you already mark the question as answered you could provide kudos (stars) on my next answers
Cheers,
Julio Carvajal Segura -
Error when trying to access a secured web service from Forms 10g 10.1.2.3
Hello,
I'm trying to access a secured web service from Forms10g 10.1.2.3 but i'm getting the next error when pressing the button the first time:
java.rmi.RemoteException: ; nested exception is: HTTP transport error: javax.xml.soap.SOAPException:
java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 UnauthorizeWhen i press the button a second time i got this error:
javax.xml.rpc.soap.SOAPFaultException: The SOAP request is invalid. The required node 'Envelope' is missingThis is the code i have in my button:
DECLARE
jo ora_java.jobject;
pdfObject ora_java.jobject;
pdf varchar2(900);
rv varchar2(100);
ex ora_java.jobject;
BEGIN
JO := SEARCHSOAPCLIENT.new;
SEARCHSOAPCLIENT.setUsername(JO,'weblogic');
SEARCHSOAPCLIENT.setPassword(JO,'welcome1');
pdfObject := SEARCHSOAPCLIENT.quicksearch(JO,'1234',NULL);
pdf := SEARCHSOAPCLIENT.tostring(pdfObject);
message(pdf);
message(' ');
EXCEPTION
WHEN ORA_JAVA.JAVA_ERROR then
message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
WHEN ORA_JAVA.EXCEPTION_THROWN then
ex := ORA_JAVA.LAST_EXCEPTION;
:error := Exception_.toString(ex);
END;When i run it from JDeveloper it works, this is a portion of java code the proxy web service has:
import oracle.webservices.transport.ClientTransport;
import oracle.webservices.OracleStub;
import javax.xml.rpc.ServiceFactory;
import javax.xml.rpc.Stub;
public class SearchSoapClient {
private webservicesproxywebcontent.proxy.SearchSoap _port;
public SearchSoapClient() throws Exception {
ServiceFactory factory = ServiceFactory.newInstance();
_port = ((webservicesproxywebcontent.proxy.Search)factory.loadService(webservicesproxywebcontent.proxy.Search.class)).getSearchSoap();
this.setUsername("weblogic");
this.setPassword("welcome1");
System.out.println("callling from _port "+ _port.quickSearch("1234234", null));
* @param args
public static void main(String[] args) {
try {
webservicesproxywebcontent.proxy.SearchSoapClient myPort = new webservicesproxywebcontent.proxy.SearchSoapClient();
System.out.println("calling " + myPort.getEndpoint());
} catch (Exception ex) {
ex.printStackTrace();
* delegate all operations to the underlying implementation class.
public QuickSearchResult quickSearch(String queryText, IdcPropertyList extraProps) throws java.rmi.RemoteException {
return _port.quickSearch(queryText, extraProps);
}Also the secured web service was generated from Webcenter Content 11.1.1.6 that is why it's a secured web service.
Kind Regards
CarlosWithout going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.
-
How to change web server from inbuilt Tomcat to IIS in already configured Cold Fusion 10
how to change web server from inbuilt Tomcat to IIS in already configured Cold Fusion 10
You just need to run the Web Server Configuration Tool to connect ColdFusion to IIS. It can be found in the ColdFusion program group off of the Start menu. Be sure to run it "As Administrator".
-Carl V. -
How to uninstall Apache web server from 9.2.0.7.0/windows
Hi All,
Due to security vulnerability issues we would like to uninstall the Apache Web server from the currently installed oracle 9i version 9.2.0.7.0 on the windows box.
One of the production database is associated with the current oracle version.
I really don't know is it possible to uninstall Apache Web server from the oracle version, if we can uninstall is there any documentation available from oracle metalink?
Please let me know what is the correct procedure to uninstall Apache Web server.
Thanks in advance,
karv.Using the Oracle Universal Installer, click the uninstall button and see if the Web server appears in the list of installed products. If so you should be able to uninstall it there.
-
Can't access SSL-secured web content from Remote Desktop Server
I am running RDS on Windows Server 2008R2. No Remote App or Gateway Services, just straight up Remote Desktop.
After making a RDP connection to the server, when trying to access any SSL-secured website, Internet Explorer displays the error "Internet Explorer cannot display the webpage" with a button labeled "Diagnose Connection Problems." It's the same generic
IE message that appears when DNS lookups fail. This failure to make SSL connections also manifests itself with Exchange autodiscover not working.
Strangely enough, Administrator is able to make SSL connections just fine, just not any other users. The server is otherwise completely functional.Hi cyborganic,
To narrow down this issue, Would you like to confirm the following questions:
1.
Does this issue exist when accessing all secured web sites or just some of them? Please try to access
https://www.microsoft.com.
Does it work?
2.
Does this issue exist when a user logs on to the console of the problematic server and then access a secure web site? In this way, we can isolate whether the problem is related
to RDS.
3.
You mentioned that administrator can access properly. As a test, can a problematic user be able to access the SSL site properly if you add him/her to the Administrators group
temporarily?
Meanwhile, Please help to make sure the “Cryptographic services” is set to Automatic Start.
Here, There are some suggestions for
General troubleshooting
Suggestion #1:
=====================================================================
Run the Network Diagnostics tool in Internet Explorer
To do this, follow these steps:
1.
Start Internet Explorer, and then try to access the Web page that is displaying the error message.
2.
On the page that displays an Internet Explorer error message, click the
Diagnose Connection Problems link. The Network Diagnostics tool will run. When the tool has finished running, it will report one of the following results:
o
It was unable to find a problem.
o
It has detected a problem. Additionally, the tool will provide guidance about the next steps to take to troubleshoot the problem.
Note
Internet Explorer 6 users click Detect Network Settings
3.
Click
IP Address, and note the IP Address. You may need it for future troubleshooting.
4.
Follow the steps in the Network Diagnostics tool to fix any connection problems.
5.
Start Internet Explorer.
If you receive the same error message, go to the next method.
Suggestion #2:
=====================================================================
Use the Delete Browsing History feature
If resetting the modem or the router did not resolve the problem, deleting your browsing history might help. Follow
these steps to remove your temporary Internet files, history, and form data:
Internet Explorer 8
1.
Start Internet Explorer.
2.
On the
Tools menu, click Internet Options.
3.
Under
Browsing history, click Delete.
4.
Select the check box next to
Preserve Favorites website data.
5.
Select the check box next to
Temporary Internet Files.
6.
Select the check box next to
Cookies.
7.
Select the check box next to
History.
8.
Select the check box next to
Form data.
9.
Select the check box next to
InPrivate Filtering data.
10.
At the bottom of window, click
Delete.
11.
Close Internet Explorer, start Internet Explorer again, and then try to access the Web page.
Suggestion #3:
=====================================================================
Use the Internet Explorer (No Add-ons) mode
To do this, click
Start, point to All Programs, point to
Accessories, point to System Tools, and then click
Internet Explorer (No Add-ons).
Note Internet Explorer (No Add-ons) mode is only available for Internet Explorer 7 and Internet Explorer 8.
If this resolves the issue, follow these steps to isolate the browser add-on that is causing the issue:
1.
Click
Tools, and then click Internet Options.
2.
Click the
Programs tab, and then click Manage add-ons.
3.
Click an add-on in the
Name list, and then click Disable.
4.
Repeat step 3 until you identify the add-on that is causing the issue.
If this issue still persists, Pls refer to the following link for
Advanced troubleshooting
You receive an error message in Internet Explorer: "Internet Explorer cannot display the webpage”
http://support.microsoft.com/kb/956196 -
I would like to setup a new messaging service between my employees because we have issues with most online services. I'm thinking of getting a Mac Mini Server, so I can run Messages Server, but I have an employee outside my network. Can they login to the server remotely to use the Messages Server?
ThanksIf you're talking about setting up and using the Jabber messaging service provided by OS X server then yes, it's really easy to set up and use in and out of the office. The only trick it is, and also most other services, is a correct DNS setup so you're able to connect and use the server from the "outside".
I use this myself (via Lion server rather than Moutain Lion server) from behind a dynamic IP addressed ADSL line and have no problems whatsoever. -
Hello
I am trying to learn something new here. We have web server inside our organization its IP address is 172.16.0.35. We want outside Internet users to access web server, How is it possible? Please have a look at the running configuration. Web server is working inside the organization but not at outside. Our Static Public IP is 197.255.232.15 it is assigned to Inetrface Gigabit ATM0.1 and ISP default GW is 197.255.232.1. Let me know whats next? How do I make web server inside the organization available for outside Internet users. Thank you.
Building configuration.
Current configuration : 1983 bytes
! Last configuration change at 17:57:15 UTC Sat Jan 24 2015
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router_test
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
ip dhcp excluded-address 172.16.0.34
ip dhcp pool test
network 172.16.0.32 255.255.255.224
dns-server 197.255.224.18 197.255.224.66
default-router 172.16.0.34
lease 9
ip cef
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGL1818236L
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description ATM Routed Bridge Encapsulation (RBE) Internet
ip address 197.255.232.15 255.255.248.0
ip access-group netin in
ip access-group netout out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
atm route-bridged ip
bridge-group 1
bridge-group 1 spanning-disabled
pvc 0/35
encapsulation aal5snap
protocol ip inarp
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
description Lan
ip address 172.16.0.34 255.255.255.224
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1454
interface Dialer1
no ip address
ip default-gateway 197.255.232.1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list natlist interface ATM0.1 overload
ip nat inside source static tcp 172.16.0.35 443 197.255.232.15 443 extendable
ip route 0.0.0.0 0.0.0.0 ATM0.1 197.255.232.1
ip access-list extended natlist
permit ip 172.16.0.32 0.0.0.31 any
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
end
http://pastie.org/9858814Hi Karsten Iwen
I deleted ( ip access-group netin in and ip access-group netout out) but it still does not work
my config :
Building configuration...
Current configuration : 2267 bytes
! Last configuration change at 15:43:06 UTC Wed Jan 28 2015
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
ip dhcp excluded-address 172.16.0.34
ip dhcp pool my
network 172.16.0.32 255.255.255.224
dns-server 197.255.224.18 197.255.224.66
default-router 172.16.0.34
lease 9
ip cef
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGL1818236L
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description ATM Routed Bridge Encapsulation (RBE) Internet
ip address 197.255.232.15 255.255.248.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly in
atm route-bridged ip
pvc 0/35
encapsulation aal5snap
no protocol ip inarp
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
description
ip address 172.16.0.34 255.255.255.224
ip nat inside
no ip virtual-reassembly in
ip tcp adjust-mss 1414
interface Dialer1
no ip address
ip default-gateway 197.255.232.1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list natlist interface ATM0.1 overload
ip nat inside source static tcp 172.16.0.35 443 197.255.232.15 443 extendable
ip route 0.0.0.0 0.0.0.0 ATM0.1 197.255.232.1
ip access-list extended natlist
permit ip 172.16.0.32 0.0.0.31 any
line con 0
no modem enable
line aux 0
line vty 0 4
end
Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 197.255.232.15:5183 172.16.0.33:5183 212.95.74.5:80 212.95.74.5:80
tcp 197.255.232.15:5196 172.16.0.33:5196 212.95.74.5:80 212.95.74.5:80
tcp 197.255.232.15:5602 172.16.0.33:5602 174.129.246.27:80 174.129.246.27:80
tcp 197.255.232.15:5785 172.16.0.33:5785 31.13.93.3:443 31.13.93.3:443
tcp 197.255.232.15:443 172.16.0.35:443 --- --- -
Creating Node data on Author server from outside source?
I was wondering if it is possible to create node data on the author server from an outside source such as the publish server, without using reverse replication?
IE,
User accessing form page on publish server, enters data, submits the form. Which somehow would create node data directly on the author server without storing any data on the publish server.
Is this even possible?
ThanksThank you for all the responses.
Yes I do agree that not using reverse replication as the system is designed is not exactly a wise design choice. The problem I am facing is that the end user generated content is security sensitive and cannot be store on the publish instance. (Even temporarily)
I have managed to write a servlet on the Author server to accept the post data and create node data on the Author repository.
However to do this, I have had to disable login/security on the Author server for the servlet path (IE /bin/posthandlerservlet ) so that the author servlet can be accessed from the outside. Firewall has also been adjusted to let traffic through as well.
Now my remaining question would be, is opening up this path to the Author server much more dangerous and less secure that creating the node data on the Publish server in a place that protected access? We are really worried that the node created data on the publish server could somehow be accessed by end users in the event of a security problem. -
How do I access Mountain Lion OS Server from my Macbook Air?
Have successfully installed the software and set up storage. How do I access the network from my Macbook Air? Thanks much in advance!
What OS X Server services do you have enabled (i.e. File Sharing, FTP, Time Machine, VPN, etc.)?
Did you enable Screen Sharing on your server from within System Preferences/Sharing? Screen Sharing will allow you to remotely administer your Mac Mini server from your MBA while on your LAN. -
How to save uploaded image file to Apache Web Server from Tomcat
Hi guys,
Perhaps this is not an appropriate topic to ask under this forum but I really don't know where should I post my question. Hope you understand.
Ok, I need to know if my web application is running in Tomcat5 and user uploading some image file where I need to save these image files to the other server, which is running Apache Web Server. Should I ftp to there or other better method ?
Anyone got a better idea on doing this kind of process pls advice. Many Thanks !
regards,
Markif your Apache server is running in the same computer and if your servlet have write access to the folder in apache under which you want to save the file you can just write the file there but you will have to address concurrency issues.
Otherwise you will have to do ftp but since apache does not have abuilt in frp server you will need a seperate FTP server for this -
Access SAP Data Archival file from outside SAP
Hello Everyone,
I have a requirement to archive the SAP data, dump that outside SAP in some other system like ILM or BI and build a reporting tool on top of that data.
So, basically customer want to shutdown the SAP and want to retain data for legal and audit pourpose.
I was doing some RnD and done archiving of MM_EKKO using SARA. the file got generated with extention .ARCHIVE. I donwnloaded teh file but it is encoded file with all special character in it.
My question is:
1. How can I read the archieved SAP data from outside SAP system.
2. Can we decode the .ARCHIVE file to get it in .DAT format?
3. Or Is there any other way to access the SAP data outside SAP in a report format.
Thanks,
Chintan SOni.Hi Chintan,
1. How can I read the archieved SAP data from outside SAP system.
For this you could refer SAP Note 460620 - Migrating archive files
2. Can we decode the .ARCHIVE file to get it in .DAT format?
As per my knowledge,it's not possible to decode or move to .DAT format.
3. Or Is there any other way to access the SAP data outside SAP in a report format.
Refer my first response & the SAP note.
Hope this will help you.
Good luck !!
Gaurav -
I cannot access the embedded web server on my 7400, unable to connect to the url
I am unable to connect to the embedded web server on my 7400. I enter the IP from the network printout but the browser cannot find the printer
Download and run this utility: http://h20180.www2.hp.com/apps/Nav?h_pagetype=s-926&h_lang=en&h_client=s-h-e17-1&h_keyword=dg-NDU&ju...
What does it say?
Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
I am employed by HP
Maybe you are looking for
-
Printer Sharing with eMac, iMac, and iBook not working
Hello, everyone. I hope you guys can help me out with this: I have an Epson Stylus CX4600 hooked up to my eMac via USB. My eMac prints fine with it. The eMac is getting its internet via an Ethernet wire going downstairs into my Linksys Router, which
-
Sending pdf attachments via e-mail in BSP
Hi all, i have written a code for sending email to a given mailid with some text but can anyone tell me step to step procedure for sending pdf attchments to mailid. Thanks and Regards, Sneha Puppala.
-
The built in feedback addon doesn't work.
I was attempting to provide feedback about significant lag while switching tabs (4.0b6 on Fedora 13). However, once I'd added my comment and attempt to submit it, I recieved the following error message: Forbidden (403) CSRF verification failed. Reque
-
Getting "Oops! Your Skype Name isn't an email addr...
I'm using the latest version of Skype for Desktop, and getting the following error message when trying to login. Oops! Your Skype Name isn't an email address.. Try again or choose another way to sign in. I've successfully logged in with the same info
-
0FISCPER3 - Default to last closed period in Report Variable
Hi all, We have a requirement in our reports to default the Posting Period to last closed period. In the InfoCube we have 0CALMONTH (In Period) and also 0FISCPER3 (Posting Period). The values for Posting Period varies from 1 to 16. What is the functi