Accessing HTMLDB application outside of firewall....
If I develop an HTMLDB application on my database server that is inside my corporate firewall, how do I have people outside the firewall access it. Do I need to open one or more ports on the firewall? Using the same situation, is it possible to access this application externally from a Portal page?
Thanks,
Brett
As already mentioned this issue is not really an Apex issue, but an issue between your webserver ports and your InfoSec firewall folks. You also want to consider whether the data is sensitive enough to warrant HTTPS with SSL encrypted traffic rather than straight HTTP. At our institution we generally require HTTPS for corporate data but since the encryption requires a lot of processing it affects your application server performance. We have gone to a BigIP switch for all our HTTPS public ports, then from BIgIP to the app server we are behind the firewall and run http. So the Public Portal URL is https to the BigIP which then negotiates with the App servers. Our Network BigIP engineer works out the fiewall rules with our InfoSec folks. This approach offloads all the encryption processing to a dedicated hardware switch rather than to the app server. BigIp also allows for additional rules that can be set up to force certain URLs to require a VPN, for example.
Pat
Similar Messages
-
Issues with accessing forms applications behind a firewall & caching proxy
We have web enabled an forms application and has the following set-up at server end.
Machine no 1. Oracle Forms Server 6i with patch level 1 listening on HTTP/Port 80 on a windows NT box.
Machine no 2. Apache Webserver. listening on HTTP/Port 80
Both the machines are behind a firewall which allows only HTTP on port 80.
At clients end we have
1. a firewall which allows only HTTP on port 80.
2. a caching proxy server
The client machine connects through the caching proxy server.
When the client connects the applet gets downloaded and initialised, the form server log shows the following
-Forms Server Log-----
[09/27/00 15:01:09 India Standard Time]::LISTN: Connection Request [ConnId=13, Addr=194.120.163.251:16278]
[09/27/00 15:01:09 India Standard Time]::RUNFORM Client Connected [ConnId=13, PID=188]
at the same time at the client side we get a FRM-92050 error: Failed to connect to server fs.formserver.com:80
Please help
Thanks
nullThanks Henrique.
This is not very promising but it confirms there is a potential issue
How did you manage to solve the problem, allowing the NW server/application to perform direct accesses?
Adalbert -
Accessing HTMLDB beside a firewall - changing port number ?
I would like to access to my HTMLDB environment beside a firewall.
Is it possible to migrate the port from :7781 to :80 ? and how ?
Thanks a lot.
E. TessierE.,
HTML DB doesn't know anything about ports. You can configure Apache to listen on whatever ports you need. No HTML DB configuration is involved.
Scott -
Is there a way to access 11i from outside other than Self service?
Is there a way to access 11i from outside other than Self service?
I could connect any application from inside the firewall (basically router) and can not access screens from outside. Eventhough port forwarding 80 allows us upto initial screen, it does not go further.
Any workaround/suggestions
JiltinHi Jiltin,
If you can migrate your forms server into Forms Listener Servlet.This will allow you to use forms outside firewall provided atleast one port(assuming yours 80) is open.
Ref to the M.Link Note 201340.1 for how to setup forms listener servlet.
Magesh -
HI friends i am facing issue regarding the hosting of an application on the firewall .
Dear friends i configure public ip on firewall interface ,and i have one more public ip for hosting of the sqp application publicly,so please how can i do this can any one let me know configuration is below.
THE BELOW ARE THE IP ADD FOR THE SERVER HOSTING ,AND CONFIGURATION OF THE FIREWALL AND ROUTER FOLLLOW BELOW.
PC IP : 72.93.232.66
Subnet Mask: 255.255.255.252
Gate Way ( Router IP ) : 72.93.232.65
Domain Name : www.hrmstadrees.com
Server Local IP for Application: http://10.10.10.4/MenaITech/Mename/
ASA-CONFIG
ASA Version 8.2(5)
domain-name RAQ.com
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description Connected to TAD-Router G0/1
nameif outside
security-level 0
ip address 72.93.19.174 255.255.255.252
interface Ethernet0/1
description Connected to Cisco SMB Switch G1
nameif inside
security-level 100
ip address 10.15.1.1 255.255.255.248
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
no ip address
management-only
banner login ******** RAQ FIREWALL ********
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 84.22.224.11
name-server 84.22.224.12
domain-name tadrees.com
access-list split-tunnel standard permit 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.1.1.0 255.255.255.0
access-list Mename-Access extended permit tcp any host 72.93.19.174 eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool sslvpnpool 10.1.1.1-10.1.1.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-702.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.10.10.4 www netmask 255.255.255.255
access-group Mename-Access in interface outside
router rip
network 10.0.0.0
version 2
route outside 0.0.0.0 0.0.0.0 72.93.19.173 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TAD-AD protocol nt
aaa-server TAD-AD (inside) host 10.10.10.1
aaa authentication ssh console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 2
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
no anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy sslvpn internal
group-policy sslvpn attributes
wins-server none
dns-server none
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value tadrees.com
group-policy DfltGrpPolicy attributes
webvpn
svc ask enable default webvpn timeout 30
username admin password s8Vngsgpp8NmOJP7 encrypted privilege 15
username cisco password HWFflA1bzYiq7Uut encrypted privilege 15
tunnel-group TAD-SSLV type remote-access
tunnel-group TAD-SSLV general-attributes
address-pool sslvpnpool
authentication-server-group TAD-AD LOCAL
default-group-policy sslvpn
tunnel-group TAD-SSLV webvpn-attributes
group-alias ssl enable
group-url https://72.93.19.174/ssl enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c23556bcb54d60cbd598593f6429d106
: end
ROUTER CONFIGURATION
RAQ-Router#sho run
Building configuration...
Current configuration : 5623 bytes
! Last configuration change at 13:59:42 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname TAD-Router
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
no aaa new-model
no ipv6 cef
ip source-route
no ip cef
ip domain name yourdomain.com
ip name-server 8.8.8.8
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1513054491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1513054491
revocation-check none
rsakeypair TP-self-signed-1513054491
crypto pki certificate chain TP-self-signed-1513054491
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353133 30353434 3931301E 170D3132 30393236 31363239
33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313330
35343439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AADE 6F39CF31 6832A80B DBCC6E4D 82AA4F8A B71E7118 50B53E0E FD94E7E9
A6557FD6 30A099C0 D44E36BA 92CBE1EB 1C2789B6 A1260D38 B24637A5 255F18D7
0B6F2B70 44CF0583 DADB7687 E4102B24 4FA18CDA 36A7CA2A 96F78C1C B92214D8
087DC6D5 240F7449 DBC4AD01 17FBDC0A 9ECC24DF C7D57E33 9C9CF327 27F2A905
78470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D06F56 4B82A937 E11730CB BDEECF51 BDAE337F 98301D06
03551D0E 04160414 D06F564B 82A937E1 1730CBBD EECF51BD AE337F98 300D0609
2A864886 F70D0101 05050003 8181005A 297C5954 817B8D56 1443D1D5 B21DBA42
F7EC486D B82CBA55 C2953C0E 756FAC1F B04C48C3 D208E4AF DE412F1C C4A97B38
856AC4F2 A664C6CB 3E241FB6 4AD2DC4B BE5B4809 DE6269CC 0826E822 33F853B3
3FE1E0E9 AA125902 C632B6E6 BE2EC625 0F7F2259 F408844B 9813429F 422EDBE0
ADE0EA0D A2138291 D806C4F1 72C4A9
quit
license udi pid CISCO2911/K9 sn FCZ1633771T
username bciscoadmin password 0 tadreesadmin
username cisco privilege 15 password 0 c1sc0
ip ssh version 1
track 1 interface Dialer0 ip routing
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Connected to Internet Temp
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 72.93.19.173 255.255.255.252
ip tcp adjust-mss 1452
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
pvc 0/99
pppoe-client dial-pool-number 1
interface Dialer0
no ip address
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 0 123456
ppp pap sent-username [email protected] password 0 123456
no cdp enable
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
banner login ^CC
** TADREES PRIVATE NETWORK ..... AUTHORIZED USERS ONLY **
***************************************************************^C
banner motd ^CC
==================
WARNING
==================
If you are an unauthorized user LOG OFF NOW, all unauthorized access will be prosecuted to the full extent of the law
This is a Private Network Device. This resource including all related equipment, networks and network devices, are provided for authorized Private use. Private systems are monitored for all lawful purposes, including ensuring authorized use, for manageme
The monitoring on this system may include audits by authorized personnel to test or verify the validity, security and survivability of this system. During monitoring information may be examined, recorded, copied and used for authorized purposes. All
Use of this system, constitutes consent to this policy and the policies and procedures set forth by the company
Evidence of unauthorized use collected during monitoring will be used for criminal prosecution by staff, legal counsel and law enforcement agencies.^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endLet me get this correctly, you want to access the server over the public IP?
-
Should I place a weblogic server outside my firewall?
I am looking at setting up an app server running an HR application. I want employees to be able to access it from home and internally at work. One option is to set up two app servers one internally and one externally outside the firewall. Another option someone suggested was to just set up some kind of external apache server that just redirects traffic to the internal app server through an open port in the firewall. I'm not sure what is best or what is most secure. I have a lot of reading to do. Can anyone advise on the pros and cons or suggest some good reading material? I will be using the most recent version of weblogic. Thanks.
You can set up reverse proxy and allow external users to access it via the reverse proxy.
Internal users will anyways have access to WLS. -
Restricting roles outside a firewall
Hello we are currently implementing Campus Solutions - our first Peoplesoft application. I have many question but firstly I would like to ask whether there was a possibility of restricting the scope of the Campus Solution application when it is accessed outside our firewall. In our current implementation of Oracle E-Business suite we offer Staff and Manager self-service to all users in all locations. To support this we have a dedicated application tier and a seperate URL that will only ever allow the Staff and Manager responsibilities to be displayed and used, irrespective of whether a user has additional responsibilities. Is it possible to implement CS in a way so that internally to the domain all roles are available but externally only Student and Staff self service roles can be accessed?
Hi,
Im not clear why the SP level is a problem here. Could you please clarify?
It should'nt be a problem because, you would be implementing this solution at the OS level. XI has nothing to do with this right? So, SP level does not come into picture here.
The script at the OS level, will pick the files from the target outside the firewall, and put a minimum number of files(say 100 files)every 5 mins or so into a directory where XI is polling. Only when the files are in this XI directory, file adapter etc. come into picture. So where is the dependency with the SP level?
Regards,
Smitha. -
Access to application when external and internal address of EP are differen
I have a problem with access to application in portal. I deployed the application (ear) and it is available by address http://noss.inside.bcc.com.pl:54100/forum/index.jsp in our intranet. External address of portal is https://portal.bcc.com.pl. My application is unavailable outside the company, because in url iView there is an address of internal network. I've tried to use relative address /forum/index.jsp, but it doesn't work. Is there any kind of iView, which can solve my problem?
Hi Julia,
have a look at this Topic: <a href="https://forums.sdn.sap.com/thread.jspa?threadID=65920">How does portal connect a user to internal web site</a>. Basically it is the same problem. Unfortunately Jeremy had not described the solution in detail.
Regards
Gregor -
STATIC IP issues from outside of firewall
Hi
I’m having one issue, we have static IP and we NAT the same to some local IP for our internal needs. Whenever we tried to reach the static IP from outside of firewall(some other network), it is working properly. But when we try to ping or use that static IP in internal LAN that is not working.
192.168.0.149 is internal LAN I have NAT to 202.xxx.xxx.xxx static IP with port 80.
Please help me on this.
here is the device running configuration
Result of the command: "show running-config"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool clientpool 192.168.0.20-192.168.0.50 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 202.53.82.98 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group PW
name-server 202.53.64.202
name-server 202.53.72.13
name-server 192.168.0.16
name-server 192.168.0.8
same-security-traffic permit intra-interface
object network PW-LAN
subnet 192.168.0.0 255.255.255.0
object network USA
subnet 192.168.2.0 255.255.255.0
object network 202.53.82.110
host 202.53.82.110
object network PWHYD
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.151
host 192.168.0.151
object network 192.168.0.154
host 192.168.0.154
object network 192.168.0.156
host 192.168.0.156
object network 192.168.0.158
host 192.168.0.158
object network 192.168.0.159
host 192.168.0.159
object network 192.168.0.149
host 192.168.0.149
object network Rackspace
subnet 10.176.0.0 255.240.0.0
object network NETWORK_OBJ_10.176.0.0_12
subnet 10.176.0.0 255.240.0.0
object network 192.168.0.147_http
host 192.168.0.147
object service http
service tcp source eq www destination eq www
object network 192.168.0.14
host 192.168.0.14
object network 192.168.0.14_iCA
host 192.168.0.14
object network 192.168.0.159_http
host 192.168.0.159
object network 192.168.0.159_50100
host 192.168.0.159
object network 202.53.82.101
host 202.53.82.101
object network 192.168.0.159_8001
host 192.168.0.159
object network 192.168.0.192
host 192.168.0.192
object network 192.168.0.159_any
host 192.168.0.159
object network clientpool
range 192.168.0.20 192.168.0.50
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.192_DEV
host 192.168.0.192
object-group network PW-All-Sites
network-object 192.168.0.0 255.255.255.0
network-object object PWHYD
network-object object USA
network-object object clientpool
access-list 100 extended permit ip any any
access-list 100 extended permit icmp any any
access-list l2l-list extended permit ip object-group PW-All-Sites 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group PW-All-Sites 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.2.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 10.176.0.0 255.240.0.0
access-list outside_cryptomap_3 extended permit ip object-group PW-All-Sites object Rackspace
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static PW-LAN PW-LAN destination static Rackspace Rackspace
nat (inside,outside) source static PW-LAN PW-LAN destination static PWHYD PWHYD
nat (inside,outside) source static PW-LAN PW-LAN destination static USA USA
nat (inside,outside) source dynamic PW-LAN interface
nat (any,inside) source dynamic clientpool interface
object network 192.168.0.151
nat (any,any) static 202.53.82.102 service tcp 3200 3200
object network 192.168.0.154
nat (any,any) static 202.53.82.104 service tcp 3201 3201
object network 192.168.0.156
nat (any,any) static 202.53.82.107 service tcp 3201 3201
object network 192.168.0.158
nat (any,any) static 202.53.82.109 service tcp 3222 3222
object network 192.168.0.159
nat (any,any) static 202.53.82.101 service tcp 3201 3201
object network 192.168.0.149
nat (inside,outside) static 202.53.82.100 service tcp www www
object network 192.168.0.147_http
nat (any,any) static 202.53.82.110 service tcp www www
object network 192.168.0.14
nat (any,any) static 202.53.82.99 service tcp https https
object network 192.168.0.14_iCA
nat (any,any) static 202.53.82.99 service tcp citrix-ica citrix-ica
object network 192.168.0.159_50100
nat (any,any) static 202.53.82.101 service tcp 50100 50100
object network 192.168.0.159_8001
nat (any,any) static 202.53.82.101 service tcp 8001 8001
object network 192.168.0.192_DEV
nat (any,any) static 202.53.82.106 service tcp 3201 3201
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.53.82.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PW protocol radius
aaa-server PW (inside) host 192.168.0.16
key *****
user-identity default-domain LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set pwset esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set pwsethyd esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RackspaceSet esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal RackSpaceSecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal pwhydsetsecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal secure
protocol esp encryption aes 3des des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outsidemap 1 match address l2l-list
crypto map outsidemap 1 set peer 63.82.1.98
crypto map outsidemap 1 set ikev1 transform-set pwset
crypto map outsidemap 1 set ikev2 ipsec-proposal secure
crypto map outsidemap 2 match address outside_cryptomap
crypto map outsidemap 2 set pfs
crypto map outsidemap 2 set peer 115.119.186.194
crypto map outsidemap 2 set ikev1 transform-set pwsethyd
crypto map outsidemap 3 match address outside_cryptomap_3
crypto map outsidemap 3 set peer 67.192.250.53
crypto map outsidemap 3 set ikev1 transform-set RackspaceSet
crypto map outsidemap 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outsidemap interface outside
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
fqdn vpn.processweaver.com
subject-name CN=vpn.processweaver.com,OU=PWIT,O="ProcessWeaver,Inc",C=US,St=California,L=Fremont
keypair ciscovpn.key
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 47869fe5
3082046a 30820352 a0030201 02020447 869fe530 0d06092a 864886f7 0d010105
05003048 310b3009 06035504 06130255 53312030 1e060355 040a1317 53656375
72655472 75737420 436f7270 6f726174 696f6e31 17301506 03550403 130e5365
63757265 54727573 74204341 301e170d 30383132 32323233 34373339 5a170d32
38313232 32323334 3733395a 3081ae31 0b300906 03550406 13025553 3111300f
06035504 08130849 6c6c696e 6f697331 10300e06 03550407 13074368 69636167
6f312130 1f060355 040a1318 54727573 74776176 6520486f 6c64696e 67732c20
496e632e 31363034 06035504 03132d54 72757374 77617665 204f7267 616e697a
6174696f 6e205661 6c696461 74696f6e 2043412c 204c6576 656c2032 311f301d
06092a86 4886f70d 01090116 10636140 74727573 74776176 652e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e814
eea0da97 bd89bd0c cc8ddf08 fb060983 a823515b 013f34da 1f1f6ec1 e35865cb
0af9f387 c8c8faa1 ccf574e2 b8ae2d06 8480286f 5ac1225c 929442cd 1902125c
10627ea2 44fb165e 9c72b1ac ea04e615 aa99e85a f858b987 24e875cd 2588e258
925e8683 7f8a2353 ae8ae8a3 217e83af 40091849 afe1d05a b04f6fe2 31adf4f1
371fc92a e18bd68c 1231d427 1adfea6b 9e7853ed 9a19b0ce 45445b1b ef645921
fac7b7d1 d30c1ecb 88dafd23 3ff4ac2b a04d61d3 becade19 616124f1 f69cb496
bd9deb17 9f243978 e92350d3 015077d8 52642f3e 194f75b9 17b1da8d e0d0eddb
3713dc2f e05f8068 d7f487ba c11f1278 d0082717 7a98a69f d221ba4e 87bf0203
010001a3 81f43081 f1300f06 03551d13 0101ff04 05300301 01ff301d 0603551d
0e041604 145dd996 9a40c727 cb2c9ba2 eccf19ab c8afcc86 48301f06 03551d23
04183016 80144232 b616fa04 fdfe5d4b 7ac3fdf7 4c401d5a 43af300b 0603551d
0f040403 02010630 34060355 1d1f042d 302b3029 a027a025 86236874 74703a2f
2f63726c 2e736563 75726574 72757374 2e636f6d 2f535443 412e6372 6c305b06
03551d20 04543052 300c060a 2b060104 0181ed18 03003042 060f2b06 01040181
ed180303 03030404 03302f30 2d06082b 06010505 07020116 21687474 703a2f2f
7777772e 73656375 72657472 7573742e 636f6d2f 6c656761 6c2f300d 06092a86
4886f70d 01010505 00038201 010053f1 c8a017ec 6c8882b1 c024afd1 0858b32c
6f7bc15c 89926f88 fc4bc002 50932f5a 419859b6 e37f8c14 63777d45 3c88505e
a6815200 c8c5fe48 ee1f5dad de440b42 589ce167 5c43b6a0 8598ff16 d41a28be
76e12fe1 84f47eb9 27aa77cb 36b3fec3 fad217f6 e1624ed3 ccccb319 65d34ba8
e8b3d54c eaf64eae cbae3448 1f60cc58 e7e774c9 0135fd6a e0588ad2 16ebece9
3ebbf01d cfb6ff1e 0cb7bb39 e9b7981b c05221eb 3a3d7838 8ca9195f 27a4d07f
3661ab24 7e9ff82d 3f922963 becb10db 0d403602 a0d417a2 8d7f7e7c 99af455a
40cda26b 5cbe0ef3 d387fca1 10caaa33 b7ba4bc0 3da4218c 179ccfd8 bfe657fe
cdebfa30 1ad5fee8 2597a9be 3bea
quit
certificate 0649f9a965553e7df2709c06c4da1b09e17cd9
30820510 308203f8 a0030201 02021306 49f9a965 553e7df2 709c06c4 da1b09e1
7cd9300d 06092a86 4886f70d 01010505 003081ae 310b3009 06035504 06130255
53311130 0f060355 04081308 496c6c69 6e6f6973 3110300e 06035504 07130743
68696361 676f3121 301f0603 55040a13 18547275 73747761 76652048 6f6c6469
6e67732c 20496e63 2e313630 34060355 0403132d 54727573 74776176 65204f72
67616e69 7a617469 6f6e2056 616c6964 6174696f 6e204341 2c204c65 76656c20
32311f30 1d06092a 864886f7 0d010901 16106361 40747275 73747761 76652e63
6f6d301e 170d3134 30363131 30353330 33355a17 0d313530 32323331 31333033
355a3070 311e301c 06035504 030c1576 706e2e70 726f6365 73737765 61766572
2e636f6d 31163014 06035504 0a0c0d50 726f6365 73735765 61766572 31143012
06035504 070c0b53 616e7461 20436c61 72613113 30110603 5504080c 0a43616c
69666f72 6e696131 0b300906 03550406 13025553 30820122 300d0609 2a864886
f70d0101 01050003 82010f00 3082010a 02820101 00cc194c fbdd63f5 0b49141a
9d21063f a13136df e524cef9 c55e9331 e6c5bc67 43361421 cafb7dc1 d244942e
6fd02ee7 198e7f7e 48ca62c2 1c8e1a8e 20431d42 b24103f1 5fad9287 9f9dc2da
5002e0b4 cf14b414 31e0e691 26cfbc0c 1ee09d6d 8176a63d 6ad81c30 b2b69dbe
59ce7092 44c09e62 27f20c58 8bd8e38a a3d75a94 94bbca6f 7ad87b93 3892ddb0
3f00a693 e05b5fe8 7a71d36c 223e1ded 8afb8ee4 1eea579c 53d964df 467694e9
b7ffe4f9 22c6dd5e 33d0ffee 9fd57fed 621c62f1 4dc6f14e 6518de53 c2fd7d5d
b37913b8 69211fe5 e194a6bf f60bc88a 343a93dc 34526931 b41566e3 f38f219f
9a6cefd5 d6d60002 2442b3e5 b4096717 2ffea23d b1020301 0001a382 01623082
015e300b 0603551d 0f040403 0205a030 1d060355 1d250416 30140608 2b060105
05070302 06082b06 01050507 0301301d 0603551d 0e041604 14cd47cf 646a8932
7cecb024 9fd2a31a b54d73dc c0301f06 03551d23 04183016 80145dd9 969a40c7
27cb2c9b a2eccf19 abc8afcc 86483048 0603551d 20044130 3f303d06 0f2b0601
040181ed 18030303 03040403 302a3028 06082b06 01050507 0201161c 68747470
733a2f2f 73736c2e 74727573 74776176 652e636f 6d2f4341 30370603 551d1104
30302e82 1576706e 2e70726f 63657373 77656176 65722e63 6f6d8215 7774732e
70726f63 65737377 65617665 722e636f 6d303506 03551d1f 042e302c 302aa028
a0268624 68747470 3a2f2f63 726c2e74 72757374 77617665 2e636f6d 2f4f5643
415f4c32 2e63726c 30360608 2b060105 05070101 042a3028 30260608 2b060105
05073001 861a6874 74703a2f 2f6f6373 702e7472 75737477 6176652e 636f6d2f
300d0609 2a864886 f70d0101 05050003 82010100 0785070e 045d6201 3ffc49b5
88808587 b6418d0e 87dc7ae8 3204563b 6e51ff93 25e8ad7a 9a11d439 2439a533
768477ca 902fdfbe f0c58a04 e15bf6a5 63829d4b a36c7ccc 0af9532b f39ec31d
21cd6b74 d3adffc2 5f8ee1c4 92c07ac6 ab547346 c740f477 857a82fd 897029d5
1cfa9b55 b1064ab7 1274556c 6a14f7a8 b8705cd4 51d6b7f4 0a024f6d 1818918c
0cb15bc5 cd301684 38c2dcb8 2585b44c 18808e1b 823a6043 28da0194 280fa6c9
80831cbc 1179be24 fc391e54 965761e5 e51031e1 0c76c65f 187922d0 96be80c9
3de9a56e 41d0fd3f 76afaf49 4bc4ff4c 213aa474 60a742ba 2a8fb3bd c9349da3
1ac96b24 7b99cba5 a28c6647 7803cf2c ee70540c
quit
crypto ikev2 policy 10
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 28800
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.5.2-192.168.5.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint2 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_PWSSL internal
group-policy GroupPolicy_PWSSL attributes
wins-server none
dns-server value 192.168.0.16
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain value processw.local
webvpn
anyconnect keep-installer none
group-policy GroupPolicy_115.119.186.194 internal
group-policy GroupPolicy_115.119.186.194 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_67.192.250.53 internal
group-policy GroupPolicy_67.192.250.53 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy pw internal
group-policy pw attributes
dns-server value 192.168.0.16
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain none
username rajuvaradha password 6biM7HbMtaadT82k encrypted
username e172 password E1abOIw/eu.DKO/y encrypted
username e150 password dJMsBQfrQRISuR8n encrypted
username e134 password bLBixKKCoH5Udlk9 encrypted
username e182 password mirFopEi/OG0LT4d encrypted
username e192 password u2P6WXLa1k8.kA1w encrypted
username e184 password Rpt/S1N6et6Xwi7W encrypted
username u033 password pS5QN8QLvYFHJfoK encrypted
username u011 password HGFsDnR5XiFAzrcE encrypted
username u010 password 5R8mktMpyUYPCpTO encrypted
username u032 password rst8O1b/yrXsKVmu encrypted
username u002 password .u2izEtqOIC5D2fT encrypted
username admin password eY/fQXw7Ure8Qrz7 encrypted
username u012 password JClYI3r7x0T/ed26 encrypted
username u015 password 6tNvtB4hPcUNDyhE encrypted
username u014 password Wy6x8dPcSnMcAT1v encrypted
username u017 password xahCXrBaZWzW8aEp encrypted
username u006 password BCEOAmlRL6CbQfTV encrypted
username e006 password DG96SZQ2gBqIXEYv encrypted
username e034 password 1sG72DUjsY7nt81V encrypted
username u007 password vtcK6xerueHvqZJZ encrypted
username u016 password pZgySMnraNBlTTnL encrypted
username u025 password ulAXIX1u2.UD/KvT encrypted
username u008 password G4vmDF.mv3rXWa7h encrypted
username u019 password NxlycJwroZrzCSJ3 encrypted
username e019 password E9NaUPs18c0.PBnd encrypted
username u018 password 33CghGQSMjbWDfdb encrypted
username u009 password uaaSLEu55XXbD5Sr encrypted
username u028 password UMFMzXMs6He7.zR8 encrypted
username e097 password .UawdlGNiYnRHnzF encrypted
username e314 password ye2/LpVufAXvAUJ6 encrypted
username e327 password 6mKef3HGlnyb6hnu encrypted
username e343 password 0g33Wbvzi.NL1PjH encrypted
username e222 password e0.SFEwm1RqC6lLj encrypted
username e289 password /YrO2mEvMUr9zxq3 encrypted
username e201 password Eox2TB.HgdkKLuec encrypted
username e265 password fTk7Vxw0Z06AAbHi encrypted
username e251 password 6y7YjKQO1rP3nAQG encrypted
username e219 password p049Lf7jFLisN6UJ encrypted
username e269 password v7oFefIpmPGd307D encrypted
tunnel-group 63.82.1.98 type ipsec-l2l
tunnel-group 63.82.1.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group pw type remote-access
tunnel-group pw general-attributes
address-pool clientpool
default-group-policy pw
tunnel-group pw ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 115.119.186.194 type ipsec-l2l
tunnel-group 115.119.186.194 general-attributes
default-group-policy GroupPolicy_115.119.186.194
tunnel-group 115.119.186.194 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 67.192.250.53 type ipsec-l2l
tunnel-group 67.192.250.53 general-attributes
default-group-policy GroupPolicy_67.192.250.53
tunnel-group 67.192.250.53 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group PWSSL type remote-access
tunnel-group PWSSL general-attributes
address-pool clientpool
authentication-server-group PW LOCAL
default-group-policy GroupPolicy_PWSSL
tunnel-group PWSSL webvpn-attributes
group-alias PWSSL enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:80663f0c45d0a6736344cf989a7af706
: endHi Marius,
Thanks for your suggestion
i have followed the same, but i'm still not able to access the static IP internal LAN. here is the running config out put.
Result of the command: "show running-config"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool clientpool 192.168.0.20-192.168.0.50 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 202.53.82.98 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group PW
name-server 202.53.64.202
name-server 202.53.72.13
name-server 192.168.0.16
name-server 192.168.0.8
same-security-traffic permit intra-interface
object network PW-LAN
subnet 192.168.0.0 255.255.255.0
object network USA
subnet 192.168.2.0 255.255.255.0
object network 202.53.82.110
host 202.53.82.110
object network PWHYD
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.151
host 192.168.0.151
object network 192.168.0.154
host 192.168.0.154
object network 192.168.0.156
host 192.168.0.156
object network 192.168.0.158
host 192.168.0.158
object network 192.168.0.159
host 192.168.0.159
object network 192.168.0.149
host 192.168.0.149
object network Rackspace
subnet 10.176.0.0 255.240.0.0
object network NETWORK_OBJ_10.176.0.0_12
subnet 10.176.0.0 255.240.0.0
object network 192.168.0.147_http
host 192.168.0.147
object service http
service tcp source eq www destination eq www
object network 192.168.0.14
host 192.168.0.14
object network 192.168.0.14_iCA
host 192.168.0.14
object network 192.168.0.159_http
host 192.168.0.159
object network 192.168.0.159_50100
host 192.168.0.159
object network 202.53.82.101
host 202.53.82.101
object network 192.168.0.159_8001
host 192.168.0.159
object network 192.168.0.192
host 192.168.0.192
object network 192.168.0.159_any
host 192.168.0.159
object network clientpool
range 192.168.0.20 192.168.0.50
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.192_DEV
host 192.168.0.192
object network 202.53.82.100
host 202.53.82.100
object network 149
host 192.168.0.149
object-group network PW-All-Sites
network-object 192.168.0.0 255.255.255.0
network-object object PWHYD
network-object object USA
network-object object clientpool
access-list 100 extended permit ip any any
access-list 100 extended permit icmp any any
access-list l2l-list extended permit ip object-group PW-All-Sites 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group PW-All-Sites 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.2.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 10.176.0.0 255.240.0.0
access-list outside_cryptomap_3 extended permit ip object-group PW-All-Sites object Rackspace
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static PW-LAN PW-LAN destination static Rackspace Rackspace
nat (inside,outside) source static PW-LAN PW-LAN destination static PWHYD PWHYD
nat (inside,outside) source static PW-LAN PW-LAN destination static USA USA
nat (inside,outside) source dynamic PW-LAN interface
nat (any,inside) source dynamic clientpool interface
nat (inside,inside) source static PW-LAN PW-LAN destination static 192.168.0.149 202.53.82.100
object network 192.168.0.151
nat (any,any) static 202.53.82.102 service tcp 3200 3200
object network 192.168.0.154
nat (any,any) static 202.53.82.104 service tcp 3201 3201
object network 192.168.0.156
nat (any,any) static 202.53.82.107 service tcp 3201 3201
object network 192.168.0.158
nat (any,any) static 202.53.82.109 service tcp 3222 3222
object network 192.168.0.159
nat (any,any) static 202.53.82.101 service tcp 3201 3201
object network 192.168.0.147_http
nat (any,any) static 202.53.82.110 service tcp www www
object network 192.168.0.14
nat (any,any) static 202.53.82.99 service tcp https https
object network 192.168.0.14_iCA
nat (any,any) static 202.53.82.99 service tcp citrix-ica citrix-ica
object network 192.168.0.159_50100
nat (any,any) static 202.53.82.101 service tcp 50100 50100
object network 192.168.0.159_8001
nat (any,any) static 202.53.82.101 service tcp 8001 8001
object network 192.168.0.192_DEV
nat (any,any) static 202.53.82.106 service tcp 3201 3201
object network 149
nat (any,any) static 202.53.82.100 service tcp www www
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.53.82.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PW protocol radius
aaa-server PW (inside) host 192.168.0.16
key *****
user-identity default-domain LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set pwset esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set pwsethyd esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RackspaceSet esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal RackSpaceSecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal pwhydsetsecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal secure
protocol esp encryption aes 3des des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outsidemap 1 match address l2l-list
crypto map outsidemap 1 set peer 63.82.1.98
crypto map outsidemap 1 set ikev1 transform-set pwset
crypto map outsidemap 1 set ikev2 ipsec-proposal secure
crypto map outsidemap 2 match address outside_cryptomap
crypto map outsidemap 2 set pfs
crypto map outsidemap 2 set peer 115.119.186.194
crypto map outsidemap 2 set ikev1 transform-set pwsethyd
crypto map outsidemap 3 match address outside_cryptomap_3
crypto map outsidemap 3 set peer 67.192.250.53
crypto map outsidemap 3 set ikev1 transform-set RackspaceSet
crypto map outsidemap 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outsidemap interface outside
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
fqdn vpn.processweaver.com
subject-name CN=vpn.processweaver.com,OU=PWIT,O="ProcessWeaver,Inc",C=US,St=California,L=Fremont
keypair ciscovpn.key
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 47869fe5
3082046a 30820352 a0030201 02020447 869fe530 0d06092a 864886f7 0d010105
05003048 310b3009 06035504 06130255 53312030 1e060355 040a1317 53656375
72655472 75737420 436f7270 6f726174 696f6e31 17301506 03550403 130e5365
63757265 54727573 74204341 301e170d 30383132 32323233 34373339 5a170d32
38313232 32323334 3733395a 3081ae31 0b300906 03550406 13025553 3111300f
06035504 08130849 6c6c696e 6f697331 10300e06 03550407 13074368 69636167
6f312130 1f060355 040a1318 54727573 74776176 6520486f 6c64696e 67732c20
496e632e 31363034 06035504 03132d54 72757374 77617665 204f7267 616e697a
6174696f 6e205661 6c696461 74696f6e 2043412c 204c6576 656c2032 311f301d
06092a86 4886f70d 01090116 10636140 74727573 74776176 652e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e814
eea0da97 bd89bd0c cc8ddf08 fb060983 a823515b 013f34da 1f1f6ec1 e35865cb
0af9f387 c8c8faa1 ccf574e2 b8ae2d06 8480286f 5ac1225c 929442cd 1902125c
10627ea2 44fb165e 9c72b1ac ea04e615 aa99e85a f858b987 24e875cd 2588e258
925e8683 7f8a2353 ae8ae8a3 217e83af 40091849 afe1d05a b04f6fe2 31adf4f1
371fc92a e18bd68c 1231d427 1adfea6b 9e7853ed 9a19b0ce 45445b1b ef645921
fac7b7d1 d30c1ecb 88dafd23 3ff4ac2b a04d61d3 becade19 616124f1 f69cb496
bd9deb17 9f243978 e92350d3 015077d8 52642f3e 194f75b9 17b1da8d e0d0eddb
3713dc2f e05f8068 d7f487ba c11f1278 d0082717 7a98a69f d221ba4e 87bf0203
010001a3 81f43081 f1300f06 03551d13 0101ff04 05300301 01ff301d 0603551d
0e041604 145dd996 9a40c727 cb2c9ba2 eccf19ab c8afcc86 48301f06 03551d23
04183016 80144232 b616fa04 fdfe5d4b 7ac3fdf7 4c401d5a 43af300b 0603551d
0f040403 02010630 34060355 1d1f042d 302b3029 a027a025 86236874 74703a2f
2f63726c 2e736563 75726574 72757374 2e636f6d 2f535443 412e6372 6c305b06
03551d20 04543052 300c060a 2b060104 0181ed18 03003042 060f2b06 01040181
ed180303 03030404 03302f30 2d06082b 06010505 07020116 21687474 703a2f2f
7777772e 73656375 72657472 7573742e 636f6d2f 6c656761 6c2f300d 06092a86
4886f70d 01010505 00038201 010053f1 c8a017ec 6c8882b1 c024afd1 0858b32c
6f7bc15c 89926f88 fc4bc002 50932f5a 419859b6 e37f8c14 63777d45 3c88505e
a6815200 c8c5fe48 ee1f5dad de440b42 589ce167 5c43b6a0 8598ff16 d41a28be
76e12fe1 84f47eb9 27aa77cb 36b3fec3 fad217f6 e1624ed3 ccccb319 65d34ba8
e8b3d54c eaf64eae cbae3448 1f60cc58 e7e774c9 0135fd6a e0588ad2 16ebece9
3ebbf01d cfb6ff1e 0cb7bb39 e9b7981b c05221eb 3a3d7838 8ca9195f 27a4d07f
3661ab24 7e9ff82d 3f922963 becb10db 0d403602 a0d417a2 8d7f7e7c 99af455a
40cda26b 5cbe0ef3 d387fca1 10caaa33 b7ba4bc0 3da4218c 179ccfd8 bfe657fe
cdebfa30 1ad5fee8 2597a9be 3bea
quit
certificate 0649f9a965553e7df2709c06c4da1b09e17cd9
30820510 308203f8 a0030201 02021306 49f9a965 553e7df2 709c06c4 da1b09e1
7cd9300d 06092a86 4886f70d 01010505 003081ae 310b3009 06035504 06130255
53311130 0f060355 04081308 496c6c69 6e6f6973 3110300e 06035504 07130743
68696361 676f3121 301f0603 55040a13 18547275 73747761 76652048 6f6c6469
6e67732c 20496e63 2e313630 34060355 0403132d 54727573 74776176 65204f72
67616e69 7a617469 6f6e2056 616c6964 6174696f 6e204341 2c204c65 76656c20
32311f30 1d06092a 864886f7 0d010901 16106361 40747275 73747761 76652e63
6f6d301e 170d3134 30363131 30353330 33355a17 0d313530 32323331 31333033
355a3070 311e301c 06035504 030c1576 706e2e70 726f6365 73737765 61766572
2e636f6d 31163014 06035504 0a0c0d50 726f6365 73735765 61766572 31143012
06035504 070c0b53 616e7461 20436c61 72613113 30110603 5504080c 0a43616c
69666f72 6e696131 0b300906 03550406 13025553 30820122 300d0609 2a864886
f70d0101 01050003 82010f00 3082010a 02820101 00cc194c fbdd63f5 0b49141a
9d21063f a13136df e524cef9 c55e9331 e6c5bc67 43361421 cafb7dc1 d244942e
6fd02ee7 198e7f7e 48ca62c2 1c8e1a8e 20431d42 b24103f1 5fad9287 9f9dc2da
5002e0b4 cf14b414 31e0e691 26cfbc0c 1ee09d6d 8176a63d 6ad81c30 b2b69dbe
59ce7092 44c09e62 27f20c58 8bd8e38a a3d75a94 94bbca6f 7ad87b93 3892ddb0
3f00a693 e05b5fe8 7a71d36c 223e1ded 8afb8ee4 1eea579c 53d964df 467694e9
b7ffe4f9 22c6dd5e 33d0ffee 9fd57fed 621c62f1 4dc6f14e 6518de53 c2fd7d5d
b37913b8 69211fe5 e194a6bf f60bc88a 343a93dc 34526931 b41566e3 f38f219f
9a6cefd5 d6d60002 2442b3e5 b4096717 2ffea23d b1020301 0001a382 01623082
015e300b 0603551d 0f040403 0205a030 1d060355 1d250416 30140608 2b060105
05070302 06082b06 01050507 0301301d 0603551d 0e041604 14cd47cf 646a8932
7cecb024 9fd2a31a b54d73dc c0301f06 03551d23 04183016 80145dd9 969a40c7
27cb2c9b a2eccf19 abc8afcc 86483048 0603551d 20044130 3f303d06 0f2b0601
040181ed 18030303 03040403 302a3028 06082b06 01050507 0201161c 68747470
733a2f2f 73736c2e 74727573 74776176 652e636f 6d2f4341 30370603 551d1104
30302e82 1576706e 2e70726f 63657373 77656176 65722e63 6f6d8215 7774732e
70726f63 65737377 65617665 722e636f 6d303506 03551d1f 042e302c 302aa028
a0268624 68747470 3a2f2f63 726c2e74 72757374 77617665 2e636f6d 2f4f5643
415f4c32 2e63726c 30360608 2b060105 05070101 042a3028 30260608 2b060105
05073001 861a6874 74703a2f 2f6f6373 702e7472 75737477 6176652e 636f6d2f
300d0609 2a864886 f70d0101 05050003 82010100 0785070e 045d6201 3ffc49b5
88808587 b6418d0e 87dc7ae8 3204563b 6e51ff93 25e8ad7a 9a11d439 2439a533
768477ca 902fdfbe f0c58a04 e15bf6a5 63829d4b a36c7ccc 0af9532b f39ec31d
21cd6b74 d3adffc2 5f8ee1c4 92c07ac6 ab547346 c740f477 857a82fd 897029d5
1cfa9b55 b1064ab7 1274556c 6a14f7a8 b8705cd4 51d6b7f4 0a024f6d 1818918c
0cb15bc5 cd301684 38c2dcb8 2585b44c 18808e1b 823a6043 28da0194 280fa6c9
80831cbc 1179be24 fc391e54 965761e5 e51031e1 0c76c65f 187922d0 96be80c9
3de9a56e 41d0fd3f 76afaf49 4bc4ff4c 213aa474 60a742ba 2a8fb3bd c9349da3
1ac96b24 7b99cba5 a28c6647 7803cf2c ee70540c
quit
crypto ikev2 policy 10
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 28800
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.5.2-192.168.5.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint2 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_PWSSL internal
group-policy GroupPolicy_PWSSL attributes
wins-server none
dns-server value 192.168.0.16
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain value processw.local
webvpn
anyconnect keep-installer none
group-policy GroupPolicy_115.119.186.194 internal
group-policy GroupPolicy_115.119.186.194 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_67.192.250.53 internal
group-policy GroupPolicy_67.192.250.53 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy pw internal
group-policy pw attributes
dns-server value 192.168.0.16
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain none
username rajuvaradha password 6biM7HbMtaadT82k encrypted
username e172 password E1abOIw/eu.DKO/y encrypted
username e150 password dJMsBQfrQRISuR8n encrypted
username e134 password bLBixKKCoH5Udlk9 encrypted
username e182 password mirFopEi/OG0LT4d encrypted
username e192 password u2P6WXLa1k8.kA1w encrypted
username e184 password Rpt/S1N6et6Xwi7W encrypted
username u033 password pS5QN8QLvYFHJfoK encrypted
username u011 password HGFsDnR5XiFAzrcE encrypted
username u010 password 5R8mktMpyUYPCpTO encrypted
username u032 password rst8O1b/yrXsKVmu encrypted
username u002 password .u2izEtqOIC5D2fT encrypted
username admin password eY/fQXw7Ure8Qrz7 encrypted
username u012 password JClYI3r7x0T/ed26 encrypted
username u015 password 6tNvtB4hPcUNDyhE encrypted
username u014 password Wy6x8dPcSnMcAT1v encrypted
username u017 password xahCXrBaZWzW8aEp encrypted
username u006 password BCEOAmlRL6CbQfTV encrypted
username e006 password DG96SZQ2gBqIXEYv encrypted
username e034 password 1sG72DUjsY7nt81V encrypted
username u007 password vtcK6xerueHvqZJZ encrypted
username u016 password pZgySMnraNBlTTnL encrypted
username u025 password ulAXIX1u2.UD/KvT encrypted
username u008 password G4vmDF.mv3rXWa7h encrypted
username u019 password NxlycJwroZrzCSJ3 encrypted
username e019 password E9NaUPs18c0.PBnd encrypted
username u018 password 33CghGQSMjbWDfdb encrypted
username u009 password uaaSLEu55XXbD5Sr encrypted
username u028 password UMFMzXMs6He7.zR8 encrypted
username e097 password .UawdlGNiYnRHnzF encrypted
username e314 password ye2/LpVufAXvAUJ6 encrypted
username e327 password 6mKef3HGlnyb6hnu encrypted
username e343 password 0g33Wbvzi.NL1PjH encrypted
username e222 password e0.SFEwm1RqC6lLj encrypted
username e289 password /YrO2mEvMUr9zxq3 encrypted
username e201 password Eox2TB.HgdkKLuec encrypted
username e265 password fTk7Vxw0Z06AAbHi encrypted
username e251 password 6y7YjKQO1rP3nAQG encrypted
username e219 password p049Lf7jFLisN6UJ encrypted
username e269 password v7oFefIpmPGd307D encrypted
tunnel-group 63.82.1.98 type ipsec-l2l
tunnel-group 63.82.1.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group pw type remote-access
tunnel-group pw general-attributes
address-pool clientpool
default-group-policy pw
tunnel-group pw ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 115.119.186.194 type ipsec-l2l
tunnel-group 115.119.186.194 general-attributes
default-group-policy GroupPolicy_115.119.186.194
tunnel-group 115.119.186.194 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 67.192.250.53 type ipsec-l2l
tunnel-group 67.192.250.53 general-attributes
default-group-policy GroupPolicy_67.192.250.53
tunnel-group 67.192.250.53 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group PWSSL type remote-access
tunnel-group PWSSL general-attributes
address-pool clientpool
authentication-server-group PW LOCAL
default-group-policy GroupPolicy_PWSSL
tunnel-group PWSSL webvpn-attributes
group-alias PWSSL enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:3b6339b71a4cf924c7b30056a3e6fc31
: end -
FTP adapter to connect to SFTP server that sits outside of firewall
We have a firewall between soa server and ftp server. There is no proxy server configured on the firewall. We tried two configuration as listed below both were not working. ANy guidance would be greatly appreciated! Thanks!
We are able to do sftp through command prompt from soa server to ftp server.
Kathar
First configuration:
host
port - 22
username
password
sftp - true
transport mode - socket
authenticationType - PASSWORD
Error Received
[2013-05-23T09:05:27.619-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-000000000005a46f,1:30571] [APP: soa-infra] FTP Adapter FTPTestProject [[
BINDING.JCA-11445
The SSH API threw an exception.
The SSH API threw an exception.
The SSH API threw an exception.
Maverick has not been setup properly. Please correct the setup.
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.setUpPasswordSocketConnection(SSHSessionImpl.java:206)
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.<init>(SSHSessionImpl.java:128)
at oracle.tip.adapter.ftp.SshImpl.SshImplFactory.getSshImpl(SshImplFactory.java:26)
at oracle.tip.adapter.ftp.SFTPManagedConnection.setupSftpConnection(SFTPManagedConnection.java:154)
at oracle.tip.adapter.ftp.SFTPManagedConnection.<init>(SFTPManagedConnection.java:67)
at oracle.tip.adapter.ftp.FTPManagedConnectionFactory.createManagedConnection(FTPManagedConnectionFactory.java:180)
at weblogic.connector.security.layer.AdapterLayer.createManagedConnection(AdapterLayer.java:803)
at weblogic.connector.outbound.ConnectionFactory.createResource(ConnectionFactory.java:91)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1310)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResourceInternal(ResourcePoolImpl.java:419)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:344)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:323)
at weblogic.connector.outbound.ConnectionPool.reserveResource(ConnectionPool.java:620)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:317)
at weblogic.connector.outbound.ConnectionManagerImpl.getConnectionInfo(ConnectionManagerImpl.java:380)
at weblogic.connector.outbound.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:129)
at oracle.tip.adapter.ftp.FTPConnectionFactory.getConnection(FTPConnectionFactory.java:102)
at oracle.tip.adapter.ftp.SFTPAgent.preCall(SFTPAgent.java:1192)
at oracle.tip.adapter.ftp.SFTPAgent.validateInputDir(SFTPAgent.java:758)
at oracle.tip.adapter.ftp.inbound.FTPSource.revalidatePollingError(FTPSource.java:1357)
at oracle.tip.adapter.file.inbound.PollWork.onAlert(PollWork.java:476)
at oracle.tip.adapter.file.inbound.PollWork.run(PollWork.java:357)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused by: com.maverick.ssh.SshException: Failed to negotiate a transport component [aes192-cbc] [aes256-ctr]
at com.maverick.ssh2.TransportProtocol.A(Unknown Source)
at com.maverick.ssh2.TransportProtocol.C(Unknown Source)
at com.maverick.ssh2.TransportProtocol.processMessage(Unknown Source)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(Unknown Source)
at com.maverick.ssh2.Ssh2Client.connect(Unknown Source)
at com.maverick.ssh.SshConnector.connect(Unknown Source)
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.setUpPasswordSocketConnection(SSHSessionImpl.java:194)
... 24 more
Second configuration:
host
port - 22
username
password
sftp - true
transport mode - http
authenticationType - PASSWORD
Below error indicates it expects proxy configuration, but we don't have any
Error
Proxy Host: Proxy Port: -1 Proxy UserName: Connection Type: http
[2013-05-23T09:00:42.837-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-0000000000059c8e,1:30566] [APP: soa-infra] FTP Adapter FTPTestProject Exception while setting up session
[2013-05-23T09:00:42.837-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-0000000000059c8e,1:30566] [APP: soa-infra] FTP Adapter FTPTestProject [[
BINDING.JCA-11443
Adapter internal error.
Adapter internal error.
The adapter has become unstable. This could be because of incorrect parameters supplied to the adapter. The parameter: [Ljava.lang.String;@19062d06 had value: [Ljava.lang.String;@19062d0c
Please make sure that SFTP has been setup correctly.
Edited by: Kathar on May 23, 2013 12:25 PMHi,
We have a firewall between soa server and ftp server. There is no proxy server configured on the firewall...
We are able to do sftp through command prompt from soa server to ftp server...Some facts above look discordant... My understanding is you have to use http to access a ftp server running outside a firewall and socket if it's inside a firewall...
However, you seem to have access with socket from FtpAdapter and also are able to do sftp via command prompt (without using a proxy!)... Those facts make me believe that the connection is actually not going through the firewall... Is the Ftp server in the internal network? Is the soa server running on Windows or Linux?
Recheck your configuration according to steps on the document bellow and do some further investigation to assure that the connection from soa server to the ftp server is actually going through the firewall... Ask for the network administrator to close the SFTP port on the firewall and see if you still can connect to it...
http://docs.oracle.com/cd/E28280_01/integration.1111/e10231/adptr_file.htm#CACDFFFB
Cheers,
Vlad -
How to access Express Application from Oracle Application Navigation
Hi
I have created a Application Express Application. Client want to access this Application as a part of Oracle Application one of the Responsibility Navigation.
How can achieve this?
Regards
Kiran AkkirajuScott
Application Express verion
Application Express 3.0.0.00.20
I am using my own Custom Function authentication which will check against eBusiness login Username and password.
When I intially access I get below URL
http://ortest.eatonsteel.com:8010/pls/htmldb/apps.xxapplication_express_pkg.Launch_103_Application
In this URL I was entering eBusiness User Login details and I press OK Button
Then it is redirecting to below URL
http://ortest.eatonsteel.com:8010/pls/htmldb/f?
and it throws below error
Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
Error ERR-7620 Could not determine workspace for application ().
OK
When I press OK button it is redirecting me to below URL again
http://ortest.eatonsteel.com:8010/pls/htmldb/apps.xxapplication_express_pkg.Launch_103_Application
In this URL again it shows login details. When I enter username and password this time it is logging into the Application correctly. And it redirecting to below URL
http://ortest.eatonsteel.com:8010/pls/htmldb/f?p=103:1:6916299608406263518
Initially when I am trying to access it will not connect.
Regards
Kiran Akkiraju -
Scripted movie won't run outside of firewall...open multiple ports?
I'm new to Flash and AS3, but with the help of many examples I have managed to created a scripted movie using some time lapse photography. I load the images from an XML file and use an event listener to add each image as a child of a movie clip. As the number of children grew, it caused the frame rate to slow, so I figured out that I could remove them after they were viewed and just keep looping through the array.
This works great on the local machine and when served up from the web server behind the firewall. However, if I try to access the file from outside the firewall, it loads the first image or two very slowly (if at all) then hangs. I've performed a net stat from the server and noticed that it is opening an inordinate number of connections to the remote client on various client ports (from 6 to 60+).
Any help would be greatly appreciated! The code I'm using is below...
// Input Parameters
var ssxml:String = "myfile.xml"; // file containing images & dates
// Stage settings
var swfStage:Stage = this.stage;
var swfFrameRate:int = 10;
swfStage.scaleMode = StageScaleMode.NO_SCALE;
// Movie Clip
var mc:MovieClip = new MovieClip(); // initiate movie clip
mc.x = 25; // starting point X
mc.y = 50; // starting point Y
// Text Field
var tf:TextField = this.dtsText;
// Cropping Rectangle
var cr:Sprite = new Sprite();
cr.graphics.beginFill(0x057072);
cr.graphics.drawRect(25,50,550,7);
cr.graphics.endFill();
// Read Flash Variables
try {
var keyStr:String;
var valueStr:String;
var paramObj:Object = LoaderInfo(this.root.loaderInfo).parameters;
for (keyStr in paramObj) {
valueStr = String(paramObj[keyStr]);
if (keyStr == "srcFile") {
ssxml = valueStr;
if (keyStr == "swfFrameRate") {
swfFrameRate = int(valueStr);
swfStage.frameRate = swfFrameRate;
} catch (error:Error) {
trace (error.message);
* Configure a loader to import the list of images and date
* time stamps from an XML file. The list of variables will
* be stored in arrays.
var photos_xml:XML
var xmlLdr:URLLoader = new URLLoader();
xmlLdr.addEventListener(Event.COMPLETE, completeHandler);
xmlLdr.load(new URLRequest(ssxml));
var img_array:Array = new Array(); // images
var dts_array:Array = new Array(); // date time stamps
var img_count:int = 0;
function completeHandler(event:Event):void {
try {
photos_xml = new XML(event.target.data);
var imgs:XMLList = photos_xml.img;
var dtss:XMLList = photos_xml.dts;
img_count = imgs.length();
for (var i=0;i<img_count;i++) {
img_array.push({src:imgs[i].text()});
dts_array.push({src:dtss[i].text()});
} catch(error:Error){
trace(error.message);
var nextImg:int = 0;
var imgLdr:Loader = new Loader();
imgLdr.contentLoaderInfo.addEventListener(Event.COMPLETE, doneLoad);
imgLdr.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, loadError);
imgLdr.contentLoaderInfo.addEventListener(ProgressEvent.PROGRESS, updateInfo);
stage.addEventListener(Event.ENTER_FRAME, enterFrameHandler);
function enterFrameHandler(event:Event):void {
try {
if (img_array.length > 0 ) {
loadInitialImage();
} catch(error:Error){
trace(error.message);
function loadInitialImage():void {
imgLdr.load(new URLRequest(img_array[nextImg].src));
function doneLoad(event:Event):void {
var theImage:DisplayObject = event.target.content;
imgLdr.unload();
var bm:Bitmap = theImage as Bitmap;
mc.addChild(bm);
mc.scaleX = 550/640;
mc.scaleY = mc.scaleX;
addChild(mc);
addChild(cr);
tf.text = dts_array[nextImg].src;
if (mc.numChildren > 1){
mc.removeChildAt(0);
nextImg = (nextImg+1)%img_count;
function loadError($event:IOErrorEvent):void {
tf.text = "Loading Data.....Please Stand By...........";
// Loader Progress
var swfTF:TextField = new TextField();
swfTF.autoSize = TextFieldAutoSize.LEFT;
swfTF.border = false;
addChild(swfTF);
//swfTF.text = "srcFile: " + ssxml + " FR: " + swfFrameRate;
function updateInfo($event:ProgressEvent):void {
swfTF.text = "srcFile: " + ssxml + " FR: " + swfFrameRate
+ " Loading: " + img_array[nextImg].src + " "
+ Math.floor($event.bytesLoaded/1024)
+ " KB of "
+ Math.floor($event.bytesTotal/1024)
+ " KB.";OK I figured it out. Apparently, the ENTER_FRAME event continues firing even as the image loader is processing. Outside the firewall, where it was taking longer to load the images, this was causing loadInitialImage() to request the same image over and over again which resulted in the port behavior I was seeing on the server as well as the client "locking up". The simple fix was to add a variable called currentImg (initialized to -1) which I set equal nextImg in loadInitialImage(). I then modified the if statement in enterFrameHandler() to only call loadInitialImage() if nextImg != currentImage.
-
Hello,
Could anybody help me to configure my application outside the default <oc4j home>. Suppose my application is "myapp" located at c:\project\myapp then after creating Web-inf\classes for the servlets and JavaBeans where do I keep jsp, static html, images, stylesheets, javascripts so that I can access my JSP pages in the browser as - http://<host>:<port>/myapp/welcome.jsp
and servlets as - http://<host>:<port>/myapp/WelcomeServlet
Thanks and regards,
NimishYou might want to check these logfiles:
D:\product\10.1.3.2.0\OracleAS_10\j2ee\home\applications\demantra\demantra\logs\collaborator.log
D:\product\10.1.3.2.0\OracleAS_10\j2ee\home\applications\demantra\demantra\logs\integration.log
These logfiles should give you more clues. Seems it is missing some "objects", but what these objects are is rather undefined. -
Issue viewing Silverlight content outside of firewall
Service Manager portal works great inside the firewall, but users are having issues viewing the Silverlight content outside of our corporate firewall. Both the portal and web content server are hosted on the same box using different IPs with
port 443. Any ideas on to enable the Silverlight content to operate properly outside of the corporate firewall?one thing to check would be that the Web Content Service is accessable using the same DNS names. The Silverlight client (running inside the browser) needs to be able to reach the non-SharePoint web service and content that's on the "other" server.
if it's working internally, but not externally, I would check to make sure that the "other" web service DNS names and ports are resolvable and accessable from the outside.
one more thing to be aware of: the images in the portal are downloaded every time the Silverlight client is reloaded, so it's in your interest to make sure that any images you add are THROUGHLY optimized for web distribution over low bandwidth. -
Hi
We developed an application for one of our client. All the developement stage is completed. Now we want to give it to the Client. We installed HTMLDB and Oracle 10g in the client server. The issue is when the user is accessing the application, the HTMLDB login screen is coming. After enter the login details only he is able to enter to the application.
But we want the client to access the application without the login details. Can anybody explain how to do this? Thanks in advance.
Thanks
RaviHi
Thanks for Quick response.
Sorry i could not able to find the "Edit Security Attributes" option in the "Shared Components". We are using HTMLDB 1.6.1.00.03 version. Do you think is there any changes in the versions. In my "Shared Components" i have Security option. But Security option have only "Authentication" and "Authorization". Please let me know if i am searching in the correct page or not. Or let me know if there is any other alternate way. Waiting for your response.
Thanks
Ravi
Maybe you are looking for
-
Regd FAST refresh option in a Materialized view
Hi All, I am using a pipeline function in which I am creating a table of records and a few cursors to fetch data from various tables. Now this PL/SQL table is being used to construct a Materialized view. Creation of Materialized view is happening fin
-
My new xperia Zl charger and microphone are not working
I have a took xperia Zl a month before, and I am facing problem with charger and microphone, both are not working.. Could you please let me know, where can I contact for replacements, since I have a warranty.
-
ThinkPad T540p Windows 8.1 BSOD Intel HD 4600 Graphics?
When attempting to play video, user encounters a BSOD with the error mentioning the file "lgdkmd64.sys". This file is tied into the Intel Graphics Driver files. I have used the Lenovo support site to reload the driver file set for the laptop, and t
-
Hi All, I am developing an Interactive Adobe Form using WebDynpro ABAP. On the form I have a button (UI Element), on pressing of this button the form should get saved on presentation server (Local Desktop). I have no idea about achieving this step. E
-
TS1424 Specific purchased songs do not play correctly
I purchased the album "Into the Labyrinth" by the artist Dead Can Dance for 9.99. Some of the songs will not play all the way through, and a few will not play at all. I searched through Itunes support and was unable to find any advice on this issue.