ACE: as firewall and NAT. inbound and outbound originals

Similar Messages

• Static NAT inbound correct - Outbound using Interface IP

  Here is the scenario that i have:
  I have a router (2921) that has 2 interfaces:
       G0/0 - WAN - 10.254.1.10
       G0/1 - LAN - 192.168.1.230
  I have a few static NATs for servers that are behind g0/1, this is the only nat config i have except for an 'ip nat inside' and 'ip nat outside' on the interfaces:
       ip nat inside source static 192.168.1.231 10.254.1.11
       ip nat inside source static 192.168.1.232 10.254.1.12
       ip nat inside source static 192.168.1.240 10.254.1.13
  I can connect to each of these on their respective NAT'd IP.
  The issue that i have is when these servers go out they have the interface IP address!  So if i ping a server that is across the way i see
  SRC: 10.254.1.10 DST: 10.1.2.11 Protocol: ICMP
  I do not understand how this would work??  i have no other NAT configuration in the router.

  Here is the NAT table when pinging from the outside to one of the NAT'd servers:
  Pinging from 10.1.2.11 to 10.254.1.13
  Cisco2921#sh ip nat trans
  Pro Inside global      Inside local       Outside local      Outside global
  --- 10.254.1.11        192.168.1.231      ---                ---
  tcp 10.254.1.12:80     192.168.1.232:80   10.1.2.11:62512    10.1.2.11:62512
  tcp 10.254.1.12:443    192.168.1.232:443  10.1.2.11:62491    10.1.2.11:62491
  tcp 10.254.1.12:443    192.168.1.232:443  10.1.2.11:62493    10.1.2.11:62493
  --- 10.254.1.12        192.168.1.232      ---                ---
  icmp 10.254.1.13:1     192.168.1.240:1    10.1.2.11:1        10.1.2.11:1
  tcp 10.254.1.13:22     192.168.1.240:22   10.1.2.11:62386    10.1.2.11:62386
  tcp 10.254.1.13:80     192.168.1.240:80   10.1.2.11:62508    10.1.2.11:62508
  tcp 10.254.1.13:80     192.168.1.240:80   10.1.2.11:62510    10.1.2.11:62510
  tcp 10.254.1.13:80     192.168.1.240:80   10.1.2.11:62511    10.1.2.11:62511
  icmp 10.254.1.10:21531 192.168.1.240:21531 10.1.2.11:21531   10.1.2.11:21531
  udp 10.254.1.10:38288  192.168.1.240:38288 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:55051  192.168.1.240:55051 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:55383  192.168.1.240:55383 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:58944  192.168.1.240:58944 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:59854  192.168.1.240:59854 10.1.2.1:161      10.1.2.1:161
  --- 10.254.1.13        192.168.1.240      ---                ---
  Here is from an internal server to the same outside host:
  Pinging from 192.168.1.240 to 10.1.2.11
  Cisco2921#sh ip nat trans
  Pro Inside global      Inside local       Outside local      Outside global
  --- 10.254.1.11        192.168.1.231      ---                ---
  tcp 10.254.1.12:80     192.168.1.232:80   10.1.2.11:62517    10.1.2.11:62517
  tcp 10.254.1.12:443    192.168.1.232:443  10.1.2.11:62491    10.1.2.11:62491
  tcp 10.254.1.12:443    192.168.1.232:443  10.1.2.11:62493    10.1.2.11:62493
  --- 10.254.1.12        192.168.1.232      ---                ---
  tcp 10.254.1.13:22     192.168.1.240:22   10.1.2.11:62386    10.1.2.11:62386
  tcp 10.254.1.13:80     192.168.1.240:80   10.1.2.11:62515    10.1.2.11:62515
  tcp 10.254.1.13:80     192.168.1.240:80   10.1.2.11:62516    10.1.2.11:62516
  tcp 10.254.1.13:80     192.168.1.240:80   10.1.2.11:62518    10.1.2.11:62518
  icmp 10.254.1.10:7163  192.168.1.240:7163 10.1.2.1:7163      10.1.2.1:7163
  icmp 10.254.1.10:7184  192.168.1.240:7184 10.1.2.1:7184      10.1.2.1:7184
  icmp 10.254.1.10:11548 192.168.1.240:11548 10.1.2.11:11548   10.1.2.11:11548
  udp 10.254.1.10:38288  192.168.1.240:38288 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:53384  192.168.1.240:53384 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:58383  192.168.1.240:58383 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:58944  192.168.1.240:58944 10.1.2.1:161      10.1.2.1:161
  udp 10.254.1.10:59143  192.168.1.240:59143 10.1.2.1:161      10.1.2.1:161
  --- 10.254.1.13        192.168.1.240      ---                ---

• How to access a domain server which is targeted by Group Policy set to block Inbound and Outbound connections

  Hi,
  I have a practice lab with two physical servers 2012 R2, one of them is Hyper-V host and one of VMs is a domain controller. I was doeing some exercises with firewall rule deployment through Group Policy, so I created an outbound rule to block port 80 which
  was targeted to Domain Computers. Now my other physical server has inbound and outbound connections set to block and domain controller cannot be contacted to update policy ( with rule removed ). At least that is my understanding. Maybe I messed up something
  with the profiles too, because port 80 would not have block all outband traffic, or?
  I am new to IT so my understanding is still poor.
  Best
  Robert

  Hi Robert,
  If we block inbound connections, all connections that do not have firewall rules that explicitly allow the connection will be blocked.
  If we block outbound connections, all connections that do not have firewall rules that explicitly allow the connection will be blocked.
  If we block outbound TCP port 80, it will mean all websites will be unreachable, for TCP port 80 is for HTTP.
  Regarding Windows firewall security settings, the following article can be referred to for more information.
  Windows Firewall with Advanced Security Properties Page
  http://technet.microsoft.com/en-us/library/cc753002.aspx
  Best regards,
  Frank Shen

• Redundancy Design Inbound and Outbound

  Please have a look to attached diagram.
  I have 2 parts A & B. Part A already exist and running. We are planning to add Part B as show in the diagram.
  Part A consists of ASA 5540 and 2921 as Edge Router and Microsoft TMG as Web Proxy for internal users
  All other traffic routed to ASA. ASA handles NAT and ACL's
  Objective of adding Part B is to have Redundancy Inbound and Outbound. However, firstly I  want to focus on outbound redundancy then I will move to Inbound Part.
  After adding Part B, TMG will have 3 NIC's. 2 NIC will be connected to ASA's and 1 to internal
  For Web proxy fail over I will configure TMG ISP-R feature. But my concern is for other traffic
  Therefore, please can someone help me what are best possible ways I can use for outbound failover.
  Thanking in advance. I appreciate the help

  Any help, please ?

• How to add Total Quantity in Inbound and Outbound Delivery screen

  Hi,
  I want to add Total quantity field in Inbound and Outbound Delivery screens.
  In document flow i can see the line item quantities in ALV Format, but if i select Display the totals above the entry check box
  in Change Layout--> Display, i didn't see any totals displayed.
  Please help me on this?
  Regards
  Bhuvana

  Hi
  If the field is a customer field, see BADI 'LE_SHP_TAB_CUST_HEAD'
  Regards
  Eduardo

• Sharing Handling Units between Inbound and Outbound Delveries?

  Hello-
  I could use some guidance with how to best setup a handling unit scenario for a Third Party Purchasing process.
  1.) Sales Order for Third Party Purchased Material (Vended Finished Good) is created in ECC.
  2.) Purchase Order is sent to supplier.
  3.) Shipping Label is generated in SAP and is assigned a Handling Unit.  Label is sent to supplier.
  4.) Supplier affixes this label to product and ships it to our warehouse.
  5.) Goods Receipt is performed via Purchase Order (MIGO). 
  6.) Warehousing activities and Post Goods Issue of Outbound Delivery are performed via this label and Handling Unit.
  We would like to do a few new things with this process.
  A.) We would like to have the supplier provide us with the HU on their ASNs and generate a Packed Inbound Delivery from it. 
  B.) We would like the same HU to eventually be associated with the Outbound Delivery to the end customer. 
  Is their a best practice to share a Handling Unit across an Inbound and Outbound Delivery? 
  Is EWM Cross Docking the best way to accomplish this? 
  Are there other proven approaches?
  Thanks for your time and help.
  -Ron

  hi friend
  Handling unit number for identity of packing materail , pallet material carrying the carton ,carton the carrying the  material
  like FG  material and tray
  identification number controlling the handling unit numbers.
  with regards
  dinesh

• Need IDOC inbound and outbound programs

  hi,
  i am new to xi.
  i want IDOCs , inbound and outbound / function module  programs for    PURCHASE ORDER
  and GOODS RECEIPT.
  ex:  BD10 for material master (matmas01).
  thanks and regards
  v ijender

  for purchase order.
  ORDERS / ORDERS04
  ORDCHG / ORDERS04
  ORDRSP / ORDERS04
  Programs
  RBDMIDOC – Creating IDoc Type from Change Pointers
  RSEOUT00 – Process all selected IDocs (EDI)
  RBDAPP01 - Inbound Processing of IDocs Ready for Transfer
  RSARFCEX - Execute Calls Not Yet Executed
  RBDMOIND - Status Conversion with Successful tRFC Execution
  RBDMANIN - Start error handling for non-posted IDocs
  RBDSTATE - Send Audit Confirmations
  FOr testing you can use WE19.
  and also check the below link
  http://www.erpgenie.com/sapedi/message_types_masterdata.htm
  regards
  kummari

• SAP inbound and outbound delivey in single shipment document

  Hi
  We are doing outbound and inbound delivery creation in SAP. These are dropped to OTM(oracle transport management system). OTM will create orders for deliveries and groups multiple deliveries into one shipment. This is sent back to SAP for shipment creation. Problem we have is SAP can have either inbound deliveries Or outbound deliveires in a shipment. Based on inbound shipment or outbound shipment in shipment document type. OTM does not has this restriction and can bundle both outbound and inound in single shipment.
  Business scenario we have is multi pick and multi drop, where there is possibility that 1) inbound del from vendor for PO            2) Outbound del to customer for SO and 3) outbound/inbound del for STO from RDC to DC in a single sipment.
  Please advice ow this can be achieved in SAP.
  Best Regards
  Edited by: M.N. Phani Sai on Oct 28, 2010 10:34 AM

  It is not possible to involve both inbound and outbound deliveries in the same shipment. SAP has its deficiencies...
  http://sap.ittoolbox.com/groups/technical-functional/sap-log-wm/inbound-and-outbound-delivery-in-the-same-shipment-3512217
  http://help.sap.com/saphelp_erp60/helpdata/en/f5/04898047bd11d2bf750000e8a7386f/frameset.htm
  You cannot place outbound deliveries and inbound deliveries together in the same shipment document. Nor is it possible to assign Items from a delivery or an inbound delivery to different shipment documents. You must decide at the delivery stage whether order items can be shipped together in one delivery and therefore require only one shipment.
  Edited by: Csaba Szommer on Oct 28, 2010 11:05 AM

• Messages stuck in QRFC inbound and outbound queues by system error

  Hi Experts,
  We faced a big problem in our PI server which stopped all the traffic in the iDoc to File interface. Both the QRFC queues (inbound - SMQ1 as outbound - SMQ2) where stuck by a system error.
  In IDX5 of PI we saw two inbound iDocs on exact the same date/time of creation. Both iDocs are displayed in SXMB_MONI with the status "Canceled - Since Already Processed". The output files of both iDocs are generetad on the outbound side.
  The output files are genereted with a date/time stamp in filename exactly as: "pi_20101106-221812-437.dat" and "pi_20101106-221812-438.dat". So it seems that both processes where running on exact the same time.
  When looking into the system error we see the following details:
  com.sap.engine.interfaces.messaging.api.exception.DuplicateMessageException: Message Id 00505697-181b-1ddf-babd-68f1ac208528(INBOUND) already exists in duplicate check table: com.sap.sql.DuplicateKeyException: [200]: Duplicate key
  This caused that the QRFC queues where both stuck in inbound as outbound with a SYSERROR, so PI stopped and the queues should be reactivated manually.
  Does anybody have some idea of the real cause of this error. We really want to prevent such situation in the future.
  Thanks in advance!
  Best regards,
  Joost

  Hi Joost,
  Are you using an adpater module to avoid the same file name processed by the receiver channel ???
  If this is the case change the filename and retest flow otherwise remove the module (ex: localejbs/AF_Modules/MessageTransformBean - Local Enterprise Bean) from the channel check it whether the file getting processed or not...
  OR...you have an incorrect module configuration in the receiver channel.
  Do not remove the standard SAP module and make sure that you add additional modules before it.
  cheers,
  Ram.

• Is it necessary to create matching INBOUND and OUTBOUND rules?

  RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
  I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 24.15.120.73 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now.
  So I can't even seem to get one-to-one NAT working!
  I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).
  I'm sorry if I'm not using the correct language, but I'm not a network pro. I have enough knowledge to make myself dangerous 
  Thank you for any help you can provide.
  Also, if Cisco could provide Step by Step instruction guides on how to do various things, I think it would be a useful resource for your customers!

  Hi Charles,
  check out ;
  http://www.orinoco-systems.com/blog/bid/119630/Configuring-a-public-to-private-ip-address-NAT-on-a-Cisco-RV220W
  regards Dave

• Seeking recommendations for handling large binary documents with security(preferable) for inbound and outbound scenarios from OSB- SOA and SOA- OSB

  Hi,
  I am currently working on a project with the following requirements
  1. Client transfers binary document (between 1-20MB in size) from OSB proxy to SOA composite to Content Management system
  2. Client retrieves binary document (between 1-20MB in size) from Content Management system to SOA composite to OSB proxy
  In otherwords, a inbound and outbound integration.
  What I have tried so far and my results:
  Scenario A
  1. Enabled MTOM on SOA composite by attaching wsmtom policy
  2. Created an OSB business service and consumed the SOA composite application
  3. Enabled MTOM on OSB proxy and business service and configured it to pass by reference
  Scenario B
  1. Enabled MTOM and security on SOA composite by attaching wsmtom policy and SAML policy
  2. Created an OSB business service and consumed the SOA composite application
  3. Enabled MTOM on OSB proxy and business service and configured it to pass by reference
  I have a demo integration setup that writes a binary document to a file using the above steps. My SOA composite has a file adapter that writes the binary data to an external file and it is exposed as a web service with a simple WSDL definition that has an inline XSD schema with an single element of base64binary type. I have added a mediator that maps this base64binary element node to the file adapter's input node.
  Result for Scenario A with file size less than 1 MB:
  Flawless execution with sub-second response times
  Result for Scenario A with file size of 8MB
  First attempt: SOA composite faults with database transaction related error, solved by increasing JTA timeout
  Second attempt: Flawless execution, but file transfer took over 100 seconds to complete. This is very poor performance and my suspicions are that this cannot be the expected behaviour, but I dont know the internal workings of the SOA composite and why its taking this long.
  Result for Scenario B:
  The OSB business service does not accept/recognize the SAML policy in the WSDL and suggests to configure OWSM policies manually, but OWSM policy in OSB does not have the wsmtom policy. Regardless of this, any permutation of MTOM + WSS security in this integration scenario either did not work outright or MTOM optimization was not happening ie binary data was materalizing in the message body.
  I have only about 3 weeks left to implement a viable solution and the closest ive come to a solution is Scenario A but that +100 second response time for an 8MB file is really worrying.
  I would appreciate any level of guidance, recommendations or suggestions as to how I go about tackling this problem.
  Thanks
  regards,
  Johnny

  I think this is due to the underlying mechanism of weblogic classloading..
  You can contact oracle support @ https://support.oracle.com to report issues. Roughly this is the process .
  1- get the Oracle Customer Support Identifier (CSI) for the client you are working for.
  2- Create a user profile quoting the CSI. This will send an approval request to oracle support admins at your client.
  3- Get the oracle support admins at your client site to approve your request for support access.
  4-Once they approve , you can access the support site and raise service requests.

• ESB: inbound file and outbound ftp adapter with multiple directories

  Basically I want to scan directories and write new files ftp directories. I could figure out how to do that for one directory. However I need to scan multiple directories and ftp upload files contained in those directories to corresponding ftp directories. Number of directories and their names are only known at run time. All directories are under one parent directory, both locally and the remote ftp site. We can assume all ftp directories exist.
  I could not figure out how to this. Is this possible at all? Directory names seem to be only specified at design time, for both inbound file adapters and outbound ftp adapters.
  Pranab

  Chris, I am not really sure this is the right place to ask this question. But hopefully you might have something in your armour to help me out.
  My requirement is to configure an inbound File/FTP adapter to read from a Directory which can be known only at runtime. A webservice call returns the file name and network path of the file to be read, but that happens only during the run time. I guess one way possible is, you configure a File/FTP Adapter with a logical name for directory and set the physical directory path using the endpoint property. But in that case, I should know the Physical directory @ deployment time.
  I would like to know whether it is possible to manipulate the Endpoint property of an ESB Service (SOAP Service/Routing Service/Adapter Service) during runtime.
  So is there any way to get the enpoint property configured during runtime??? Otherwise dO you recommend some other solution for this use case???
  Any help would be appreciated.
  -Sudheer

• To Monitor inbound and outbound messages for ECC 6.0 business system

  Hi Guys,
  I am working on ABAP proxy. I want to monitor the flow of Inbound and Outbound messages for my Business system (ECC 6.0).
  XI server is on a different system.
  I understand that SXMB_MONI is used for tracking XML messages. What kind of tracking can we do by this transaction in our Business system and the XI system?
  And how do I know whether the outbound XML message sent is lying in the Sending Business system or in the XI system?
  When I am testing my interface, there is a fault message generated. How do I know whether the fault message is being sent to XI?
  Thanks,
  James.

  James,
  Go to SXMB_MONI in your sending system.
  Here you will find a message ID fro your Message.
  Go to XI, --> SXMB_MONI -->Monitor For Processed XML messages --> Advanced Selection Crieteria and use the Message ID here to see if the Message has hit XI or not.
  Likeiwse it can be traced in the target system as well.
  The basic point,  The messages will have same Message Id on your R3 and on XI.
  Regards
  Bhavesh

• Single Function module to create inbound and outbound delivery

  Dear Frens,
     I would like to know how VL10A is creating a deliverty document in background mode.
     otherwise can anyone help me with a single function module or BAPI or BADI which creates both
     inbound and outbound delivery.
  Regards
  Priya

  Hi,
  Try FM RV_DELIVERY_CREATE or GN_DELIVERY_CREATE.
  For creating a delivery wrt PO u 1st need to have a sales order i guess.
  Regards,
  Amit

• Regarding Inbound and outbound interfaces in ABAP HR

  Hi,
  Iam new to SAP. Can you send the document related to Inbound and Outbound Interfaces in detail.
  i.e What these interfaces comes under and steps to develop these inerfaces.
  Thanks&Regards,
  B.Thulasi.

  Hi,
  Iam new to SAP. Can you send the document related to Inbound and Outbound Interfaces in detail.
  i.e What these interfaces comes under and steps to develop these inerfaces.
  Thanks&Regards,
  B.Thulasi.