ACE Normalization for SMTP Traffic

Hi,
I was facing issue with the ACE normalization and that was stopping my SMTP traffic. When i disabled it globally my SMTP traffic is working fine. But due to the audit i cannot disabled it for all the traffic. I want to disabled the normalization only for the SMTP por 25 traffic.
I am trying to create the L4 policy as mention below but unable to set the partameter require for to disable the normalization.
class-map match-any SMTP_CLASS
match port tcp eq 25
parameter-map type connection TCP_SMTP_MAP
no random-sequence-number
exceed-mss allow
policy-map multi-match TCP_SMTP_POLICY
What else i need to reacll in parameter-map in order to disable the normalization for SMTP traffic.
Pleae help.

Hi,
I have attached the capture when normalization was enabled (not working) and capture when normalization was disabled.
Please review and let me know how to achive this by fine tunning the parameters.
We are seeing lot of tcp retransmission error etc.
I have done some research and normalization deals with the following below mentoin parameters.
exceed-mss-----Configure behavior if a packet exceeds MSS
random-seq-num-disable----Disable TCP sequence number randomization
reserved-bits-----Configure Reserved bits in TCP header
syn-data-----Configure behavior for a SYN packet containing data
tcp-options-----Configure TCP header options
urgent-flag-----Allow/Clear Urgent flag

Similar Messages

Outbound PAT for SMTP traffic

Cisco ASA 5505, Software 8.0(3)
ASA IP: xxx.xxx.xxx.yy4/29
This is part of my ASA config that ensures PAT for incomming SMTP traffic:
access-list acl_inbound_outside extended permit tcp any host xxx.xxx.xxx.yy7 eq smtp
nat-control
global (outside) 1 interface
nat (inside) 0 access-list acl_no_nat_inside
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp xxx.xxx.xxx.yy7 ftp 172.27.1.1 smtp netmask 255.255.255.255
access-group acl_inbound_outside in interface outside
This ensures SMTP traffic to xxx.xxx.xxx.yy7 reach my SMTP server.
But outgoing SMTP traffic is from xxx.xxx.xxx.yy4 (WAN IP of ASA).
How can I set up that ONLY SMTP traffic from 172.27.1.1 is PATed behind IP xxx.xxx.xxx.yy7 and other traffic from 172.27.1.1 will be NATed to
xxx.xxx.xxx.yy4?

Hi,
It seems that there is either a typo or mistake in the configuration above.
You are forwarding "ftp" port to "smtp" port
Shouldnt it be
static (inside,outside) tcp xxx.xxx.xxx.yy7 smtp 172.27.1.1 smtp netmask 255.255.255.255
So in addition to forwarding the "smtp" port you also want all outgoing "smtp" traffic from this single host/server to use the public IP address xxx.xxx.xxx.yy7
Then you can configure this
access-list SMTP-POLICYPAT remark Policy PAT for SMTP traffic
access-list SMTP-POLICYPAT permit tcp host 172.27.1.1 any eq smtp
global (outside) 25 xxx.xxx.xxx.yy7
nat (inside) 25 access-list SMTP-POLICYPAT
Hope this helps
Please do remember to mark the reply as the correct answer if it answered your question.
- Jouni

ACE Best Sticky Method for SSL Traffic

Hi, With ACE 4710 running serverfarms primarily running SSL traffic, what is the best method for configuring stickiness. Here are some parameters:
1) low volume sites, 2 real servers
2) ACE _will not_ do SSL offloading
3) Balancing HTTPS requests
4) Many versions of HTTP clients
5) Currently running ACE A1 code
I am thinking of:
1) TCP Header | HostID inspection
2) SSL-session ID (not good if re-key often though)
3) Any suggestions?
many thx,
WR

Hi Will,
You can see a comple configured example for your perusal in this regard for
Configure ACE Module for End to End SSL Termination
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
And Many more here regarding
Data Center Application Services Configuration Examples:
http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples
Hope these configuration examples will be useful to you.
Sachin Garg

No outbound smtp traffic via CSC SSM.

Hallo
I have a Problem with my ASA CSC-SSM Module (Version 6.1).
The inspection of http and POP works fine, but i have a problem with the outbound smtp traffic.
If i direct the SMTP Traffic via an Service Policy to my CSC Module no Mail will be send outbound.
If i remove the ACE from my SP smtp works fine again.
The reason why i want to inspect my outbound mailtraffic is that i want to add a disclamer to my outgoing mails.
I read the Admin Guide but there is no example how to Configure outbound SMTP( only inbound SMTP).
Is there something that i have to do?
I hope someone can help me.

Try this config:
access-list csc_out permit tcp host 192.168.200.xxx any eq smtp ---for smtp
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq 80
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq pop3
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq ftp
class-map csc_outbound_class
match access-list csc_out
policy-map csc_out_policy
class csc_outbound_class
csc fail-close
service-policy csc_out_policy interface inside

Ports Required for SMTP access from DMZ

We have a Windows 2000 Adv Server on a DMZ interface of a PIX firewall. We are using native Windows SMTP services as a Front End server for Exchange mail. Our Exchange server has a SmartHost entry that sends outbound mail to the server on the DMZ. Our MX record points to the server on the DMZ for inbound traffic.
We originally allowed DNS resolution and SMTP (Port 25) traffic to the server. We've done this numerous times from the Internal interface of the PIX. Yet, there apparently is at least one other port that needs to be opened up because the mail stays in the Queue of the SMTP server on the DMZ. We got around the problem by opening up all outbound ports from that server.
My question is: "Does anyone know what ports are required for an SMTP server to work on a PIX DMZ?"
Thanks

Should just be TCP/25 and probably DNS (UDP/53). Probably the easiest way to figure out what other port it's using is to look at the active connections from this going through your PIX.
Let's say the IP address of the mail server is 10.1.1.1. Doing:
sho conn | include 10.1.1.1
will give you all the connections. This will tell you where it's connectig to and on what ports. The output will look something like:
FW1(config)# sho conn | incl 10.1.1.1
UDP out 10.2.2.1:17127 in 10.1.1.1:10655 idle 0:01:23 Bytes 1000
UDP out 10.2.2.1:18733 in 10.1.1.1:10477 idle 0:01:38 Bytes 1000
UDP out 10.3.3.2:18429 in 10.1.1.1:10789 idle 0:01:10 Bytes 1000
The numbers after the colons are the port numbers on the connection. Of course yours will show TCP and port 25 (and something else hopefully), but you get the idea.

ACE - bridged mode - blocking Traffic

Hi
Just a short question. Is an ACE blocking traffic from a Source if the mac-address of that source is not in the ARP/MAC table? No security feature is enabled. The sniffer shows, that the packet is not going through. Other traffic works fine. So no problem with incoming ACL or something else. Any reason for that.
Cheers
patrick

Patrick,
indeed, if the src mac is not in the arp table, we can't setup a flow entry for that traffic and it is dropped.
We should first learn the mac-address from arp traffic.
Also check the following command to see if that helps:
switch/Admin(config-if)# arp inspection validate src-mac ?
flood Enable the flood option
no-flood Enable the no flood option
Carriage return.
Gilles.

SMTP traffic shaping

Hello. I'm trying to restrict SMTP bandwidth to ~640kbit. This should be applied to Se0/0 interface, my device is a Cisco 1760.
IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.3(6a)
I've tried this:
class-map match-all match-smtp
match protocol smtp
policy-map smtptraffic
class match-smtp
shape average 640000 640000 0
interface Serial0/0
ip address x.x.x.x 255.255.255.252
ip access-group in-list in
ip access-group out-list out
ip nat outside
service-policy output smtptraffic
encapsulation ppp
ip route-cache flow
VPN-Bucharest#sh policy-map int Se0/0
Serial0/0
Service-policy output: smtptraffic
Class-map: match-smtp (match-all)
59977 packets, 83502451 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 2
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
640000/640000 80000 640000 0 1000 80000
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 0 0 0 0 no
Class-map: class-default (match-any)
58902 packets, 33267078 bytes
5 minute offered rate 17000 bps, drop rate 0 bps
Match: any
When the Exchange server (attached on Fa0/0) starts spitting out mails to the Internet the traffic instantly reaches wirespeed (1mbps), and of course all hell breaks loose (latency, etc). The question is what is wrong with the above config that won't keep SMTP traffic at 640kbit.
I see a "Shaping Active no" there, which doesn't sound good.
I am definitely missing something.
Any help is appreciated, thank you.
--Adrian.

Hello Adrian,
there is one strange thing in your show/config given:
class-map match-all match-smtp
match protocol smtp
----snip----
Class-map: match-smtp (match-all)
59977 packets, 83502451 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 2
----snip----
Why does ACL 2 show up int the show policy-map command, when you have configured NBAR (match protocol smtp)?
Are you sure those two outputs are from the same router with the same config? Can you please highlight the underlying reason for this inconsistency? If not a reboot might help ...
Otherwise you might also leave away the Bc and Be values and just take "shape average 640000".
Hope this helps! Please rate all posts.
Regards, Martin

F5-asm and ace forward and reverse traffic

Hi all,
In our datacentre setup , we have f5 asm & ace- cisco for loadbalancing
in which f5 is configured with self ip& below the selfip,the nodeip is there which is inturn the
virtual ip for Ace t2 context
the incoming traffic on f5 is like
Publicip:xx--> f5.selfip:80-->Ace virtualip:yy
for the ace request handling is of below
Ace.virtualip:yy-->Rserver:xx
but here the issue is that reverse http response flow is some what not analogous
rserver:xx-->f5.selfip:80 & back to the Public ip
myquery is that why the reply back from the rserver is not given back to ace virtual ip, but to the
selfip of f5

Good morning,
You need to configure your routing in a way that the return traffic goes through the ACE. If you don't, you may end up in the situation you are seeing
Daniel

10.3.9 - Mobile Users Authenticating for SMTP Relay.

I hope I get my thoughts together and this question comes out right.
I have a small shop, where most of my users are in-house. They're using Entourage clients, and my couple of PC folks are using Outlook 2003. From in-house, everyone works just fine. Relay filters are setup to allow people inside the network to send fine. I have 127.0.0.1/32 and 192.168.1.1/32 in the Mail/Settings/Filters/SMTP Relay settings.
However, I have a couple of mobile users, the Director being one of them, who want/need to send email when outside of the office, or from a mobile device, like their Treo.
What I'm running into is that my mobile users are having authentication issues when trying to send email while outside the office. Even when they indicate they need to authenticate SMTP from their client, I get different issues with different users.
The Director's Treo, using Versamail, recieves email normally via IMAP. However, when sending, even though she's set to ESMTP Authentication, I get a 502 error. Without ESMTP Authentication turned on, I get a relay error.
Mail/Settings/Advanced has LOGIN and Plain checked for SMTP Authentication, and IMAP has LOGIN, Plain and Clear checked, while POP has APOP and Clear slected.
I'm at a loss for how to proceed with correcting this issue to allow mobile users to authenticate reliably from where ever they are. Can someone provide me some straightforward guidence on how this should be correctly configured?
Thanks.
PowerBook G4 17 Mac OS X (10.4.9) 1.5G RAM

Thanks for the response.
I've seen the posts about adding alternate ports, but it doesn't seem to matter what the ISP source is, they get Relay denied messages and our mailer shows the denial traffic.
There are additional relay exceptions in this, but here is the postconf file you requested:
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
inet_interfaces = all
luser_relay =
mail_owner = postfix
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains = sbl-xbl.spamhaus.org,bl.spamcop.net
messagesizelimit = 15728640
mydestination = $myhostname,localhost.$mydomain,kemperart.org
mydomain_fallback = localhost
myhostname = mail.kemperart.org
mynetworks = 127.0.0.1/32,192.168.200.99/32,192.168.200.1/32,rr.com,68.25.136.123/32
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = rejectmapsrbl
smtpdenforcetls = no
smtpdpw_server_securityoptions = plain,login,cram-md5
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/postfix/server.pem
smtpdtlsloglevel = 0
smtpduse_pwserver = yes
smtpdusetls = no
unknownlocal_recipient_rejectcode = 450
Remember, be gentle, while I'm able to get around the Terminal Window, I am, by no means, an expert.
Thanks again!
PowerBook G4 17 Mac OS X (10.4.9) 1.5G RAM

How to configure Symantec Mail Security for SMTP & Messaging Server 6.3

Hi!
I want to install a Symantec Mail Security for SMTP 5.0.1(host1) with Messaging Server 6.3 (in production - host2), but when I try to access to POP protocol to send a message from Internet, the system display a message with a relay problem.
- Could you help me with this issue?,
- Do you know some documentation that speaks of this?. I can't find any documentation that explain how to configure and integrate SMS and Messaging Server. Thanks in advance.
Regards, CR

ctemp1 wrote:
I want to install a Symantec Mail Security for SMTP 5.0.1(host1) with Messaging Server 6.3 (in production - host2), but when I try to access to POP protocol to send a message from Internet, the system display a message with a relay problem.I take it that you have configured the symantec software like this?
internet -> symantec mail security system -> sun messaging server -> recipientA better approach is the following
internet -> sun messaging server -> recipient
                          |
                         V
              symantec mail security system(refer here: http://blogs.sun.com/factotum/entry/messaging_server_correctly_deploying_the)
- Do you know some documentation that speaks of this?. I can't find any documentation that explain how to configure and integrate SMS and Messaging Server. Thanks in advance.There is no documentation specifically for symantec software but we do document how to send emails via the symantec mail security server using the aliasdetourhost channel keyword:
http://docs.sun.com/app/docs/doc/819-4428/6n6j42615?a=view#bgaqy
Regards,
Shane.

Javax.mail.NoSuchProviderException: No provider for SMTP

whats the meaning of the following exception javax.mail.NoSuchProviderException: No provider for SMTP
can any one help.
thanks and regards.

This exception is thrown when Session attempts to instantiate a Provider (e.g. (com.sun.mail.smtp.SMTPTransport)) that doesn't exist.
Check if the smtp.jar is in the classpath.

Mail receives OK but will not send for smtp account. Exchange server receives/sends OK

mail receives OK but will not send for smtp account. Exchange server receives/sends OK I'm away from home, using a family-member's wireless network that has always worked OK in the past. Today, the same problem occured while waiting in a hospital waiting lounge. Any ideas?

The outgoing mail server may be rejecting mail from your network address. Typically that happens when your mail service provider is also your ISP, and you connect to it from another network. The SMTP server will allow connections without a password from anywhere, but it will only relay mail from within the ISP's network. It could also be that your account on the server has expired or been suspended.
If you need to send mail from outside your ISP's network, use an independent mail service provider. I don't have a specific recommendation.

Minimum implementation for SMTP-ESMTP clients

Hi,
if I want to develop a Mail client I can use SMTP/ESMTP. I read already some of the RFC-Specs, but I cannot find an advice for the minimum implementation for a client - just for servers.
Is the minimum number of commands the same as for the servers (7 commands for SMTP and 9 commands for ESMTP) ?
Thanks for any help.
BR

Simple config...
rserver host EXCHANGE001
ip address 10.2.3.101
probe PING_EXCHANGE
inservice
rserver host EXCHANGE002
ip address 10.2.3.102
probe PING_EXCHANGE
rserver host EXCHANGE003
ip address 10.2.3.103
probe PING_EXCHANGE
rserver host EXCHANGE004
ip address 10.2.3.104
probe PING_EXCHANGE
serverfarm host EXCHANGE
description EXCHANGE SERVERS
predictor hash address
probe PR-EXCHANGE-HTTPS
rserver EXCHANGE001
    inservice
rserver EXCHANGE002
rserver EXCHANGE003
rserver EXCHANGE004
class-map match-all EXCHANGE-VIP
10 match virtual-address 10.2.3.100 tcp any
sticky ip-netmask 255.255.255.255 address both EXCHANGE-STICKY
timeout 20
replicate sticky
serverfarm EXCHANGE
policy-map type loadbalance first-match EXCHANGE-VIP
class class-default
    sticky-serverfarm EXCHANGE-STICKY
policy-map multi-match EXCHANGE_POL
class EXCHANGE-VIP
    loadbalance vip inservice
    loadbalance policy EXCHANGE-VIP
    loadbalance vip icmp-reply
NB: Only rsever EXCHANGE001 is active in the serverfarm.

Administration port - network channel for admin traffic

I am trying to configure a separate channel for Administration traffic on weblogic. I followed the oracle docos and configured the SSL, domain wide admin port, server listen address, ‘admin’ channel.
The issue is admin traffic in not happening through the newly created channel.
L2 network is not getting used. I can’t see any activity in the monitoring tab of new Channel. Also the netstat is showing that the port 9101/9102 is getting used on the 192.168.100.218 and not on 10.254.252.849.
I also tried by setting up the newly created channel weight as 51, but no luck.
Is JMX connectivity related to admin channel?
Any help is highly appreciated. Thanks.
Ipconfig:
Admin: adminserver701.mycompany.internal, 192.168.100.238, 10.254.252.808
Managed: appserver701.mycompany.internal, :192.168.100.218, 10.254.252.849
Domain wide admin port: 9101
Admin:
Listen address –> adminserver701.mycompany.internal
Channel –> admin -> 10.254.252.808/9101
Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.808:9101
Managed:(appserver701)
Listen address –> appserver701.mycompany.internal
Admin port override: 9102
Channel –> admin -> 10.254.252.849/9102
Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.849:9102
AdminServer Logs:
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613346> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.runtime .>
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613353> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.edit .>
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613367> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.domainruntime .>
####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616699> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.238:9101 for protocols admin, ldaps, https.>
####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616700> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.808:9101 for protocols admin, ldaps, https.>
####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "Default" is now listening on 192.168.100.238:7001 for protocols iiop, t3, ldap, snmp, http.>
####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.238:7002 for protocols iiops, t3s, ldaps, https.>
ManagedServer Logs:
####<Feb 18, 2013 2:54:19 PM EST> <Info> <JMX> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163259911> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://appserver701.mycompany.internal:9102/jndi/weblogic.management.mbeanservers.runtime .>
####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.849:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.218:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.218:7102 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "Default" is now listening on 192.168.100.218:7101 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
AdminServer logs update while starting managed:
####<Feb 18, 2013 2:54:57 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-0000000000000162> <1361163297488> <BEA-149506> <Established JMX Connectivity with adp_ms01 at the JMX Service URL of service: jmx:admin://appserver701.mycompany.internal:9102 /jndi/weblogic.management.mbeanservers.runtime.>
Admin Server :
[oracle@adminserver701 bin]$ netstat -an | grep 9101
tcp 0 0 10.254.252.808:9101 0.0.0.0:* LISTEN
tcp 0 0 192.168.100.238:9101 0.0.0.0:* LISTEN
tcp 0 0 192.168.100.238:9101 192.168.100.218:59038 ESTABLISHED
I am wondering if the JMX connectivity is using the server listen address (adminserver701.mycompany.internal) which will by default resolve to 192.168.100.238. Is there a way to force JMX to use 10.254.252.808?

Hi
For first question the answer is no. With the administration port, you enable the SSL between the admin server and Node manager-managed Servers. You can still use the web console.
For teh second question, you can use ANT or can use the WLS Scripting ..you can get more details in dev2dev.bea.com
Jin

How to set a different listener on port 465 for SMTPS?

The idea is being able to manage both plain and secure SMTP while reconfiguring all clients for SMTPS.
How would you go about this?
I have
- created new Ip interface + listener
- created SMTP authentication profile
- created a new policy that requires TLS / SMTP Authentication
I am unable to send mail and I don't receive clear messages as to why it isn't working.

AFAIK, ironport only support TLS (which is port 587) and if you try to enable 465 just to accomodate SSL (for those that using old broken MUA) it won't work.

ACE Normalization for SMTP Traffic

Similar Messages

Maybe you are looking for