ACS v5 two interfaces

Similar Messages

• ACS appliance multiple interface usage

  Is it possible for me to use the two interfaces that are available on the 1113 box? I want to connect both of these interfaces to two seperate network segments. I did not find any thing specific in the Cosole except the set ip that would only config one interface.
  thanks

  You can use only one.
  Your Cisco 1113 system has two integrated 10/100/1000-megabit-per-second (Mbps) Ethernet connectors. ACS SE supports the operation of either Ethernet connector, but not both connectors.
  For more check here
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/solution_engine/ovrvuap.html#wp1054065

• Cisco ASA 5512 two interfaces

  i have an Cisco ASA 5512 working as Firewall
  We configure one ASA interface connecting to Cisco router 1700 with leasd line internet service without any problem.
  Now we have an extra internet connection ADSL 2MB connected to another ASA interface  
  I configure the ASA like this :
  1-    Enable interface 2 on ASA and connect it to ADSL router (interface ip 192.168.1.100 from the same ADSL router {192.168.1.1}range ) 
  2-    Create Access rule say source (My computer ip) destination  ADSL network range action accept
  3-    Create Nat Rule say source interface inside source ip (my ip) destination interface ADSL ip 192.168.1.100 destination source router ip 192.168.1.1
  4-    Add static route say ADSL interface source ip my ip gateway ADSL router
  This steps what I do but it doesn't work.
  Thanks in advance

  FYI for internet access I doubt this will work because if you configure two default route then ASA won't distribute traffic across two interface, first default route will be the one where ASA will send traffic. However from your description it is not very clear which IP address you are trying to ping and how exactly rules you have configured.
  Either attach your config or paste the relevant config in post.

• Error while extending two interfaces.

  I am using Weblogic Integration 8.5. When an interface extends two interfaces. Out of which one has a clone method declared. <br>
  This IDE is giving error as <br>
  ERROR: Sample.java:3: This type inherits two versions of method java.lang.Object clone(), one from java.lang.Object and another from com.ParentOne, that have conflicting access restrictions. <br>
  <b>Following are code snippets.</b><br>
  public interface Sample extends ParentOne, ParentTwo {} <br>
  public interface ParentOne { <br>
  public Object clone() throws CloneNotSupportedException; <br>} <br>public interface ParentTwo {} <br>
  <b>Same is working fine in other IDE with the bea JDK as well as sun's jdk. </b>
  <br>
  Can anyone help on this? Many Thanks.

  I am using Weblogic Integration 8.5. When an interface extends two interfaces. Out of which one has a clone method declared. <br>
  This IDE is giving error as <br>
  ERROR: Sample.java:3: This type inherits two versions of method java.lang.Object clone(), one from java.lang.Object and another from com.ParentOne, that have conflicting access restrictions. <br>
  <b>Following are code snippets.</b><br>
  public interface Sample extends ParentOne, ParentTwo {} <br>
  public interface ParentOne { <br>
  public Object clone() throws CloneNotSupportedException; <br>} <br>public interface ParentTwo {} <br>
  <b>Same is working fine in other IDE with the bea JDK as well as sun's jdk. </b>
  <br>
  Can anyone help on this? Many Thanks.

• View Mapping Result between two Interface Mappings in ccBPM

  Hello,
  I've got a ccBPM which does two interface mappings. The second one fails. When I redo the steps manually in the Interface Mapping test mode everything works fine. Anyway, I want to get the message from the failed BPM that got out of the first interface mapping, which worked fine in the BPM as well, before entering the second.
  Where can I get that message? In Monitoring I can only find messages that got sent.
  Thanks for you help!
  Regards,
  Dirk

  Hi,
  Please check in Runtime Workbench.
  Go to Adapter Engine --> Component Monitoring
  Now select your Adapter.
  Use Filter and below you will find message ids.
  select one and you can see the audit log..where your appln fails.
  You can also use SXMB_MONI.
  Select the message giving error and in that goto outbound tab..click on link...select view details image button...select the component with error and go to container tab of it....there you will find trace entry....where log of your error will be stored..
  Hope it helps.
  Best Of Luck
  Akhil
  Edited by: Akhil Rastogi on Mar 18, 2008 11:08 AM

• Two Interface with same IDOC sperated by Document Type

  Hi All,
  I have Two interface which is for RFQ and Purchase order, bother uses same IDOC orders05, i need to indentify which one for which interface using Document type for purchase NB and and AN for RFQ , please help me to slove this isssue , hope we muct use Context object for this , but i dont know how to use it , please help me
  thanking you
  Sridhar

  Hi,
  Can you explain a bit about your scenario, coz I think it can be handle in other way without using context objects..
  But if you want to use the context object, then you can add it in Message Interace ---> Context Objects, and in ID while doing RD you can find it under Condition Editor ---> take F4 help and then select context objects.
  Regards,
  Sarvesh

• Two interfaces on different subnets -- how to set default routes?

  Hi,
  I've configured an S10 box with two interfaces (both of which will eventually have zones on them), and I want to make sure that packets sent from each interface go do different default routers. Is this possible?
  The routers here are configured such that they won't forward packets with a source address they don't recognise, so at the moment all traffic from the second interface is being sent through the first interface's router and subsequently dropped.
  This might be a Monday morning brain fart, so apologies if nonsensical!
  Cheers
  - Ian

  I would like to propose this as a new IDEA in this forum but again: NOT POSSIBLE. I am not privileged.

• Set up IPMP Solaris 10 -- two interfaces, one IP

  I have a tasking to set up failure-based IPMP on a T5120. I have been reading all the Sun documentation on setting up IPMP, but cannot find exactly what I am looking for. I have one IP address, and two connected NICs, and my task is to set up IPMP so that if e1000g0 fails, e1000g1 will take over. Is this possible, and if so, how?

  If you have two interfaces and only want link-based failure detection, just put the group $YOUR_GROUPNAME statement in /etc/hostname.$INTERFACE file.
  Say you have the two interfaces e1000g0 and e1000g1, your hostname is MyHostname and your group is MyGroup you would do the following:
  put
  MyHostname group MyGroup in /etc/hostname.e1000g0.
  Put group MyGroup in /etc/hostname.e1000g1.
  Either reboot the machine or manually configure ipmp:
  ifconfig e1000g0 group MyGroup
  ifconfig e1000g1 plumb group MyGroup up
  in /var/adm/messages you there should be an info that no test-adress was given and that ipmp will operate in link-failure detection mode only.
  Please note that officially you should create an ipmp instance first by issuing something like ifconfig $MyIPMP-Instance group MyGroup, but that step could be left out as ipmp instances are created implicitly.

• Cannot get an informaiton on the ACS's report interface

  I configured MAC authentication on the ACS for AP1200 and have a question for the report interface.
  MAC authentication works fine and I can see a record the failure report but nothing for others. I want to see a "Login users", "Accounting", "Passed authentication" etc. Any idea why I cannot see these kind of information from ACS's Report interface.
  - ACS 3.2, added an AP on the network interface with RADIUS(Airopoint) and wireless phone's MAC address on the User interface. nothing else configued.
  - AP1200, 12.2(13)JA2.
  Here my AP1200 configuration.
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  server 192.168.200.134 auth-port 1645 acct-port 1646
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  server 192.168.200.134 auth-port 1645 acct-port 1646
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local group tac_admin group rad_admin
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local group rad_mac
  aaa authorization exec default local group tac_admin group rad_admin
  aaa authorization ipmobile default group rad_pmip
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  radius-server host 192.168.200.134 auth-port 1645 acct-port 1646 key 7 xxxxx
  radius-server attribute 32 include-in-access-req format %h
  radius-server authorization permit missing Service-Type
  radius-server vsa send accounting
  Thanks,

  This works fine for me.
  I hade the same problem until i put on "alternate eap eap_methods" The problem was that the Client got validate just on WEP and SSID. now I can see the mac as a login on the AP under "login users" (AP1100 and Intermec 750 PDA with WEB and Mac authentication)
  SSID "test"
  authentication open mac-address mac_methods alternate eap eap_methods
  authentication shared mac-address mac_methods
  accounting acct_methods

• NAT between two interfaces

  Good day,
  I would ask if it is possible to do NAT between two Interfaces on the same device?
  The problem is that I need access from my inside lan to the management interface on the ASA. We will not manage the ASA over the inside interface.
  This is my current NAT statement:
  nat (inside,mgmt) source static 172.20.200.0-24 192.168.3.222 destination static 192.168.3.0-24 192.168.3.0-24 unidirectional
  This is my PacketTracer output:
  Phase: 1Type: ROUTE-LOOKUPSubtype: inputResult: ALLOWConfig:Additional Information:in   192.168.3.0     255.255.255.0  mgmt
  Phase: 2Type: ACCESS-LISTSubtype: logResult: ALLOWConfig:access-group inside in interface insideaccess-list inside extended permit ip 172.20.200.0 255.255.255.0 anyAdditional Information:Phase: 3Type: IP-OPTIONSSubtype:Result: ALLOWConfig:Additional Information:Phase: 4Type: NATSubtype:Result: ALLOWConfig:nat (inside,mgmt) source static 172.20.200.0-24 192.168.3.222 destination static 192.168.3.0-24 192.168.3.0-24 unidirectionalAdditional Information:Static translate 172.20.200.1/0 to 192.168.3.222/0Phase: 5Type: USER-STATISTICSSubtype: user-statisticsResult: ALLOWConfig:Additional Information:Phase: 6Type: FLOW-CREATIONSubtype:Result: ALLOWConfig:Additional Information:New flow created with id 244039047, packet dispatched to next moduleResult:input-interface: insideinput-status: upinput-line-status: upoutput-interface: mgmtoutput-status: upoutput-line-status: upAction: allow
  So NAT seems to be working correct. I can reach other devices behind the mgmt network this is no problem. But I cant access the ASA on the mgmt interface 192.168.3.2.
  Clould it be a problem with the traffic flow? Because in the PacketTracer output I see on Phase1 a Route-Lookup and later on Phase4 the NAT statement.
  Is there a way to get this working?
  Many thanks for your feedback.
  Brgds,
  Markus

  Hi,
  To my understanding its not possible to connect to an ASA interface through interface other than the interface where the IP address is located.
  In other words you are not able to connect from behind "inside" to the IP address of "mgmt" interface
  I will try to find you a link to some Cisco documentation stating this. (I have never really had to find it though)
  - Jouni

• RE : How to bind to two interfaces

  Gabriel,
  You can advertise an environment on two ip addresses
  by using multiple IP addresses instead of one in
  FORTE_NS_ADDRESS. Specify the IP addresses separated by semicolon
  setenv FORTE_NS_ADDRESS ip1:5000;ip2:5010;ip3:5012
  You will also have to define FORTE_LOCATIONS to point
  to these IP addresses so that Forte runtime knows where
  to find the environment and services. In this case you
  will always use the socket number 0 to allow Forte to
  pick any available socket.
  Ajith Kallambella M.
  Subject: How to bind to two interfaces
  Hi!
  On one of our Solaris servers we are facing the problem that we have
  two
  network interface cards in it.
  And we would like to access Forte on it through both cards. (avoid
  unnecessary network traffic)
  As far as I understand Forte needs a fix IP address to bind to (thus
  bound to one card).
  I tried to use 0.0.0.0 as a jolly-joker for all cards, but failed.
  Has anybody an idea? Or is it a restriction?
  If so, does Forte plan to improve the product in this way?
  GA'BRIEL, A'kos ([email protected]) Fax: (+36-1) 4312-977
  UNIX & Internet consultant Phone: (+36-1) 4312-979
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive
  <URL:http://pinehurst.sageit.com/listarchive/>
  Get Free Email and Do More On The Web. Visit http://www.msn.com
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  Hello
  I assume you want to create multiple instance of your class.
  Assuming that you class is NOT a singleton then simply repeat the CREATE OBJECT statement as many times as you need.
  TYPES: begin of ty_s_class.
  TYPES: instance   TYPE REF TO zcl_myclass.
  TYPES: end of ty_s_class.
  DATA:
    lt_itab      TYPE STANDARD TABLE OF ty_s_class
                   WITH DEFAULT KEY,
    ls_record  TYPE ty_s_class.
    DO 10 TIMES.
      CLEAR: ls_record-instance.
      CREATE OBJECT ls_record-instance.
      APPEND ls_record TO lt_itab.
    ENDDO.
  Regards
    Uwe

• ASA5510 - Verifying NAT is fully disabled between two interfaces

  Hello,
  I am trying to configure two inside interfaces without NAT. I am not using nat-control and I have added exemptions for the two networks. I can communicate between the two networks and to the Internet just fine.
  I would like to verify that NAT is disabled between the two interfaces. I also need to make sure that the Interface IP (specifically for the traffic from inside-test to  the inside network) is not added to packets between the two networks. I would like to be able to verify this as well. In other words I need to have the Source IP address from the originating connection on the inside-test network passed along through to the Inside network device without being replaced by the Interface's IP address. This is a test config for a production environment that will be using a load balancer. The config I have may be working in this regard and the load balancer may be replacing this IP address (that is what I am trying to test), but I am not certain.
  So far I have the following NAT related running-config command (in regards to these two interfaces):
  access-list NAT_Exempt extended permit ip 192.168.12.0 255.255.255.0 interface inside
  access-list NAT_Exempt extended permit ip 192.168.3.0 255.255.255.0 interface Inside-test
  access-list NAT_Exempt extended permit ip 192.168.12.0 255.255.255.0 192.168.3.0 255.255.255.0
  access-list NAT_Exempt_2 extended permit ip 192.168.12.0 255.255.255.0 interface inside
  access-list NAT_Exempt_2 extended permit ip 192.168.3.0 255.255.255.0 interface Inside-test
  access-list NAT_Exempt_2 extended permit ip 192.168.3.0 255.255.255.0 192.168.12.0 255.255.255.0
  nat (inside) 0 access-list NAT_Exempt_2
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (Inside-test) 0 access-list NAT_Exempt
  nat (Inside-test) 1 0.0.0.0 0.0.0.0
  global (outside) 1 interface
  global (Inside-test) 1 interface
  Let me know if more information is needed for you to assist me futher.
  Thank you.

  Thank you Jennifer for your responses.
  Do I need to include access-list commands for both directions for each interface as listed in my full config above, or do I just need one for one direction on one and one direction on the other interface (plus the exempt for the 69.x.x.x network)?
  Would this config suffice?
  access-list NAT_Exempt_2 permit ip 192.168.3.0 255.255.255.0 192.168.12.0 255.255.255.0
  access-list NAT_Exempt_2 permit ip 192.168.3.0 255.255.255.0 69.87.157.192 255.255.255.224
  access-list NAT_Exempt permit ip 192.168.12.0 255.255.255.0 192.168.3.0 255.255.255.0
  access-list NAT_Exempt permit ip 192.168.12.0 255.255.255.0 69.87.157.192 255.255.255.224
  nat (inside) 0 access-list NAT_Exempt_2
  nat (inside-test) 0 access-list NAT_Exempt
  Will I need to clear xlate to see the results of this or will this take affect immediately? I can't really do that during business hours, but should be able to after hours if I need to.
  Can you clarify what the global commands do? I keep thinking that it adds the IP of the Interface to packets as they go through the interface and that I should use a different config for the Inside-test network.
  I will try the xlate detail to verify and let you know what I find.
  Thank you.

• Class extends two interface which have method in common name

  A class implements two interfaces. Those interfaces have method in common name.
  For ex;
  public interface b{public void hello();}
  public interface c{public void hello();}
  public class a implements b,c
  public void hello(){}
  Since two interfaces have common method, How to differentiate in this case ?

  How to differentiate what? You have to provide a method called hello(), just as in your example. (Normally you would have code in the method body, but zero lines of code is not against the rules.)

• How to implements two interface?

  i have a applet to implement two interface,the actionlistener and the appletcontext.how to do it??
  Thank You!

  with a comma

• Two hsrp on two interface two router

  It is possible to have two HSRP on two interfaces on two routers ?
  ROUTER 1
  track 1 interface GigabitEthernet0/1 line-protocol
  interface GigabitEthernet0/0
  ip address 172.16.1.11 255.255.0.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  standby 10 ip 172.16.1.10
  standby 10 priority 110
  standby 10 preempt
  standby 10 authentication crs-siss
  standby 10 track 1 decrement 20
  interface GigabitEthernet0/1
  ip address 95.14.60.222 255.255.255.224
  ip access-group 116 in
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  standby 20 ip 95.14.60.221
  standby 20 priority 110
  standby 20 preempt
  standby 20 authentication crs-siss
  standby 20 track 2 decrement 20
  =============================================
  ROUTER 2
  track 1 interface GigabitEthernet0/1 line-protocol
  interface GigabitEthernet0/0
  ip address 172.16.1.12 255.255.0.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  standby 10 ip 172.16.1.10
  standby 10 priority 110
  standby 10 preempt
  standby 10 authentication crs-siss
  standby 10 track 1 decrement 20
  interface GigabitEthernet0/1
  ip address 95.14.60.223 255.255.255.224
  ip access-group 116 in
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  standby 20 ip 95.14.60.221
  standby 20 priority 110
  standby 20 preempt
  standby 20 authentication crs-siss
  standby 20 track 2 decrement 20
  It is correct ???
  thank you

  hello john
  on router 1 I have to put
  ROUTER 1
  track 1 interface GigabitEthernet0/1 line-protocol
  track 2 interface GigabitEthernet0/0 line-protocol
  interface GigabitEthernet0/0
  standby 10 track 1 decrement 20
  interface GigabitEthernet0/1
  standby 20 track 2 decrement 20
  =============================================
  and on router 2 I have to put
  ROUTER 2
  track 1 interface GigabitEthernet0/1 line-protocol
  track 2 interface GigabitEthernet0/0 line-protocol
  interface GigabitEthernet0/0
  standby 10 track 1 decrement 20
  interface GigabitEthernet0/1
  standby 20 track 2 decrement 20
  correct ???