ACS v5 two interfaces
Hi all
I have installed ACS on VMWARE and it has two interfaces in two subnets but tacacs is working on one of it. So my question is Can I run tacacs on both interfaces? if not How can change running interface.
Regards
Marcin
Ok - so can I redirect request from one interface to another ?
Similar Messages
-
ACS appliance multiple interface usage
Is it possible for me to use the two interfaces that are available on the 1113 box? I want to connect both of these interfaces to two seperate network segments. I did not find any thing specific in the Cosole except the set ip that would only config one interface.
thanksYou can use only one.
Your Cisco 1113 system has two integrated 10/100/1000-megabit-per-second (Mbps) Ethernet connectors. ACS SE supports the operation of either Ethernet connector, but not both connectors.
For more check here
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/solution_engine/ovrvuap.html#wp1054065 -
i have an Cisco ASA 5512 working as Firewall
We configure one ASA interface connecting to Cisco router 1700 with leasd line internet service without any problem.
Now we have an extra internet connection ADSL 2MB connected to another ASA interface
I configure the ASA like this :
1- Enable interface 2 on ASA and connect it to ADSL router (interface ip 192.168.1.100 from the same ADSL router {192.168.1.1}range )
2- Create Access rule say source (My computer ip) destination ADSL network range action accept
3- Create Nat Rule say source interface inside source ip (my ip) destination interface ADSL ip 192.168.1.100 destination source router ip 192.168.1.1
4- Add static route say ADSL interface source ip my ip gateway ADSL router
This steps what I do but it doesn't work.
Thanks in advanceFYI for internet access I doubt this will work because if you configure two default route then ASA won't distribute traffic across two interface, first default route will be the one where ASA will send traffic. However from your description it is not very clear which IP address you are trying to ping and how exactly rules you have configured.
Either attach your config or paste the relevant config in post. -
Error while extending two interfaces.
I am using Weblogic Integration 8.5. When an interface extends two interfaces. Out of which one has a clone method declared. <br>
This IDE is giving error as <br>
ERROR: Sample.java:3: This type inherits two versions of method java.lang.Object clone(), one from java.lang.Object and another from com.ParentOne, that have conflicting access restrictions. <br>
<b>Following are code snippets.</b><br>
public interface Sample extends ParentOne, ParentTwo {} <br>
public interface ParentOne { <br>
public Object clone() throws CloneNotSupportedException; <br>} <br>public interface ParentTwo {} <br>
<b>Same is working fine in other IDE with the bea JDK as well as sun's jdk. </b>
<br>
Can anyone help on this? Many Thanks.I am using Weblogic Integration 8.5. When an interface extends two interfaces. Out of which one has a clone method declared. <br>
This IDE is giving error as <br>
ERROR: Sample.java:3: This type inherits two versions of method java.lang.Object clone(), one from java.lang.Object and another from com.ParentOne, that have conflicting access restrictions. <br>
<b>Following are code snippets.</b><br>
public interface Sample extends ParentOne, ParentTwo {} <br>
public interface ParentOne { <br>
public Object clone() throws CloneNotSupportedException; <br>} <br>public interface ParentTwo {} <br>
<b>Same is working fine in other IDE with the bea JDK as well as sun's jdk. </b>
<br>
Can anyone help on this? Many Thanks. -
View Mapping Result between two Interface Mappings in ccBPM
Hello,
I've got a ccBPM which does two interface mappings. The second one fails. When I redo the steps manually in the Interface Mapping test mode everything works fine. Anyway, I want to get the message from the failed BPM that got out of the first interface mapping, which worked fine in the BPM as well, before entering the second.
Where can I get that message? In Monitoring I can only find messages that got sent.
Thanks for you help!
Regards,
DirkHi,
Please check in Runtime Workbench.
Go to Adapter Engine --> Component Monitoring
Now select your Adapter.
Use Filter and below you will find message ids.
select one and you can see the audit log..where your appln fails.
You can also use SXMB_MONI.
Select the message giving error and in that goto outbound tab..click on link...select view details image button...select the component with error and go to container tab of it....there you will find trace entry....where log of your error will be stored..
Hope it helps.
Best Of Luck
Akhil
Edited by: Akhil Rastogi on Mar 18, 2008 11:08 AM -
Two Interface with same IDOC sperated by Document Type
Hi All,
I have Two interface which is for RFQ and Purchase order, bother uses same IDOC orders05, i need to indentify which one for which interface using Document type for purchase NB and and AN for RFQ , please help me to slove this isssue , hope we muct use Context object for this , but i dont know how to use it , please help me
thanking you
SridharHi,
Can you explain a bit about your scenario, coz I think it can be handle in other way without using context objects..
But if you want to use the context object, then you can add it in Message Interace ---> Context Objects, and in ID while doing RD you can find it under Condition Editor ---> take F4 help and then select context objects.
Regards,
Sarvesh -
Two interfaces on different subnets -- how to set default routes?
Hi,
I've configured an S10 box with two interfaces (both of which will eventually have zones on them), and I want to make sure that packets sent from each interface go do different default routers. Is this possible?
The routers here are configured such that they won't forward packets with a source address they don't recognise, so at the moment all traffic from the second interface is being sent through the first interface's router and subsequently dropped.
This might be a Monday morning brain fart, so apologies if nonsensical!
Cheers
- IanI would like to propose this as a new IDEA in this forum but again: NOT POSSIBLE. I am not privileged.
-
Set up IPMP Solaris 10 -- two interfaces, one IP
I have a tasking to set up failure-based IPMP on a T5120. I have been reading all the Sun documentation on setting up IPMP, but cannot find exactly what I am looking for. I have one IP address, and two connected NICs, and my task is to set up IPMP so that if e1000g0 fails, e1000g1 will take over. Is this possible, and if so, how?
If you have two interfaces and only want link-based failure detection, just put the group $YOUR_GROUPNAME statement in /etc/hostname.$INTERFACE file.
Say you have the two interfaces e1000g0 and e1000g1, your hostname is MyHostname and your group is MyGroup you would do the following:
put
MyHostname group MyGroup in /etc/hostname.e1000g0.
Put group MyGroup in /etc/hostname.e1000g1.
Either reboot the machine or manually configure ipmp:
ifconfig e1000g0 group MyGroup
ifconfig e1000g1 plumb group MyGroup up
in /var/adm/messages you there should be an info that no test-adress was given and that ipmp will operate in link-failure detection mode only.
Please note that officially you should create an ipmp instance first by issuing something like ifconfig $MyIPMP-Instance group MyGroup, but that step could be left out as ipmp instances are created implicitly. -
Cannot get an informaiton on the ACS's report interface
I configured MAC authentication on the ACS for AP1200 and have a question for the report interface.
MAC authentication works fine and I can see a record the failure report but nothing for others. I want to see a "Login users", "Accounting", "Passed authentication" etc. Any idea why I cannot see these kind of information from ACS's Report interface.
- ACS 3.2, added an AP on the network interface with RADIUS(Airopoint) and wireless phone's MAC address on the User interface. nothing else configued.
- AP1200, 12.2(13)JA2.
Here my AP1200 configuration.
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
server 192.168.200.134 auth-port 1645 acct-port 1646
aaa group server radius rad_acct
aaa group server radius rad_admin
server 192.168.200.134 auth-port 1645 acct-port 1646
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local group tac_admin group rad_admin
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local group rad_mac
aaa authorization exec default local group tac_admin group rad_admin
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
radius-server host 192.168.200.134 auth-port 1645 acct-port 1646 key 7 xxxxx
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
Thanks,This works fine for me.
I hade the same problem until i put on "alternate eap eap_methods" The problem was that the Client got validate just on WEP and SSID. now I can see the mac as a login on the AP under "login users" (AP1100 and Intermec 750 PDA with WEB and Mac authentication)
SSID "test"
authentication open mac-address mac_methods alternate eap eap_methods
authentication shared mac-address mac_methods
accounting acct_methods -
Good day,
I would ask if it is possible to do NAT between two Interfaces on the same device?
The problem is that I need access from my inside lan to the management interface on the ASA. We will not manage the ASA over the inside interface.
This is my current NAT statement:
nat (inside,mgmt) source static 172.20.200.0-24 192.168.3.222 destination static 192.168.3.0-24 192.168.3.0-24 unidirectional
This is my PacketTracer output:
Phase: 1Type: ROUTE-LOOKUPSubtype: inputResult: ALLOWConfig:Additional Information:in 192.168.3.0 255.255.255.0 mgmt
Phase: 2Type: ACCESS-LISTSubtype: logResult: ALLOWConfig:access-group inside in interface insideaccess-list inside extended permit ip 172.20.200.0 255.255.255.0 anyAdditional Information:Phase: 3Type: IP-OPTIONSSubtype:Result: ALLOWConfig:Additional Information:Phase: 4Type: NATSubtype:Result: ALLOWConfig:nat (inside,mgmt) source static 172.20.200.0-24 192.168.3.222 destination static 192.168.3.0-24 192.168.3.0-24 unidirectionalAdditional Information:Static translate 172.20.200.1/0 to 192.168.3.222/0Phase: 5Type: USER-STATISTICSSubtype: user-statisticsResult: ALLOWConfig:Additional Information:Phase: 6Type: FLOW-CREATIONSubtype:Result: ALLOWConfig:Additional Information:New flow created with id 244039047, packet dispatched to next moduleResult:input-interface: insideinput-status: upinput-line-status: upoutput-interface: mgmtoutput-status: upoutput-line-status: upAction: allow
So NAT seems to be working correct. I can reach other devices behind the mgmt network this is no problem. But I cant access the ASA on the mgmt interface 192.168.3.2.
Clould it be a problem with the traffic flow? Because in the PacketTracer output I see on Phase1 a Route-Lookup and later on Phase4 the NAT statement.
Is there a way to get this working?
Many thanks for your feedback.
Brgds,
MarkusHi,
To my understanding its not possible to connect to an ASA interface through interface other than the interface where the IP address is located.
In other words you are not able to connect from behind "inside" to the IP address of "mgmt" interface
I will try to find you a link to some Cisco documentation stating this. (I have never really had to find it though)
- Jouni -
RE : How to bind to two interfaces
Gabriel,
You can advertise an environment on two ip addresses
by using multiple IP addresses instead of one in
FORTE_NS_ADDRESS. Specify the IP addresses separated by semicolon
setenv FORTE_NS_ADDRESS ip1:5000;ip2:5010;ip3:5012
You will also have to define FORTE_LOCATIONS to point
to these IP addresses so that Forte runtime knows where
to find the environment and services. In this case you
will always use the socket number 0 to allow Forte to
pick any available socket.
Ajith Kallambella M.
Subject: How to bind to two interfaces
Hi!
On one of our Solaris servers we are facing the problem that we have
two
network interface cards in it.
And we would like to access Forte on it through both cards. (avoid
unnecessary network traffic)
As far as I understand Forte needs a fix IP address to bind to (thus
bound to one card).
I tried to use 0.0.0.0 as a jolly-joker for all cards, but failed.
Has anybody an idea? Or is it a restriction?
If so, does Forte plan to improve the product in this way?
GA'BRIEL, A'kos ([email protected]) Fax: (+36-1) 4312-977
UNIX & Internet consultant Phone: (+36-1) 4312-979
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive
<URL:http://pinehurst.sageit.com/listarchive/>
Get Free Email and Do More On The Web. Visit http://www.msn.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>Hello
I assume you want to create multiple instance of your class.
Assuming that you class is NOT a singleton then simply repeat the CREATE OBJECT statement as many times as you need.
TYPES: begin of ty_s_class.
TYPES: instance TYPE REF TO zcl_myclass.
TYPES: end of ty_s_class.
DATA:
lt_itab TYPE STANDARD TABLE OF ty_s_class
WITH DEFAULT KEY,
ls_record TYPE ty_s_class.
DO 10 TIMES.
CLEAR: ls_record-instance.
CREATE OBJECT ls_record-instance.
APPEND ls_record TO lt_itab.
ENDDO.
Regards
Uwe -
ASA5510 - Verifying NAT is fully disabled between two interfaces
Hello,
I am trying to configure two inside interfaces without NAT. I am not using nat-control and I have added exemptions for the two networks. I can communicate between the two networks and to the Internet just fine.
I would like to verify that NAT is disabled between the two interfaces. I also need to make sure that the Interface IP (specifically for the traffic from inside-test to the inside network) is not added to packets between the two networks. I would like to be able to verify this as well. In other words I need to have the Source IP address from the originating connection on the inside-test network passed along through to the Inside network device without being replaced by the Interface's IP address. This is a test config for a production environment that will be using a load balancer. The config I have may be working in this regard and the load balancer may be replacing this IP address (that is what I am trying to test), but I am not certain.
So far I have the following NAT related running-config command (in regards to these two interfaces):
access-list NAT_Exempt extended permit ip 192.168.12.0 255.255.255.0 interface inside
access-list NAT_Exempt extended permit ip 192.168.3.0 255.255.255.0 interface Inside-test
access-list NAT_Exempt extended permit ip 192.168.12.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list NAT_Exempt_2 extended permit ip 192.168.12.0 255.255.255.0 interface inside
access-list NAT_Exempt_2 extended permit ip 192.168.3.0 255.255.255.0 interface Inside-test
access-list NAT_Exempt_2 extended permit ip 192.168.3.0 255.255.255.0 192.168.12.0 255.255.255.0
nat (inside) 0 access-list NAT_Exempt_2
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Inside-test) 0 access-list NAT_Exempt
nat (Inside-test) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
global (Inside-test) 1 interface
Let me know if more information is needed for you to assist me futher.
Thank you.Thank you Jennifer for your responses.
Do I need to include access-list commands for both directions for each interface as listed in my full config above, or do I just need one for one direction on one and one direction on the other interface (plus the exempt for the 69.x.x.x network)?
Would this config suffice?
access-list NAT_Exempt_2 permit ip 192.168.3.0 255.255.255.0 192.168.12.0 255.255.255.0
access-list NAT_Exempt_2 permit ip 192.168.3.0 255.255.255.0 69.87.157.192 255.255.255.224
access-list NAT_Exempt permit ip 192.168.12.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list NAT_Exempt permit ip 192.168.12.0 255.255.255.0 69.87.157.192 255.255.255.224
nat (inside) 0 access-list NAT_Exempt_2
nat (inside-test) 0 access-list NAT_Exempt
Will I need to clear xlate to see the results of this or will this take affect immediately? I can't really do that during business hours, but should be able to after hours if I need to.
Can you clarify what the global commands do? I keep thinking that it adds the IP of the Interface to packets as they go through the interface and that I should use a different config for the Inside-test network.
I will try the xlate detail to verify and let you know what I find.
Thank you. -
Class extends two interface which have method in common name
A class implements two interfaces. Those interfaces have method in common name.
For ex;
public interface b{public void hello();}
public interface c{public void hello();}
public class a implements b,c
public void hello(){}
Since two interfaces have common method, How to differentiate in this case ?How to differentiate what? You have to provide a method called hello(), just as in your example. (Normally you would have code in the method body, but zero lines of code is not against the rules.)
-
How to implements two interface?
i have a applet to implement two interface,the actionlistener and the appletcontext.how to do it??
Thank You!with a comma
-
Two hsrp on two interface two router
It is possible to have two HSRP on two interfaces on two routers ?
ROUTER 1
track 1 interface GigabitEthernet0/1 line-protocol
interface GigabitEthernet0/0
ip address 172.16.1.11 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 10 ip 172.16.1.10
standby 10 priority 110
standby 10 preempt
standby 10 authentication crs-siss
standby 10 track 1 decrement 20
interface GigabitEthernet0/1
ip address 95.14.60.222 255.255.255.224
ip access-group 116 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
standby 20 ip 95.14.60.221
standby 20 priority 110
standby 20 preempt
standby 20 authentication crs-siss
standby 20 track 2 decrement 20
=============================================
ROUTER 2
track 1 interface GigabitEthernet0/1 line-protocol
interface GigabitEthernet0/0
ip address 172.16.1.12 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 10 ip 172.16.1.10
standby 10 priority 110
standby 10 preempt
standby 10 authentication crs-siss
standby 10 track 1 decrement 20
interface GigabitEthernet0/1
ip address 95.14.60.223 255.255.255.224
ip access-group 116 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
standby 20 ip 95.14.60.221
standby 20 priority 110
standby 20 preempt
standby 20 authentication crs-siss
standby 20 track 2 decrement 20
It is correct ???
thank youhello john
on router 1 I have to put
ROUTER 1
track 1 interface GigabitEthernet0/1 line-protocol
track 2 interface GigabitEthernet0/0 line-protocol
interface GigabitEthernet0/0
standby 10 track 1 decrement 20
interface GigabitEthernet0/1
standby 20 track 2 decrement 20
=============================================
and on router 2 I have to put
ROUTER 2
track 1 interface GigabitEthernet0/1 line-protocol
track 2 interface GigabitEthernet0/0 line-protocol
interface GigabitEthernet0/0
standby 10 track 1 decrement 20
interface GigabitEthernet0/1
standby 20 track 2 decrement 20
correct ???
Maybe you are looking for
-
When connecting my ipad mini to my lap top I keep getting an error message sugesting I need to install 64bit version of Itunes. I have done this repeatedly but the same message keeps recurring. Cananyone help? Thanks
-
Export Panorama in InDesign CS6
Hi folks, This is my problem. I have this panorama photo in InDesign working. When i watch it in preview folio it works. Now i need to export it to get it the users. What way is the right way to export it and still have the panorama photo work? I hop
-
BOM data source ... Li Xu???
Hi Li, In one of your earlier posts I saw that you have created a custom data source for BOM extraction. I am desperately trying to create a BW data source for BOM with explosion to lowest level. Can you please help me with the logic and the code for
-
Why can't I copy a picture into a new folder from iPhoto?
I have always been able to copy pictures from iPhoto and then copy them to my desktop or into new folders as I pleased. Suddenly, while trying to simply copy from iPhoto and then paste them into a new folder, the pictures do not appear. I've tried ex
-
Reader 11.0.10 update error 2753 acrosup64.dll is not marked for installation
We are trying to deploy reader update 11.0.10 but are receiving the above error in the installation logs and event viewer of multiple computers. Other discussion state un-installing and re-installing reader fixes the issue, but this is not a practic