Allow external iframes local IP
I am at the beginning of migrating from on-site SharePoint to SharePoint Online.
Trying to get a page viewer to display an HTML/PHP page that is hosted locally. I understand that this will cause problems when viewing the pages when off-site, but that is ok for the requirements.
Is it possible to set Site Settings > Site
Collection Administration > HTML
Field Security > Allow
External iFrames to accept content from internal servers, local IP (eg 192.168.1.*)?
If so, what "domain" is needed in the above settings (or otherwise) to allow these pages to display?
The URL pointing to the local page works in web browsers fine, just doesn't display on SharePoint Online.
Thanks,
Lachy
Hello
Nat provides ip.translation but its doesnt give.you any real security to.the server you still.need.to prohibit access via either ios fw features( cbac zbfw,extended acls etc) or via a designated fwl
To answer your question
Yes you can
You can position it in a dmz with a.public ip address and use port forwarding/filtering etc to.open up specifc ports to the server
Res
Paul
Sent from Cisco Technical Support Android App
Similar Messages
-
Allow external traffic to access internal computers
We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
ASA Version 8.4(3)
hostname ciscoasa
domain-name default.domain.invalid
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.2.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 152.18.75.132 255.255.255.240
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object network a-152.18.75.133
host 152.18.75.133
object network a-10.2.1.2
host 10.2.1.2
object-group network ext-servers
network-object host 142.21.53.249
network-object host 142.21.53.251
network-object host 142.21.53.195
object-group network ecomm_servers
network-object 142.21.53.236 255.255.255.255
object-group network internal_subnet
network-object 10.2.1.0 255.255.255.0
access-list extended extended permit ip any any
access-list extended extended permit icmp any any
access-list extended extended permit ip any object-group ext-servers
access-list acl_out extended permit tcp any object-group ecomm_servers eq https
access-list outside_in extended permit ip any host 10.2.1.2
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit 10.2.1.0 255.255.255.0 inside
icmp permit any echo-reply outside
icmp permit any outside
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static a-10.2.1.2 a-152.18.75.133
route outside 0.0.0.0 0.0.0.0 152.18.75.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.2.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 10.2.1.2 255.255.255.255 inside
ssh 122.31.53.0 255.255.255.0 outside
ssh 122.28.75.128 255.255.255.240 outside
ssh timeout 30
console timeout 0
dhcpd auto_config outside
dhcpd address 10.2.1.2-10.2.1.254 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c7d7009a051cb0647b402f4acb9a3915
: end
ciscoasa(config)# sh nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static a-10.2.1.2 a-152.18.75.133
translate_hits = 1, untranslate_hits = 112
ciscoasa(config)# sh nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static a-10.2.1.2 a-152.18.75.133
translate_hits = 1, untranslate_hits = 113
ciscoasa(config)#Okay I will bite.
Assuming you have
a. dynamic pat rule for lan users-devices to reach the internet
(missing ???????????????
(should look like a nat rule that makes two entries when you make the one rule)
(with router set at defaults it may make this rule for you already in place)
-object bit
object network obj_any_inside
subnet 0.0.0.0 0.0.0.0
and rule bit
object network obj_any_inside
nat (inside,outside) dynamic interface
b. route rule - tells asa next hop is IP gateway address
route outside 0.0.0.0 0.0.0.0 152.18.75.129 1
c. Nat rule for port forwarding- Using objects it creates two entries (lets say i call it natforward4server)
object bit
object network natforward4server
host 10.2.1.2
Nat bit
object network natforward4server
nat (inside,outside) static interface service tcp 443 443
d. Nat for translated ort.
If you had wanted to translate a port, lets say you have external users that can only use port 80 but need to access https
object bitobject network natfortransl4server
host 10.2.1.2
Nat bit
object network natfortransl4server
nat (inside,outside) static interface service tcp 443 80 -
Sharepoint 2013 online/office 365.
I am creating site collection programmatically using sharepoint Auto hosted app.
Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
Is it possible through code? If yes please let me know how to do it?
Najitha SidhikFor SharePoint 2013 Online, check below links:
http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
Please ensure that you mark a question as Answered once you receive a satisfactory response. -
CRS-2630: Only cluster administrators are allowed to create local resources
I have installed and configured a 12c database across two linux nodes and all is well. I have also installed the Oracle rdbms 12.1.01 on the same nodes. Now when I try and use netca or dbca to create a database or listener, I get the following errors;
CRS-2630: Only cluster administrators are allowed to create local resources
I can log in as the GRID user and can create resources but not as database user. Both users are members of the dba group.
Any ideas anyone? Thanks a lot H.The issue is resolved, the 12c configuration is a lot more comprehensive than 11g. Here we have to create the user DBA with the right rights to access and change the cluster resources.
For example to allow the dba users the ability to create listeners on the RAC nodes, we have to issue some command such as follows; here the oedsdp is the dba user and ogridp is the grid main owner.
t@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.rac1node.vip -u user:oedsdp:rwx
[root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.net1.network -u user:oedsdp:rwx
[root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.net1.network -u user:oedsdp:rwx
[root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.rac2node.vip -u user:oedsdp:rwx
[root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.net1.network -u user:oedsdp:rwx
Interesting, I think we need to carefully plan the new user groups before we start the GRID configuration.
H. -
Revision: 3680
Author: [email protected]
Date: 2008-10-16 07:58:21 -0700 (Thu, 16 Oct 2008)
Log Message:
Modifying ant build.xml to allow for a local.properties for individual developer build config. Also moving ja_JP locale to the other.locales target (this is called during build machine packaging and isn't needed by dev by default).
QE: No
Doc: No
Checkintests: Pass
Reviewer: Discussed with Jim
Modified Paths:
flex/sdk/trunk/build.xml
flex/sdk/trunk/frameworks/projects/airframework/build.xml
flex/sdk/trunk/frameworks/projects/framework/build.xml
flex/sdk/trunk/frameworks/projects/rpc/build.xmlI tried
ant deployTestSuites
this works. If i do that with the wrong domain (dep_cotrol vs dep_me) name it fails with
ORABPEL-02052Cannot lookup BPEL domain.The BPEL domain "dep_cotrol" cannot be found; the domain may not have initialized properly.Please verify that the BPEL domain loader has a valid set of initialization properties in the application properties file.
So i think my config is ok. There is a bug in this ant bpelTest which ignores the domain? -
"Allow log on locally" permission (SetInteractiveLogonRight) for SCOM 2012
Hi Experts,
Do we need to have “Allow log on locally” permission (SetInteractiveLogonRight) for any of the SCOM accounts in 2012 R2?
If yes why?
Regards,
Prajul NambiarYes, The default action account must have the following minimum privileges:
• Member of the local Users group
• Member of the local Performance Monitor Users group
• Allow log-on-locally permission (SetInteractiveLogonRight)
because SCOM provide you with monitoring for agents which need to access event viewer of this server to show you any issue that happened.
Monitoring and collecting Windows event log data.
Monitoring and collecting Windows performance counter data.
Monitoring and collecting Windows Management Instrumentation (WMI) data.
Running actions such as scripts or batches.
Also you can refer below link
https://technet.microsoft.com/en-us/library/hh212808.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"Mai Ali | My blog:
Technical | Twitter:
Mai Ali -
Core Data: "Allows external storage" for Transformable type?
When I create a Core Data attribute, and set its type to "Transformable", the "Allows external storage" option is unavailable. I only see it available for Binary type.
How can I use "Allows external storage" with Transformable type?I wanted to post an update and let everyone know what I decided on and how well it works.
I went with the following setup.
eSATA Express Card
http://www.newegg.com/Product/Product.aspx?Item=N82E16839200006
eSATA enclousure
http://www.newegg.com/Product/Product.aspx?Item=N82E16817173043
eSATA drive
http://www.newegg.com/Product/Product.aspx?Item=N82E16822136218
All of this cost me a total of $159.57 for about 600gigs of high performance storage after being formated! I did some benchmarks and the drive is performing faster than my internal 7200rpm drive. It is not much faster but it is faster.
So I would have to say that if you really want some fast performing drives for just about anything eSATA is probably the way to go.
About the items,
The eSATA card looked used when i got it. The seal was broken and the item was dirty and had finger prints on it. It was however very easy to install. I just downloaded the newest drivers from rosewill.com plugged it in and it worked.
The hard disk enclosure seems well made and was a breeze to setup and install. It also does usb 2.0 if you need it. It has as a big cooling fan and includes a usb and sata cable as well as a eSATA bracket for your desktop pc.
All in all a great buy. So thank you again for all the info -
Does "Allow log on locally" work with environment variables?
This is merely out of curiosity and just because I'm doing some conceptual gambling.
I'd like to create a GPO having the Allow log on locally set to something like the following list:
%OWNER%
BUILTIN\Administrators
The concept behind this is to prepare the system during OS installation with a value to the OWNER environment variable to allow only the specified user account (apart from the Administrators group, of course) to log on to the system without A) having to
configure this setting locally on the client and B) having a great range of different GPOs to handle all the user/computer combinations.
My questions are:
Does this work at all?
If it works, what do I need to provide as a value?
I've already tried to set <user name>, <domain name>\<user name> and
<user name>@<FQDN> but none of those seem to work.Hi,
Glad to see your problem resolved. Hope your experience could helps other who had same cofusion.
Roger Lu
TechNet Community Support -
How to fix Lightroom 5.6 from crashing when backing up catalog database (external AND local backup) - Mac 10.9.5
It starts to cue and within 3-4 seconds, the program just crashes hard. As stated, I tried it on local hard drive and external. Same result...
In the destination backup folder, it will copy over one folder, no images.
Thanks ahead of time.
-DanAnyone? - (Adobe?!?!?)
-
Problem: MBP Is not allowing external monitor Widescreen resolutions.
I am using a 27" LCD HD TV (Yes, TV, not monitor) DVI->DVI and the MBP will not allow me to use a widescreen resolution on my external monitor.
Yes, I assure you, it is Widescreen. The native resolution is 1280x720.
Anyone have a clue how I can fix this? Running a stretched 4:3 screen ***** HARD. This was my old windows PC monitor and I never had this issue before.Hi,
I've got the same problem. Tried SwitchResX with not much success. I'm using as second screen a Benq w100 projector. When I force resolutions like 854x480 at about 60Hz, the projector won't recognise it, which makes sense since the input is not supported as such from a PC.
I think the clue would be sending a HDTV/HDMI signal through the DVI cable. Has anybody managed to do this with the ATI Radeon X1600 that comes with the MBP?
Gabriel -
Allow external host to relay through Ironport?
What is the "safest" way to allow an external host to relay e-mail through our Ironport? I know it's not "recommended", but I don't have any choice.
I guess I could set up the external IP that's allowed to relay in
Mail Policies --> Hat Overview - Relaylist. But that would allow anyone from that IP to relay, and I don't really feel that it's secure enough.
Is it anyway to "tighten" the security and also require a username/password in combination with coming for the correct IP-address to make it atleast a little bit more safe?Hi Jonas,
The safest way to achieve the required is to configure SMTP Authentication feature on Cisco IronPort Appliance.
SMTP Auth is a mechanism for authenticating clients connected to an SMTP server. You can use this functionality to enable users at your organization to send mail using your mail servers even if they are connecting remotely (e.g. from home or while traveling).
Cisco IronPort supports two methods to authenticate user credentials:
1. You can use an LDAP directory.
2. You can use a different SMTP server (SMTP Auth forwarding and SMTP Auth outgoing).
Once authenticated, the user will be allowed to relay mail through Cisco IronPort Appliance. To find out step by step instructions on configuring this feature, I would recommend you to go through "Configuring AsyncOS for SMTP Authentication" section in the Advanced Configuration Guide of AsyncOS.
Hope this will help.
Regards,
Rehan Latif -
Allow External Server on Cloud to Relay Email
Hi Exchange Server Expert,
I have a query to ask. Currently my company has hosted a web server on the cloud with the public IP address. Since it is a web server, we will need to allow it to relay email via the Microsoft IIS to our exchange server. I have tried before for the internal
server with private ip to relay email on the exchange server by creating a receive connector. however, I never try for the remote server with public ip address. we would like the remote server to relay email to both our internal email (accepted domain in exchange
server) and also external recipients with the external domain.
How am I suppose to perform this task?
Thanks for your attention.
Best Regards,
HenryHi Oliver,
thanks again for your prompt response.
I can't login to the web server as it is managed by vendor that configure the web server and we are only being allowed to access the web server via the public URL. basically, i don't know what is the configuration behind. I was being told that they will
configure the email inside the IIS, which i also don't know how to configure.
I have tried to configure the relay connector inside the exchange before following the same guide by changing the private IP to the web server public ip. i also allowed the permission group to exchange servers and authentication on "externally secured".
however after i inform the vendor to test it, it didn't work at all.
i am not able to test using telnet like what i did when doing relay for my internal server. I can't use telnet to test my web server to check whats wrong with the relay. i would like to test like what the guide do, but it is not allowed me to telnet.
what should i do to troubleshoot? i think that allowing relay of external server is a security breach which is very risky. am i right?
thanks
Regards,
Henry
Hi Henry,
Speak to the vendor that manages the web server for IIS setup and ask 'can I use authentication?' If they come back with a 'yes you can' simply provide them with a user/pass so they can authenticate.
Personally I wouldn't allow a public IP to relay by configuring an Exchange Organisation to allow anonymous relay for a public IP, and would ask that they authenticate.
If they come back with a no - then we can troubleshoot your Exchange configuration.
Oliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010,Exchange 2013, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi -
ITunes, external drive, local drive, and iCloud and Match- help!
I have a 2011 Macbook Air as my primary machine. Given it's small sized hard drive, I don't want any music or media to be on the local machine (if possible. So, I've done a few things over the years:
(1) I have, inside iTunes, the default media location set to be a folder on my external thunderbolt drive.
(2) I have iCloud support for iTunes turned on
(3) I have iTunes Match turned on
My iTunes library is split 70/30 between music and movies/TV shows. My household has iPhones and iPads and I need all this content available to all the devices.
Ok, given the above factors, things seem to work pretty well. The iTunes folder on my external hard drive is about 145 gigs (about right I would think). But as it turns out, I have a iTunes folder on my local drive as well, in the "Music" folder per the Favorites section in Finder. This iTunes folder is roughly 36 gigs, so barely 1/5th the size of the folder on the external drive.
So, I backed up the local iTunes folder (onto the external drive), and then deleted it off my local machine. iTunes started, and it played music and movies, but a few songs (picked at random) could not be found, and iTunes would try to communicate with Apple for iTunes match, but this process would stall...and the app would eventually crash (within 10 minutes of starting...even when music was playing). It didn't completely close, but it became unresponsive. Moving the smaller iTunes folder back to its original place on the local drive seems to have fixed this issue.
Ultimately I'd like to clean off the local drive, use the external drive for whatever "local" storage I need for iTunes, and rely on iCloud and Match to provide the content to the mobile devices.
Can anyone assist?The first thing you need to do is properly move the iTunes media off the internal HDD of the MBA to the external HDD. This KB article will help you with that: http://support.apple.com/kb/ht1449
To use iTunes Match exclusively for streaming music the best practice is to create a new iTunes library and enable iTM on that library. This has the advantage of leaving the original library untouched. To create a new library quit iTunes, then launch it while holding down the Option key. Choose "new library" in the dialog. Do not have iTunes scan for media; then enable iTunes Match on the new library. Once the initial scan is done you will be able to stream the music.
You will need to have a backup scheme in place for when you add new music to the library as well. -
Azure VNet, How to allow external VLans to connect to existing VNet.
i have an existing VNet setup as follows:
Static Routing
Site - Site
Connected to Local Network.
i want to establish a connection from another external VLAN network to my existing VNET above. How can i achieve this? basically multiple external sites to 1 VNet.
the amount of documentation available seems more confusing than informative.
thank-youHello, you have to set up a multi site VPN, you'll find the Technet documentation below :
https://msdn.microsoft.com/en-us/library/azure/dn690124.aspx -
Allow external editor file name template to be customized
Currently, only a global name can be set. I'd like to have the ability to set a global name that can be overriden in the settings for particular external editors. For example, if I use the Nik SilverEfexPro plugin as one external editor, it may be useful to specify the external file to be named something like
<filename>-SilverEfexPro.jpg
DilipNo, there's still no way to rename Masters short of exporting them with the version name and re-importing.
The only way 'Save As' is going to work from an external editor is if you use exactly the same file name - that is the only file Aperture has sent out and it's the only file that Aperture is expecting back.
Saving with a different file name is functionally the same as copying a new file into the Library using the Finder - Aperture has no way to expect it. You'd have to save to somewhere outside the Library and then import it as a new Master, maybe setting up a hot folder in Automator for automatic importing.
Ian
Maybe you are looking for
-
Data Collection to Word Report array indexing
Hi guys, Just need a bit of help deciding if I am measuring what i'm supposed to be. I'm trying to write the code for an automated collection of results, before i get the equipment to do it. Basically, I will have 3 voltages going into analog inputs
-
Alarm not working (5.0.1)
On my 4S, since the 5.0.1 update, if I am listening to sounds in Ambience (3.3.3) when a scheduled alarm occurs then no sound is played. Not only does the alarm sound not play but the audio from Ambience also stops. This occurs 100% of the time that
-
ADF Drag and drop event inside the single af:treetable
Hi Experts, I have a af:treeTable in my ADF web project and i would like to implement the drag and drop event to the same tree table for supporting my sample test project use case. Currently i am facing some issue to get the source tree node and the
-
Earphones Volume Control, Mic
My earphones that came with the iphone are not working properly. The volume control buttons, the middle switch, nor the mic are working. The only function that seems to work is that you can still hear the earbuds. Any suggestions; think Apple will
-
I was cleaning up the programs on my hard drive and removed Photoshop Elements 9 and 10. I used Revo Uninstaller Pro to remove all the left over files and registry entries. Revo also removed parts of my version 12. I re-downloaded the demo version ag