ASA for beginner

Similar Messages

• IP Phone SSL VPN to ASA for multiple CUCM (CallManager)

  hi all,
  I have a case to support multiple CallManager clusters in different locations for internet SSL VPN IP Phone. We will deploy one ASA firewall for SSL VPN IP Phone connections. So, can we use single ASA firewall for mulitple CUCM clusters?? In order words, Internet IP Phone will connect to different CUCM via a single ASA firewall (by using SSL VPN).
  I tested I need to upload the ASA's certificate into CUCM and upload CUCM's certificate into ASA for one ASA to one CUCM. If I create multiple profile (e.g. different URL for phone logins) for different CUCM. Is it possible to do that?
  thanks for your input!
  Samuel

  Samuel,
  Did you ever find an answer to your question? I have a similar scenario.
  Any input would be appreciated.

• Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

  OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
  What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 
  Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
  When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
  Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
  The ASA is connected to a checkpoint sub interface
  Any help would be beneficial as im new to cisco ASAs 
  Thanks
  Mark

  Mark
  If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
  HTH
  Rick

• CISCO NAC deployment with ASA for internal servers (DMZ)

  We have deployed cisco ASA for our clients access to DMZ servers few months ago. Now we want to integrate cisco NAC solution without removing ASA
  from infrastructure. What will be the best deployment mode of cisco NAC so that clients can also pass through cisco ASA access list also for filtering before reaching to dmz servers.
  what gateway clients will use. Plz help.
  Should i use Virtual Gateway or Real Gateway for NAC. Client should first come to NAC(CAS) and then through ASA to reach DMZ servers.

  Hello,
  This should work. Please review the attached PDF for more clarity on this topic: https://supportforums.cisco.com/docs/DOC-9102
  HTH,
  Faisal

• Best Manual For Illustrator CS2 For Beginner

  Best Manual For Illustrator CS2 For Beginner
  Hello,
  Can someone please give me suggestions on a good and simple
  beginners manual for Illustrator CS2?
  Thanks,
  Diane

  Error: "Activation Server Unavailable" | CS2, Acrobat 7, Audition 3

• Oracle 9i book for beginner?

  Hi,
  I have about 5 years experience in developing database applications with Microsoft programming tools and SQL Server.
  I want to start working with Oracle 9i.
  Is there any recommended book on Oracle 9i for beginner?
  Thanks in advanced,
  Asaf
  [email protected]

  Hi Asaf,
  There is a huge collection of books on OTN on Oracle technologies at [url http://tahiti.oracle.com/]this link. Have a look at it. You can even check the online SQL documentation at [url http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/toc.htm]this link.
  Regards,
  Anupama
  [url http://otn.oracle.com/sample_code/]OTN Sample Code

• What ru the concepts to cover for beginner in sap abap

  Hi fr , This is kumar , what ru the concepts to cover for beginner in sap abap

  Hi Kumar,
  SAP has a certification program for ABAP, according to which following courses are supposed to be covered. If you will try to cover this course, you will be at a level where you can independently program.
  <i><b>1. SAP Technologies
  -> SAP systems
  -> Technical structure of SAP WAS
  2. ABAP Workbench Basics
  3. Advanced ABAP
  4. ABAP Objects
  5. ABAP Dictionary
  6. List creation techniques(including Object oriented ALV)
  7. Dialog Programming
  8. Database Changes
  9. Enhancements and Modifications
  -> Changes to standard SAP system
  -> Personalization
  -> Enhancements to ABAP Dictionary elements
  -> Enhancements via customer exits
  -> Business transaction events
  -> BADI
  -> Modifications</b></i>
  Following are some links which will help you to cover above points.
  http://www.sap-img.com/F
  http://www.sappoint.com/abap.html
  http://www.sts.tu-harburg.de/teaching/sap_r3/ABAP4/ranges.htm
  http://www.sapdevelopment.co.uk/programs/programsalv.htm
  http://www.geocities.com/victorav15/sapr3/abapfun.html
  http://abap4.tripod.com/SAP_Functions.html
  http://sapr3.tripod.com/abap011.htm
  http://abap4.tripod.com/Other_Useful_Tips.html
  http://www.sap-img.com/abap/how-to-change-the-development-class.htm
  Hope this helps you.
  PS If the answer solves your query, plz close the thread by rewarding points to each reply.
  Regards

• I need forum for beginner learner in inventory purchase and SCM modules

  I need forum for beginner learner in inventory purchase and SCM modules

  Saging,
  Hmmm.  It seems a bit odd to be creating a 'forecasting-of-material-procurement' tool, when SAP has so many already built in, either within ERP or within APO.  Oh well, I am sure there must be a good reason.
  I have seen from our systems that most loads come from APO going to BI. Is it always that way?
  BI type data can come from any source.  The most common BI solutions I have seen is where BI data are extracted from the main ERP.  However, the beauty of BI is that it doesn't care, SAP builds in functionality to get data from anywhere.
  Are data from ECC considered as well?
  They can be if you design it so.
  You should be aware that most data existing in ERP that are relevant for material planning also usually exist in APO.  The Core Interface between ERP and APO is normally set up to natively replicate substantial quantities of Master data and also transactional data.  It may be that in your business environment, you really don't need to connect to anything other than APO.  However, this is not a limitation of BI, it is just smart programming to try to minimize the number of sources of your data.
  Best Regards,
  DB49

• Apple iOS Developer Library for beginner?

  Is Apple iOS Developer Library has the best resources for beginner with no programming knowledge to start with?

  See these...
  iOS Human Interface Guidelines
  iOS Starting Point
  App Development Overview
  ...also...
  Stanford CS193P iOS 5: iTunes U  |  Assignments 
  Stanford CS193P iOS 4: iTunes U  |  Assignments
  ...and...
  iPhone Developer Beginner Resource Guide

• Please recommand good OVM tutorial for Beginner?

  Is there any good OVM tutorial for beginner. Please recommend.
  I's like to understand the basic concepts and be able to start use OVM.
  Thanks

  http://itnewscast.com/underground-oracle-vm-manual

• What is the best developer studio for beginner?

  I am student at computer science. I want to learn mobile technologies . I heard too many studio name .Which is the best for beginner and where I can downlaod it . Thank you so much.

  netBeans 4.1 + Mobility Pack from http://www.netbeans.info/downloads/download.php?type=4.1. You'll get all you need for both J2ME and J2SE development.
  Peter

• Need avice..for beginner with FCP

  I captured all my footage, however when wanted to start editing it asked me to render first which I did. But after I wanted to play my footage in the canvas it told me that some clips were dropped. I reset my canvas on "Full Window" and I was able to see my image on the canvas however the picture was very small - half size of the canvas which makes it really hard to see.
  When I zoom in the picture it either has a terrible quality or it does not work at all and I can only hear the audio.
  Any ideas what I did wrong on settings? Did I maybe made a mistake in shooting the footage wrong?
  Please help..since i'm a beginner (first time my own FCP studio at home) and I don't have much of an idea how to avoid dropped frames and setting my system.
  Thanks!!

  Welcome to the world of FCP.
  First and foremost, you'll find it to be very helpful to use the search feature of this forum for basic question. There's a wealth of knowledge available by doing a simple search.
  For example, a common problem people often encounter when first learning FCP is the need to render clips when they place them in a Sequence. That question gets asked several times a week - so the answer you seek is already here. But to save a bit of time, I'll tell you the most common reason; you're clip's setting do not match your FCP Sequence settings. Anytime that happens, you'll need to render. It would be best to either convert your clip to match the Sequence settings or to create a new Sequence with the setting that will match you clips.
  But after I wanted to play my footage in the canvas it told me that some clips were dropped<<</div>
  Are you certain it didn't say "dropped frames" instead of "dropped clips"?
  When I zoom in the picture it either has a terrible quality or it does not work at all and I can only hear the audio<<</div>
  You cannot upscale video without pixelization and degradation that way. Keep the Canvas an Viewer windows at "Fit to Window" or smaller for proper playback.
  I don't have much of an idea how to avoid dropped frames and setting my system<<</div>
  See this post from earlier today: http://discussions.apple.com/thread.jspa?threadID=893958&tstart=0 Just another example of how searching can help you.
  -DH

• Tcp Connection timeout on ASA for vpn traffic

  Hello All
  I need an answer please.
  I wanted to give tcp conenction timeout as unlimited for some IPs coming through VPN.
  So, I created an access-list defining the traffic for which I want this tcp timeout.
  Then a class map, policy map, entered set timeout to '0'
  Applied it under default service-policy, which is applied as global (by default).
  My doubt is should I apply the service policy on the interface or the global will work.
  Just a silly doubt
  Thanks in advance.

  Hi,
  I think it should work just fine if you attach it to the default "policy-map" configuration that you have attached globally on the ASA.
  You might want to configure the timeout value as something long rather than setting it as unlimited.
  - Jouni

• Exceptions in function module.... for beginner......

  Dear all experts,
  I am new to ABAP. 
  Can anybody please tell, how to use the exceptions in function module ?
  and if any exception happens, then how to link some messages to that exceptions?
  I will also like to know, how to create those messages ?
  <b>Can anybody please illustrate with help of example, so that a beginner will be able to understand. ?</b>
  <b>eg,</b> i am adding two numbers in function module, and if any one passing number is negative, then i need to raise exception with message please do not enter -ve numbers for addition.
  your help will be surely, rewarded with points.
  waiting for reply.
  Regards & Thanks
  Vinay.

  hi..
  Raising Exceptions
  There are two ABAP statements for raising exceptions. They can only be used in function modules:
  RAISE <except>.
  and
  MESSAGE..... RAISING <except>.
  The effect of these statements depends on whether the calling program handles the exception or not. If the name <except> of the exception or OTHERS occurs in the EXCEPTIONS addition of the CALL FUNCTION statement, the exception is handled by the calling program.
  If the calling program does not handle the exception
  The RAISE statement terminates the program and switches to debugging mode.
  The MESSAGE ..... RAISING statement display the specified message. How the processing continues depends on the message type.
  If the calling program handles the exception, both statements return control to the program. No values are transferred. The MESSAGE ..... RAISING statement does not display a message. Instead, it fills the system fields SY-MSGID, SY-MSGTY, SY-MSGNO, and SY-MSGV1 to SY-MSGV4.
  Source Code of READ_SPFLI_INTO_TABLE
  The entire source code of READ_SPFLI_INTO_TABLE looks like this:
  FUNCTION READ_SPFLI_INTO_TABLE.
  ""Local interface:
  *"       IMPORTING
  *"             VALUE(ID) LIKE  SPFLI-CARRID DEFAULT 'LH '
  *"       EXPORTING
  *"             VALUE(ITAB) TYPE  SPFLI_TAB
  *"       EXCEPTIONS
  *"              NOT_FOUND
    SELECT * FROM SPFLI INTO TABLE ITAB WHERE CARRID = ID.
    IF SY-SUBRC NE 0.
      MESSAGE E007(AT) RAISING NOT_FOUND.
    ENDIF.
  ENDFUNCTION.
  The function module reads all of the data from the database table SPFLI where the key field CARRID is equal to the import parameter ID and places the entries that it finds into the internal table SPFLI_TAB. If it cannot find any entries, the exception NOT_FOUND is triggered using MESSAGE...RAISING. Otherwise, the table is passed to the caller as an exporting parameter.
  Also check these links
  http://help.sap.com/search/highlightContent.jsp
  http://help.sap.com/search/highlightContent.jsp
  http://help.sap.com/search/highlightContent.jsp
  regards,
  veeresh

• 2 ASA for VPN tunnel hub and Dual tunnel to both from cisco1800

  I am struggling with configuring Cisco1841 to have dual or back up tunnel to two seperate ASA's on our corporate network. There is alot of great doco on DMVPN with routers as hub but is DMVPN the best way to configure this router and the others to fallow. I have no issues creating single normal tunnel to either ASA when I try to get tunnel to each I have issues.
  Last attemtp of DMVPN config on 1841
  crypto keyring Test
  pre-shared-key address #.#.#.# key Test!
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp profile L2L
  description LAN-to-LAN for spoke router(s) connection
  keyring Test
  match identity address #.#.#.# 255.255.255.255
  crypto ipsec transform-set ESP-3DES esp-3des esp-md5-hmac
  crypto dynamic-map dynmap 10
  set security-association lifetime seconds 28800
  set transform-set ESP-3DES
  set pfs group2
  set isakmp-profile L2L
  match address VPN-ACCESS-LIST-100
  crypto map mymap 10 ipsec-isakmp dynamic dynmap

  I got both tunnels working but I would like to be able to control routing better. Is there a good way to have all routing go over a single tunnel in case of a failure. With the below config I can get all 10.160.0.0 and 10.40.0.0 routing over the one tunnel and 10.41.0.0 over the other tunnel but if I similate a tunnel outage I can't get traffic to go to other tunnel I have added a 10.0.0.0 to each access list then both tunnels don't work. I think I have to do the access-list differently. The only way I know how to add routing is if I do tunnel interfaces and I have only done that with router to router tunnels. Is there a way to do that on a Router to ASA configuration?
  crypto keyring VGC_PTC
  pre-shared-key address ##.##.##.15 key VGC@Test_1
  crypto keyring VGC_Tulsa
  pre-shared-key address ##.##.##.25 key VGC$Test_2
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp profile L2L_Dallas
  description LAN-To-LAN for PTC Connection
  keyring VGC_PTC
  match identity address ##.##.##.15 255.255.255.255
  crypto isakmp profile L2L_Tulsa
  description LAN-To-LAN for Tulsa Connection
  keyring VGC_Tulsa
  match identity address ##.##.##.25 255.255.255.255
  crypto ipsec transform-set ESP-3DES esp-3des esp-md5-hmac
  crypto dynamic-map dynmap 10
  set security-association lifetime seconds 28800
  set transform-set ESP-3DES
  set isakmp-profile L2L_Dallas
  match address VPN-ACCESS-LIST-100
  crypto dynamic-map dynmap 20
  set security-association lifetime seconds 28800
  set transform-set ESP-3DES
  set isakmp-profile L2L_Tulsa
  match address VPN-ACCESS-LIST-200
  crypto map mymap 10 ipsec-isakmp dynamic dynmap
  ip access-list extended VPN-ACCESS-LIST-100
  permit ip 10.207.126.0 0.0.0.255 10.160.0.0 0.0.255.255
  permit ip 10.207.126.0 0.0.0.255 10.40.0.0 0.0.255.255
  ip access-list extended VPN-ACCESS-LIST-200
  permit ip 10.207.126.0 0.0.0.255 10.41.0.0 0.0.255.255