[ASA5520] Configuration authentication depends on source ip

Similar Messages

• Configuring of a new source system in BW

  Hi Experts
  We have to set up a BW system,  which will have 2 source systems( ECC)  clients 550 and 590 of the same ECC ( ECC QUALITY). One client is already there and we have to configure another client of source system with the sane BW Client 350. I understand that the dataflow is partly different (e.g transfer rules and datasources are source system dependent). My question are
  1.     How we can configure a Source System on BW.
  2.     What changes if any I have to make in the existing system (BW)
  3.     What will happens to the Existing Data-sources ( Do I have to replicate each and every data-source of the existing ECC clients to New ECC client.)
  4.     Do I have to create New transfer and update rule for the new client
  Any other point Pl. advice.
  Thanks in advance.
  Dinesh Sharma

  You can more than one source system to onw BW client.
  You have to use source system compounding to differentiate between characterstics values if you are loading to the same object. Otherwise you need to use separate characterstics for ex : Yxxxx object for one source system and Zxxxx object for another.
  Also the dataload timing should be setup properly. Otherwise it may leads to object locks.

• Configuring Doc Path (and Source Path) for default JDeveloper library

  hi
  Sometimes a default JDeveloper library as no Doc Path (or Source Path) configured.
  Adding a project library with only a Doc Path (or/and Source Path) configured (so no Class Path) can make the relevant API documentation more easily available in JDeveloper,
  see http://www.consideringred.com/files/oracle/img/2011/library-doc-path-20110529.png
  - (q1) Why has the "WebLogic 10.3 Remote-Client" library no Doc Path configured by default?
  - (q2) Are somehow/somewhere source files available (maybe only of "API related"/non-implementation classes) for the "WebLogic 10.3 Remote-Client" library, so these can be configured in a library Source Path, to make the API documentation even more easily accessible in JDeveloper?
  many thanks
  Jan Vervecken

  Thanks for your reply John.
  John Stegeman wrote:
  ... At least some of the classes' javadocs are [url http://download.oracle.com/docs/cd/E21764_01/apirefs.1111/e13941/toc.htm]here ...
  As I write in my initial post, I am able to add a project library with only a Doc Path configured (as shown in library-doc-path-20110529.png),
  to "Oracle Fusion Middleware Oracle WebLogic Server MBean Javadoc 11g Release 1 (10.3.5) Part Number E13945-05 "
  at http://download.oracle.com/docs/cd/E21764_01/apirefs.1111/e13945/
  So, questions (q1) about a default Doc Path configuration and question (q2) about source files (similar to ADF) remain.
  regards
  Jan

• AS2 Sender configuration - Authentication Certificate

  Hello guys,
  We're implementing EDI with a partner with AS2. We have AS2 sender adapter configured. Everything works fine (we're able to receive data from partner and send back MDN) without signing.
  Now we're working on getting data signed. We have uploaded partner cert to keystore (TrustedCAs) and have provided partner with our certificate as well.
  On Sender agreement--> Security Settings --> AS2 Sender Configuration --> Authentication Certificate how do we specify the certificate we're using. Should it be just the fullname like TrustedCAs/PartnerCert ?
  Also How should we specify the Decryption Key and Signing Key under AS2 Receiver Configuration?
  I was expecting to be able to choose from available keystores, but it is a free text field.
  Can anybody please help me on this?
  Thanks
  Karthik

  Hi Karthik,
  >>On Sender agreement--> Security Settings --> AS2 Sender Configuration --> Authentication Certificate how do we specify the certificate we're using. Should it be just the fullname like TrustedCAs/PartnerCert ?
  You need to mention the fullname  as TrstedCAs/PartnerCert.
  >>Also How should we specify the Decryption Key and Signing Key under AS2 Receiver Configuration?
  Yes you need to since you are using signed messages here..
  Regards
  Suraj

• Configurational settings for data source in BI server

  Hi Sdns,
  Where can we make  configurational settings for data source in BI server.
  Advance thanks to replies.
  karun

  Go to T-code RSA13.
  Search you desired BI system.
  Right click on it and Display Data Source Tree.
  There you can see all your datasource with BI as source system.
  You can do the same for other source systems.
  Double click on the datasource to see the fields and configuration.

• MULTISIM need help with placing current dependent current source?

  [IMG]http://i56.tinypic.com/ei7a0n.png[/IMG]
  as you can see it is a current dependent current source and has value 2*I(x). i have placed it in a circuit in multisim but i have a feeling i'm doing it wrong:
  [IMG]http://i54.tinypic.com/2ppezj5.png[/IMG]
  and don't worry about the 25-amp resistor at the right it was the load resistor we had to place.

  Hello,
  Well from the first circuit you have there, you are looking for the current source to output 2x curret passing between the 10ohm resistor and the 19v source. So you need to connect that line to the current controller (the square thing attached to the current source), basically running a wire from the voltage source to one end of the controller, then running the other end of the controller to the 10ohm resistor (deleting the connection between the resistor and the source so that they only connect through the controler).
  Cheers,
  Miguel V
  National Instruments

• Configure Authentication-Type = PEAP on RV 120W

  I am configuring Cisco RV 120W Wireless and want to setup WPA2 Enterprise with PEAP. However, I can't figure out where to setup PEAP. Can someone help?                  

  similar post  over here,
  https://supportforums.cisco.com/discussion/11973441/how-configure-authentication-type-peap-cisco-rv-120w

• Is there a dependency between source system patch level (IS-U) and BW 7.3

  Hello everybody,
  we think about upgrading our BW. Now there is the question if there is any dependency between source system patch level (IS-U) and BW 7.3.
  Perhaps someone knows a note. I don't find anything.
  Thanks

  Hello Ingo,
  we have also a Problem with the SSO between BOE Server and our BW Portal. Our Systems are in different Domains and we make all settings in BW as described in the SAP Documentation "http://help.sap.com/saphelp_nw04/helpdata/en/a0/88a340fa432b54e10000000a1550b0/frameset.htm"
  but now we didn´t know what we have to to on BOE side to install the SAPSSOEXT and to get the corret UME Proberties that we have to put into BW.
  Can you help us please on that issue? We can´t find any BOE Documentation for that and we working on that issue now for more then 5 weeks.
  Thank you/Kind Regards
  Evelyn

• Please help me configure authentic connection with Caller ID via ISDN 30B+D using Cisco ACS

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Hi all
  I have set up a dial up connection between to PC's at remote site and center. It using ISDN 30B+D which is configured on Router 3845. Currently I have configured authentic connection with username and password using Cisco ACS. To enhance the security configuration I want to authenticate both the phone number which dialup with Cisco ACS. And currently I have not done this. Please help me solve this problem.
  Thanks so much
  Longn

  1) I deleted bridge-utils, netcfg
  2) I edited /etc/hostapd/hostapd.conf:
  interface=wlan0
  #bridge=br0
  edited /etc/dnsmasq.conf:
  interface=wlan0
  dhcp-range=192.168.0.2,192.168.0.255,255.255.255.0,24h
  and edited /etc/rc.local:
  ifconfig wlan0 192.168.0.1 netmask 255.255.255.0
  ifconfig wlan0 up
  3) I added in autostart these daemons: hostapd, dnsmasq and iptables.
  Profit!

• Apple TV 2 Home Sharing depends on Source Device?

  So I've been running into an issue with Home Sharing on my Apple TV 2.  This is present on both the 4.2.2 and 4.3.2 firmware. (I own 2 Apple TV 2's. One vanilla and one running FireCore aTV Flash Black)
  When attempting to play back video content from my Mac Mini (C2D, 2GB RAM, 2.0Ghz, Mid 2007) I was unable to load any HD content, and SD content was also pretty miserable. I recently discovered this when trying to play Dexter Season 5 HD from my Mac Mini to my Apple TV 2.  Both devices on wi-fi initially.
  I tried this both from wired and wireless configurations, I tried switching my Airport Extreme to 5Ghz only, (which my Mac Mini lacks "n"), and no combination of configurations seemed to resolve the issue.
  Reluctantly, I decided to try importing the TV Shows to my Macbook Pro (13", 8GB RAM, 2.4Ghz, Mid-2010). What I found was that everything now worked seamlessly.  I tried this wired, wireless, and even went so far as to hook my MBP up to the same network cable my Mac Mini was using to see if it had anything to do with the gigabit switch it was connected to.  In every scenario Home Sharing to my Apple TV 2 from my Macbook Pro worked as designed.
  So this got me thinking.  Does the ability/quality to AirPlay/Home Share to the Apple TV 2 depend on the source device?  My CPU nor my RAM on the Mac Mini were ever troubled or maxed out by attempting to stream content to my Apple TV 2. This leads me to believe the only component that could be causing the issue is the GPU. My Mac Mini only has the Intel GMA 950 GPU, my MBP has a NVIDIA GeForce 320M 256 MB.
  It makes sense to me that the Apple TV 2 isn't really decoding the video file.  The hardware really isn't there to support decoding video streams. It seems likely to me that the heavy lifting is done by the source device and the transcoded video/audio is simply presented by the ATV2.
  Does anyone actually understand the technical workings of AirPlay/Home Sharing?  Perhaps an iOS developer?
  If this is the case I'm going to have to start looking to upgrade my Mac Mini.  It's about time anyway, but this would be the final tipping point in my upgrade debate.
  P.S.: "Senior" community members who have nothing to contribute should refrain from responding to this thread only to pad their post counts. Legitimate responses only please.

  Ok, I'm glad you've said that, now what documentation do you have to back that up? Where in the Apple documentation/support site can you point to backup your claim? Do you tested any configurations that would support your assumptions?
  I'd assume that the Apple TV 2 does most of the work, but the evidence I have collected does not support that assumption.
  You've just thrown your own response under the bus.  If the video is compressed, and the ATV2 is doing the decompression, you wouldn't need to worry about bandwidth, now would you?
  This is EXACTLY why I don't come to the communities/forums anymore.  Every "know-it-all" thinks they have THE answer, but they are just as clueless as everyone else.  The difference being they are chasing a status, and not the true answer to anyone's actual problem or question.
  If you would like to continue to dig this hole feel free. I'll take the shovel when you are done.
  I've been moderated and banned by this forum before for calling this kind of behaviour out, and I'm sure this will happen yet again.
  Does anyone else have documentation, proof, or some other concrete evidence to support how Home Sharing works from a device to the Apple TV 2?

• ACE ignoring class map depending on source???

  I have a problem with a the load balancing "not working" properly depending on the source.
  The load balancing decision is done with a secondary cookie (?ld=fe1 or ?ld=fe2). If it appears and the value is fe1 the request should go to serverfarm FE1-app. If the value is fe2 then serverfarm FE2-app should be choosen. If it is not present in the http request then serverfarm FE-app in the class-default is taking over.
  This approach works if "surfing" to the VIP from a certain part of the internal network. It does not work from another part of the network. It seems that cookie is ignored and only the class default triggers.
  The strange thing is that the same approach works for another setup that looks identical (with different rservers and different VIP of course). There the class map for the cookie triggers always.
  My question is now: Why does the ACE seem to ignore the class map for the cookie when coming from a certain part of the network? How can I debug/follow a certain connection or load balancing decision?
  Here is the config:
  rserver host FE1-app
    description frontend app
    ip address 192.168.137.69
    inservice
  rserver host FE2-app
    description frontend app
    ip address 192.168.137.74
    inservice
  serverfarm host FE1-app
    rserver FE1-app 80
      inservice
  serverfarm host FE2-app
    rserver FE2-app 80
      inservice
  serverfarm host FE-app
    rserver FE1-app 80
      inservice
    rserver FE2-app 80
      inservice
  class-map type http loadbalance match-all COOKIE-FE1
    2 match http cookie secondary ld cookie-value "fe1"
  class-map type http loadbalance match-all COOKIE-FE2
    2 match http cookie secondary ld cookie-value "fe2"
  class-map match-all VIP-app
    2 match virtual-address 192.168.138.39 tcp eq www
  policy-map type loadbalance first-match VIP-app-loadbalance
    class COOKIE-FE1
      serverfarm FE1-app
    class COOKIE-FE2
      serverfarm FE2-app
    class class-default
      serverfarm FE-app
  policy-map multi-match INT470
    class VIP-app
      loadbalance vip inservice
      loadbalance policy VIP-app-loadbalance
      loadbalance vip icmp-reply
  interface vlan 470
    description lb_rpfedrift
    ip address 192.168.138.36 255.255.255.240
    alias 192.168.138.35 255.255.255.240
    peer ip address 192.168.138.37 255.255.255.240
    service-policy input remote_mgmt_allow_policy
    service-policy input INT470
    no shutdown

  Hi Federico,
  The source of the request has no relation with the way ACE handles the connections, so, there are probably other differences in the traffic.
  The best way to troubleshoot these kind of connections is taking a traffic capture on the TenGigabit interface connecting the ACE with the switch backplane. Once you have it, you can try to look for differences between the working and failing connections.
  From what you describe, I wouldn't be surprised if the issue comes from the fact that there are several HTTP requests inside the same TCP flow (in which case, by default, the ACE will look only at the first one), so I would suggest you to enable "persistence rebalance" for this VIP. For more details, check the link below:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/classlb.html#wp1062907
  I hope this helps
  Daniel

• ACS 5.x with either AD or RSA Authentication depending on user

  I am trying to implement RSA two-factor authentication for our company for access to secure resources.
  Our current setup before we had RSA, due to PCI restrictions, was based on AD group membership but was still extremely restrictive on even our admin users to ensure that no secure resources could be accessed without two-factor authentication.
  I do not want to have to enable RSA tokens for our entire company - but I would like to be able to allow admins the ability to connect from the outside with two-factor authentication and have access to secure resources in an emergency.
  We have less than ten people that require elevated access privileges so my hope is to enable RSA only for those ten users, and leave the rest of the accounts authenticating normally against AD.
  I cannot figure out how to configure this.  With ACS 4.x such a policy would be simple - just create the user on ACS and point to the Identity Store that I want to authenticate against.  Not as easy with 5.x
  I tried creating an rules based selection for Identity policy, making RSA the first one, configuring it to drop if no users is found, and configuring the RSA to treat user rejects as user not found.  This broke VPN completely.
  From what I can tell it seems like ACS really wants me to choose an Identity store based on the NDG - but in this case it will always be our same ASA VPN device.
  Anyone know how to accomplish this?
  I am running 5.4 with the latest patches.

  Hope you're well!
  I am facing some access issue after completed the ACS (5.1) and AD (Windows 2003) integration, details underneath.
  Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
  1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
  2. Enable password is not working (using the same user password configured in MS AD.
  3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
  Switch Tacacs Configuration
  aaa new-model
  aaa authentication login default none
  aaa authentication login ACS group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec ACS group tacacs+ local 
  aaa authorization commands 15 ACS group tacacs+ local 
  aaa accounting exec ACS start-stop group tacacs+
  aaa accounting commands 15 ACS start-stop group tacacs+
  aaa authorization console
  aaa session-id common
  tacacs-server host 10.X.Y.11
  tacacs-server timeout 20
  tacacs-server directed-request
  tacacs-server key gacakey
  line vty 0 4
   session-timeout 5 
   access-class 5 in
   exec-timeout 5 0
   login authentication ACS
   authorization commands 15 ACS
   authorization exec ACS
   accounting commands 15 ACS
   accounting exec ACS
   logging synchronous
  This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
  Regards,

• How to generate an XML Configuration File for EBS Source Type

  Hi,
  We have installed SES, I want to integrate it to enable for searching repository contracts.
  In the sources I have selected oracle.apps.okc.repository.textsearch.server.RepHeaderSearchExpVO.
  For this source I need to specify the Configuration URL.
  Here I need to provide the path for configuration XML file. But before that I need to generate the XML Configuration file.
  Is there any steps on how we can create this XML file.
  like I would want to know how we can create the XML file and on which folder on the server should I be putting it
  Thanks

  Hi there,
  We are running into same issue and need the exact same information. Can someone help with this question on priority?
  Thanks,
  Darshan

• Error during Configuration of Active Directory Source

  While attempting to save the configuration for my Active Directory Source I am receiving the following error messages thus preventing me from being able to save it.
  [Error] The configuration is invalid. A configuration must have at least one Synchronization User List.
  [Error] You have defined an Active Directory Source that is not included in any Synchronization User List.
  [Error] The configuration is invalid. A configuration must have at least one Sun Java(TM) System Directory Source.

  Did you follow the steps to adding the Sources?
  And after adding the sources did you create the SUL?
  Try just saving the default settings that allow for the password synchronization. Don't add the acount creations and see if that helps.
  Hope I could help, I got stuck there too when I tried it the first time.
  Bobby

• Different G/L a/c depending upon source country

  Dear All
  When i procure the same material from different country, i expect the system to post to different GL a/c depending upon the country. How to configure this in SAP?
  Kindly share your experiance..
  Thanks and Regards

  Hi
  Try using split valuation - creating country as valuation type. Create a valuation category and assign it to material. When there is procurement for material then specify valution type in purchase order. You can see GL account wise procurement (from that country). Check split valution customization in the forum.
  Thanks