Chain authorization
hi all,
i have a problem with authorization. I have to create an authorization for one specific chain and I cant find the authorization object for chains (like S_RS_ICUBE for infocubes)
thanks for reply
pacho
thanks,
I know it, but I need authorization object for chains, when I grant transaction rspc (chains) to the user, the user can run all chains in rscp. I want to restrict this access only for one chain. And I cant find authorization object for restriction of chains
thanks
pacho
Similar Messages
-
Monitoring process chains: authorizations
Hi,
We have an issue about monitoring of BW process chains.
We have a support desk in our IT department doing first-level support on basically all our it systems.
The support desk have only limited SAP knowledge (they can do simple things like unlocking users, etc.).
Currently our BW developers are also responsible of day-to-day monitoring of BW process chains.
We would like to move this task to the support desk.
The support desk will be responsible of identifying problems and maybe doing simple corrective actions (restarting a process chain?).
In case of "real" problems the support desk will hand over the issue to our BW developers.
We have tried to create a role giving access to transaction rspcm for the support desk.
But we have not been able to restrict the authorizations.
From rspcm it is possible to go into process chain maintenance, and we would like to make sure that no one makes changes to the process chains by accident.
We would like to have a role giving "display only" access to monitoring process chains.
Anyone with experience in doing this?
/CasperHi Vijay,
We have tried adding only the transaction RSPCM (object S_TCODE) and the object S_RS_ADMWB as suggested by you.
The problem is that when "clicking" on a process chain in transaction RSPCM authorizations for transaction RSPC is required.
We have then added transaction RSPC to object S_TCODE.
When displaying the process chain, the user is not able to maintain info packages (this must be controlled by S_RS_ADMWB?).
But the user are still able to maintain the other process types (attribute change run as an example) ???
Are we missing another auth.object?
Best regards,
Casper -
Authorizations setting for running the process chain
Hai
Iam planning to run the process chain for loading the data into ODS. But i dont have authorization for it.
so what are the authorizations i need to run the process chain in my system. And how can i set all those authorizations to my user-id. I have all authorization rights .
Pls let me knw
kumarHi,
Authorizations for Process Chains
Use
You use authorization checks in process chain maintenance to lock the process chain, and the processes of the chain, against actions by unauthorized users.
· You control whether a user is allowed to perform specific activities.
· You control whether a user is allowed to schedule the processes in a chain.
The authorization check for the processes in a chain runs when the system performs the check. This takes place upon scheduling or during synchronous execution. The check is performed in display mode. The check is performed for each user that schedules the chain; it is not performed for the user who executes the chain. The user who executes the chain is usually the BI background user. The BI background user automatically has the required authorizations for executing all BI process types. In attribute maintenance for the process chain, you can determine the user who is to execute the process chain.
See also: Display/Maintenance of Process Chain Attributes ® Execution User.
Features
For the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
To work with process chains, you require authorization for authorization object S_RS_PC. You use this authorization object to determine whether process chains can be displayed, changed or executed, and whether logs can be deleted. You can use the name of the process chain as the basis for the restriction, or restrict authorizations to chains using the application components to which they are assigned.
Display/Maintain Process Chain Attributes
Use
You can display technical attributes, display or create documentation for a process chain, and determine the response of process chains during execution.
Features
You can display or maintain the following attributes for a process chain:
Process Chain ® Attribute ® ...
Information
Description
( Rename)
You can change the name of the process chain.
Display Components
Display components are the evaluation criterion in the process chain maintenance. Assigning the process chains to display components makes it easier to access the chain you want.
To create a new display component, choose Assign Display Components in the input help window and assign a technical name and description for the display component in the Display Grouping dialog box that appears.
Documents
You can create and display documents for a process chain.
For more information, see Documents.
Last Changed By
Displays the technical attributes of the process chain:
· When it was last changed and who by
· When it was last activated and who by
· Object directory entry
Evaluation of Process Status
If you set this indicator, all the incorrect processes in this chain and in the overall status of the run are evaluated as successful; if you have scheduled a successor process upon error or always.
The indicator is relevant when using metachains: Errors in the processes of the subchains can be evaluated as unimportant for the metachain run. The subchain is evaluated as successful, despite errors in such processes of the subchain. If, in the metachain, the successor of the subchain is scheduled upon success, the metachain run continues despite errors in unimportant processes of the subchain.
Mailing and alerting are not affected by this indicator and are still triggered for incorrect processes if they have an upon error successor.
Polling Indicator
With this indicator you can control the response of the main process for distributed processes. Distributed processes, such as the load process, are characterized as having different work processes involved in specific tasks.
With the polling indicator you determine whether the main process needs to be kept until the actual process has ended.
By selecting the indicator:
- A high level of process security is guaranteed, and
- External scheduling tools can be provided with the status of the distributed processes.
However, the system uses more resources; and a background process is required.
Monitoring
With the indicator in the dialog box Remove Chain from Automatic Monitoring?, you can specify that a process chain be removed from the automatic monitoring using CCMS.
By default CCMS switches on the automatic process chain monitoring.
For more information about the CCMS context Process Chains, see the section BW Monitor in CCMS.
Alerting
You can send alerts using alert management when errors occur in a process chain.
For more information, see Send Alerts for Process Chains.
Background Server
You can specify here on which server or server group all of the jobs of a chain are scheduled. If you do not make an entry, the background management distributes the jobs between the available servers.
Processing Client
If you use process chains in a client-dependent application, you can determine here in which client the chain is to be used. You can only display, edit, schedule or execute the chain in this client.
If you do not maintain this attribute, you can display, edit, schedule or execute the process chain in all clients.
Process variants of type General Services that are contained in a process chain with this attribute set will only be displayed in the specified client.
This attribute is transported. You can change it by specifying an import client during import. You must create a destination to the client set here in the target system for the import post processing (transaction RSTPRFC) The chain is activated after import and scheduled, if necessary, in this client.
Execution User
In the standard setting a BI background user executes the process chain (BWREMOTE).
You can change the default setting so that you can see the user that executes the process chain and therefore the processes, in the Job Overview. You can select the current dialog user who schedules the process chain job, or specify a different user.
The setting is transported.
The BI background user has all the necessary authorizations to execute all BI process types. Other users must assign themselves these authorizations so that authorization errors do not occur during processing.
Job Priority
You use this attribute to set the job priority for all of the jobs in a process chain.
Hareesh -
Authorization issues in executing the chain
Hi Techies,
When im triying to execute the chain, the chain allows me to do so and went well but all the jobs corresponding it were running under my ID. Later I tried to schedule the chain on ALEREMOTE, but it throws error saying ALEREMOTE do not have authorization to execute the infosources as it hits its first infosource.
We made the Trace On and tried to find any unauthorized hits in it, but the trace went well wthout any error.
Need to confirm:
1. ALEREMOTE was assigned with CPIC User role, does this effects?
2. In BW Global Settings, for the field BW suer ALE entry have ALEREMOTE, where earlier it was not there. After making this entry, the chain does not even allow to trigger on my ID and on ALEREMOTE.
3. If this entry effects, whats the significance of this field.
Regards,
Subhash.Hi Subhash,
for the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
To work with process chains, you require authorization for authorization object S_RS_PC. You use this authorization object to determine whether process chains can be displayed, changed or executed, and whether logs can be deleted. You can use the name of the process chain as the basis for the restriction, or restrict authorizations to chains using the application components to which they are assigned.
http://help.sap.com/saphelp_nw70/helpdata/en/35/c7e442e3c15704e10000000a155106/frameset.htm
The BI background user has all the required authorizations to execute all BI process types. Other users have to assign themselves these authorizations so that authorization errors do not occur during processing.
http://help.sap.com/saphelp_nw70/helpdata/en/d3/53e03b8235953ee10000000a114084/frameset.htm
Hope this helps.
Regards
Andreas -
Authorizations and Process Chains
Hi All,
Can any one help me in learning Authorizations and Process Chains. Could you please send me some real time documents on the following.
1. How would we get the requirements from the client to create Authorizations? What info will they give us basically to create them?
2. The same with Process Chains.
Could someone plese send me the requirements documents(on authorizations and process chains) they get from the client to know it from a real time perspective.
My email ID: <b>[email protected]</b>
Many thanx in Advance...
Best Regards,
Nimma.Hi A.M.S,
Thanx for ur reply.
However, I am looking for some real time specifications which we get from client just to know how the requirements will come to us and then the steps to be followed and so on...
I would be grateful if you could send me some of them.
Best Regards,
Nimma. -
INTERRUPT process types authorization in process chain
Hi all ,
I include INTERRUPT step in one of my process chains but I'm not able to change it on live system because of unsufficient authorization . We have sufficient authorization just for START variant on process chains on production system however we also need to have schedule authorization for INTERRUPT process since I need to schedule it several times in live system. Does anyone know about the process to gather required authorization
Thanks in advance ....
-
Authorization objects for Process chain and Data source in BW 3.x
Hi,
Can any one tell me the authorization objects regaring process chain and Data source in BW 3.x versions. I guess we have auth objects for both of them in BW 3.5 that is S_RS_PC AND S_RS_DS .
Can any one help me solving this issue
Thanks
BharatHi bharat
I dont thin these objects are part of 3.0
check from SU03 weather these objects are present in 3.o box
In 7.0 they exist:
http://help.sap.com/saphelp_bw33/helpdata/en/8b/134c3b5710486be10000000a11402f/frameset.htm
TO see weather these objects exist:
Go to Tools -> Administration ->User maintenance ->Information System -> Authorization objects -> Authorization objects by Complex Selection Criteria -> By Object Class. For the object class, enter either RS (for Business Information Warehouse objects)
OR
S_BCE_68001413 (Tcode for this rep)
Thanks,
Raj -
Authorization objects for Process chain and Data sources in BW 3.x version
Hi,
Can any one tell me the authorization objects regaring process chain and Data source in BW 3.x versions. I guess we have auth objects for both of them in BW 3.5 that is S_RS_PC AND S_RS_DS .
Can any one help me solving this issue
Thanks
Bharatits the same thread again
/community [original link is broken]
Thanks,
Raj -
Authorization for Process Chains in BW 3.5 (2004)
Hi all,
I wanted to know if there is any way to limit actions on process chains. I would like to give some users display only access to process chains. Is that possible?
ThanksHi,
In your system go to
'Transport Connection' tool-->
Click on 'Object Changeability' pushbutton-->
And for Object types RSPC and ISIP make "changeable/Not Changable" .
Note: This will work only if your system is lockect aganist the changes as it is normally in Production.
Also check the below links:
1) Authorisation for process chains
2) Authorization Object for Process Chain
3)http://help.sap.com/saphelp_nw2004s/helpdata/en/35/c7e442e3c15704e10000000a155106/frameset.htm
4) http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm -
Process chains scehduling authorization
Hey guys
just gave an outsourced team authorizations to work around with their process chains (objet S_RS_PC), but they still don't have authorizations to modify the scheduling... do you know which object is missing in their authorzation profile ?Hi,
Goto PFCG -> Create profile -> Goto Authorization tab ->Change authorization -> Edit ->Insert auth. from template ->Select S_RS_ROPAD BW Role: Administrator (Productive System)
Hope that helps.
Regards
Mr Kapadia -
Authorization issues while acitvation of process chain
hi
No delete authorization for job BI_PROCESS_ATTRIBCHAN 16320601
I couldn't get it..
sachinHi Sachin,
Can you be more informative in regards the issue??
Regards
GPK -
Error while activating Process Chains
Hi all,
while activating the Process Chains, i am getting the following error "Job BI_PROCESS_PSAPROCESS could not be scheduled. Termination with returncode 8"
when i double click on the error msg, i got the following help msg: "
<i>Message no. RSPC065
Diagnosis
Program RSPROCESS is to be scheduled as job BI_PROCESS_PSAPROCESS under user ALEREMOTE.</i>
Can any one please show some way to solve this problem? please do this favor, i have been suffering with error for a long time.
Points will be given
Thanks
GaneshHi,
Just analyze the error message that you get while activating the PC, don't give any server name.If you are trying to run process chain using Flat file, it won't work,
and you should have source system R/3 or you have own datasources in BW system itself at that toime you can use PC to extract data. If your source system is Flat ile, it won't work. other wise you should place your flat file in application server, using AL11 tcode.
<b>OSS : 511475</b>
<b>Symptom</b>
You cannot schedule or perform any batch jobs with the BW or source system background user.
The error RSPC 065 occurs in the process chains:"Job could not be scheduled, termination with return code 8"
<b>Other terms</b>
RSPC065
<b>Reason and Prerequisites</b>
The user type is
"CPIC" up to 4.6B
"Communication" as of 4.6C
This user type may not execute or start any batch jobs, irrespective of the user authorizations.
<b>Solution</b>
Set the type of background user to
"Background" up to 4.6B
"System" as of 4.6C
This user type corresponds to the "Communication" type and may also perform background functions.
Through the Customizing, the BW user is automatically created by mistake as a communication user.Depending on your BW system release, you can solve this problem as follows:
BW 2.0B
Import Support Package 24 for 2.0B (BW2.0B patch24 or SAPKW20B24) into your BW system. The Support Package is available once note 456551 with the short text "SAPBWNews BW 2.0B Support Package 24", which describes this Support Package in more detail, has been released for customers.
BW 2.1C
Import Support Package 16 for 2.1C (BW2.1C patch16 or SAPKW21C16) into your BW system. The Support Package is available once note 456566 with the short text "SAPBWNews BW 2.1C Support Package 16" has been released for customers.
BW 3.0A
Import Support Package 8 for 3.0A (BW3.0A patch08 or SAPKW30A08) into your BW system. The Support Package is available once note 452632 with the short text "SAPBWNews BW 3.0A Support Package 08" has been released for customers.
<b></b> -
BI IP Executing planning sequence via process chain not possible
Hi,
we use BI IP and have defined a process chain (RSPC) with value type process planning sequence. When we execute it, we get error message
"Inconsistent input parameter (parameter: <unknown>, value <unknown>)"
When we execute this planning sequence via the modeller or via SE38 RSPLS_PLSEQ_EXECUTE everything works fine. I thougt the cause could be the user of the job itself (job is executed with different user, and variant of planning sequence is user-dependent!), but I changed the user in the job itself as well without results.
any thoughts?
regards
D
nullHi,
I executed with my user and have a SAP_ALL authorization. Perhaps it could be because we use authorisation with the old method (4.0) (-> I'm not sure on this). I also think it has to do with authorization. I'll check this out with our authorization consultant.
D -
An issue with authentication and authorization on ISE 1.2
Hi, I'm new to ISE.
I have an issue with authentication and authorization.
I have ISE 1.2 plus patch 6 installed on VMware.
I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
I created authentication and authorization rules with Active Directory as External Identity Source. Also I applied authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
What should I do to resolve this issue?
Switch configuration:
testISE#sh runn
Building configuration...
Current configuration : 7103 bytes
! Last configuration change at 12:20:15Tue Apr 15 2014
! NVRAM config last updated at 10:35:02 Tue Apr 15 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname testISE
boot-start-marker
boot-end-marker
no logging console
logging monitor informational
enable secret 5 ************
enable password ********
username radius-test password 0 ********
username admin privilege 15 secret 5 ******************
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.16.0.90 server-key ********
aaa session-id common
clock timezone 4 0
system mtu routing 1500
authentication mac-move permit
ip dhcp snooping vlan 1,22
ip dhcp snooping
ip domain-name elauloks
ip device tracking probe use-svi
ip device tracking
epm logging
crypto pki trustpoint TP-self-signed-1888913408
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1888913408
revocation-check none
rsakeypair TP-self-signed-1888913408
crypto pki certificate chain TP-self-signed-1888913408
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh version 2
interface FastEthernet0/5
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/7
interface Vlan1
ip address 172.16.0.204 255.255.240.0
no ip route-cache
ip default-gateway 172.16.0.1
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
deny icmp any host 172.16.0.1
permit ip any any
ip radius source-interface Vlan1
logging origin-id ip
logging source-interface Vlan1
logging host 172.16.0.90 transport udp port 20514
snmp-server community public RO
snmp-server community ciscoro RO
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move
snmp-server host 172.16.0.90 ciscoro
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-Alex
address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
automate-tester username radius-test idle-time 15
key ******
ntp server 172.16.0.1
ntp server 172.16.0.5
endYes. Tried that (several times) didn't work. 5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts. Kept getting error message that username and password invalid. Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick. Think there is an issue with imap.gmail.com and IOS 6.0.1. I'm sure the 5 of us suddently experiencing this issue aren't the only ones. Apple will figure it out. Thanks.
-
IOS SSL VPN WITH RADIUS Authorization
Hi
I'm trying to authenitcate and authorize the users loggining into SSLVPN via ACS and although the ACS loggs and "TEST" command on the router shw succeeful authentication i receive the flollowing debug
*Jun 6 22:39:50.157: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4346
Rack1R1(config)#
*Jun 6 22:40:09.409: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4357
Rack1R1(config)#
*Jun 6 22:40:21.409: WV-AAA: AAA authentication request sent for user: "SSLUSER"
*Jun 6 22:40:21.409: RADIUS/ENCODE(00000000):Orig. component type = INVALID
*Jun 6 22:40:21.409: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
*Jun 6 22:40:21.409: RADIUS(00000000): Config NAS IP: 150.1.1.1
*Jun 6 22:40:21.409: RADIUS(00000000): sending
*Jun 6 22:40:21.409: RADIUS(00000000): Send Access-Request to 10.0.0.100:1645 id 1645/27, len 60
*Jun 6 22:40:21.409: RADIUS: authenticator AC 16 B3 54 46 72 37 05 - 4C 00 19 21 81 97 40 6E
*Jun 6 22:40:21.409: RADIUS: User-Name [1] 16 "SSLUSER@SSLVPN"
Rack1R1(config)#
*Jun 6 22:40:21.409: RADIUS: User-Password [2] 18 *
*Jun 6 22:40:21.409: RADIUS: NAS-IP-Address [4] 6 150.1.1.1
*Jun 6 22:40:21.669: RADIUS: Received from id 1645/27 10.0.0.100:1645, Access-Accept, len 282
*Jun 6 22:40:21.669: RADIUS: authenticator 2D 2C B0 39 89 4C 41 88 - 40 32 E2 09 0D 7F 6B 0C
*Jun 6 22:40:21.669: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 28
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 22 "webvpn:svc-enabled=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 29
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 23 "webvpn:svc-required=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 50
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 44 "webvpn:split-include=6.6.6.0 255.255.255.0"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 35
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 29 "webvpn:keep-svc-installed=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 31
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 25 "webvpn:addr-pool=SSLVPN"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 41
*Jun 6 22:40:21.669: RADIUS: Service-Type [6] 6 Outbound [5]
*Jun 6 22:40:21.669: RADIUS: Class [25] 36
*Jun 6 22:40:21.669: RADIUS: 43 41 43 53 3A 30 2F 34 37 30 2F 39 36 30 31 30 [CACS:0/470/96010]
*Jun 6 22:40:21.669: RADIUS: 31 30 31 2F 53 53 4C 55 53 45 52 40 53 53 4C 56 [101/SSLUSER@SSLV]
*Jun 6 22:40:21.669: RADIUS: 50 4E [PN]
*Jun 6 22:40:21.673: RADIUS(00000000): Received from id 1645/27
*Jun 6 22:40:21.673: RADIUS(00000000): Unique id not in use
Rack1R1(config)#
*Jun 6 22:40:21.673: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored
*Jun 6 22:40:21.673: AAA/AUTHOR (0x0): Pick method list 'RAD'
Rack1R1(config)#
*Jun 6 22:40:23.673: WV-AAA: AAA Authentication Failed!
Rack1R1(config)#
*Jun 6 22:40:24.069: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4359
Rack1R1(config)#
router Configuration
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Rack1R1
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/1
logging message-counter syslog
enable password cisco
aaa new-model
aaa authentication login RAD group radius
aaa authorization network RAD group radius
aaa session-id common
dot11 syslog
ip source-route
ip cef
no ip domain lookup
ip domain name INE.com
ip host cisco.com 136.1.121.1
ip host www.cisco.com 136.1.121.1
ip host www.google.com 136.1.121.1
ip host www.ripe.net 136.1.121.1
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3354934498
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3354934498
revocation-check none
rsakeypair TP-self-signed-3354934498
crypto pki certificate chain TP-self-signed-3354934498
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333534 39333434 3938301E 170D3132 30363036 31333030
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353439
33343439 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1E5 889BEB9A 31DFC0D4 7C7F698F 0F52E404 0849263A BD443A96 13C6A440
DCBD4345 EF301E91 0D4AADD9 3C2A17F2 E26E5E96 90F96809 D8FCCF32 7EB58100
74E4772C 6395E03C 1B7F1AF5 482F861F DD62D079 F9977FE2 0E544E18 5FAAF290
DF665B45 EF10D3EC D924E87A 5F827F07 06DE8961 F361C3FA EDBE5F68 452221C8
B9570203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F526163 6B315231 2E494E45 2E636F6D 301F0603 551D2304
18301680 140B00B8 FD9B58CF 8A6F51BE 25DEC6C5 85E14495 05301D06 03551D0E
04160414 0B00B8FD 9B58CF8A 6F51BE25 DEC6C585 E1449505 300D0609 2A864886
F70D0101 04050003 81810006 4192E2DB ABAF533E 9C4BF24E DF6BFD45 144A6AE9
C874E311 27B23E7B E8DB18C3 4FFB4ACA 4B09F63E 62501578 D8F58D73 D08F016F
49C99B8D DA1073E5 A141C1C7 505BD191 FC58EA7F 54BD9B98 579E1726 7C1CA619
A45DDABC 8F315EE9 D20A30A8 2BD5D67D B744BD69 353B4670 E5BA4540 47059E60
9DC4C940 E91AACBB 4EAFFA
quit
username admin privilege 15 password 0 admin
username SSLUSER@SSLVPN password 0 cisco
archive
log config
hidekeys
crypto ipsec client ezvpn EZVPN_CLIENT
connect auto
mode client
xauth userid mode interactive
ip tcp synwait-time 5
interface Loopback0
ip address 150.1.1.1 255.255.255.0
interface Loopback6
ip address 6.6.6.6 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.11
encapsulation dot1Q 12
ip address 136.1.11.1 255.255.255.0
interface FastEthernet0/1.121
encapsulation dot1Q 121
ip address 136.1.121.1 255.255.255.0
interface FastEthernet0/0/0
interface FastEthernet0/0/1
interface FastEthernet0/0/2
interface FastEthernet0/0/3
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
interface Vlan1
no ip address
router rip
version 2
passive-interface FastEthernet0/1.11
network 136.1.0.0
network 150.1.0.0
no auto-summary
ip local pool SSLVPN 40.0.0.1 40.0.0.254
ip forward-protocol nd
ip route 10.0.0.0 255.255.255.0 136.1.121.12
ip http server
ip http secure-server
ip dns server
ip access-list extended SPLIT
permit ip 136.1.11.0 0.0.0.255 10.0.0.0 0.0.0.255
ip radius source-interface Loopback0
radius-server host 10.0.0.100 auth-port 1645 acct-port 1646 key CISCO
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
line vty 0 4
password cisco
scheduler allocate 20000 1000
webvpn gateway SSLVPN
ip interface Loopback0 port 443
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-3354934498
logging enable
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.3055-k9.pkg sequence 1
webvpn context SSLVPN
title "**SSLVPN **"
ssl encryption rc4-md5
ssl authenticate verify all
aaa authentication list RAD
aaa authentication domain @SSLVPN
aaa authorization list RAD
gateway SSLVPN
inservice
end
Any Idea?Hi,
As I understand , you need to know if you can assign static ip to a user and also is there any other way of assiging a ip other than local pool.
There are three ways of assinging an ip address to VPN client: using local pool, AAA server,DHCP.
You can use the following link for more information:-
Assigning static ip for user present locally on ASA:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
For user present on Active Directory:-
http://technet.microsoft.com/en-us/library/cc786213%28WS.10%29.aspx
The following is the link for assigning ip address using DHCP:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml
I hope it helps.
Thanks,
Shilpa
Maybe you are looking for
-
Can't get latest 1.1.3 update
It says I have to buy it. I've never had to buy an update for my first gen ipod, fourth gen ipod, nano, ipod mini or - until now - my ipod touch. What's up with that!? Oh, and why do I have to pay more because I'm in the UK???
-
Hi guys, I need help for an appilcation we have here at work. We have a stepmotor (HT23-398D-ZAA) that include a 2000cpr encoder with STR4 drive and a PCI-7334 controller board. We had a UMI-7774 but we broke it and we dont have time/money to invest
-
Apple does not allow giveaway of iPad/iPhone/iPod ?
Hello I would like to know if this is true that Apple do not allow giveaway iPad/iPhone/iPod ? And if it so, does it apply to all world or just some countryes? And I would like to know about country: Slovenia in Europe. And where can such company who
-
Where to put system, samples, audiofiles, if 4 harddiscs available?
I´m sure this has been posted, but my search result was too big and I could figure out, just to look for thread-titles: I´m looking for the best way to organize my G5 2 Ghz dual with 2 internal harddiscs, 1 external SATA-drive for 2 harddiscs and 1 f
-
HELP out of memory error message
I'm using fcp 7 with 10.6 on a macbook pro. I just finished editing a 16 minute photo montage with about 100 stills. The pictues all of movement. I used some of the pictures in photoshop and AE. When I try and render I'm getting "out of memory" error