Cisco ASA - Web Server Publishing

My requirement is I need to publish 2 Web Servers to internet behind Cisco ASA.
The users will be using secure https acccess to the Web Server.
I have only 1 Public IP Address assigned to access both the Web Servers.
Wanted to know what are the things required in the Cisco ASA firewall.
1. What type of licenses ?
2. What type of certificates ?
3. How can i use a single Public IP to access to both the Web servers. Does the Cisco ASA supports this.
I dont want any client software on the end users PC.....

ThanksI do have 2 Public IP address for my 2 servers.That is clear.
I thought you said you just have 1 Public IP in your first post. Anyways, if you do have 2 Public IPs for each server, then use Static NAT instead of PAT. Use the same commands but without the port information.
Prior 8.3:
static (inside,outside) public_ip1 web_server1 
static (inside,outside) public_ip2 web_server2
8.3 or later:
object network web_server1_real
host web_server1
nat (inside,outside) static public_ip1
object network web_server2_real
host web_server2
nat (inside,outside) static public_ip2
Because Application1 will be published to the web server and the web server will be published to internet, the web server is the one to be published through ASA. I am not sure how you use Application1 and how you will publish it to the web server internally so this is out of the scope of my help.
About Application2's security, the question is, how do you want to achieve security for App2? We have several types of security. Having the ASA infront of Application2, using NAT and using ACLs, this will achieve Access Control. However, if you want to achieve data encryption between internet clients and App2, then you have to consider PKI (or certificates) to achieve this. You also can consider IPsec remote access vpn for the App2 server. It all depends on what security flavor do you like.
Regards,
AM

Similar Messages

  • Non-Web Server Publishing Rule for Internal and External

    Hi there,
    I have a problem with my TMG and publishing SSH for Internal and External users to an internal Server.
    Network:
    Internal Network
    SSH Server, 10.10.10.25
    Internal DNS record "ssh.domain.com" pointing to 10.10.10.254
    TMG Server, 10.10.10.254/192.168.0.254
    External Network
    External DNS record "ssh.domain.com pointing to 192.168.0.254
    I want my users (internal AND external) using their SSH client to connect to ssh.domain.com and TMG to forward the request to the SSH server. Note that internal clients and the SSH server are in the same network.
    I have created a custom "SSH Server" protocol with inbound TCP for port 22 and created a Non-Web Server publishing rule.
    Traffic Tab: SSH Server Protocol
    From Tab: Internal, External
    To Tab: 10.10.10.25, original client
    Networks Tabs: Internal, External
    External users cann connect without a problem, all fine here. Internal users get a timout. The TMG Log says: Denied Connection (Default Rule,
    The policy rules do not allow the user request) and doesn´t recognize this is an inbound request. The log gives me dest IP 10.10.10.254 and protocol SSH and not 10.10.10.25 and SSH Server.
    I read a lot of networking rules and NAT/Routing, tried a bit but never got a success.
    Can you help me fix or working around this and tell me whats going on there and if there a limitations in TMG I don´t know yet?
    Regards,
    Sascha

    Hi,
    According to your description, it seems that request was denied by the TMG rules so the request from the internal users
    could not be forwarded to the SSH server. I would appreciate it if you can post the logs to us and the results of running ipconfig/all on the TMG server.
    In addition, maybe you can change the firewall policy only from
    External and add another firewall policy for the internal user to see if the issue persists.
    More information:
    Creating and using a server protocol
    TMG
    Back to Basics - Part 1: Server Publishing Rules
    Best regards,
    Susie

  • WLC 5508, DHCP Problem after Update Cisco ASA(DHCP-Server)

    Hello,
    our Problem is, our Apple Devices get no ip adress from our Cisco ASA Cluster(ASA 9.1.2) over Wireless(Cisco WLC 5508). All other devices(Windows, Android,...) work correct, without problems. Our WLC is in HA-Mode.
    Does anybody have an Idea?
    Thank you very much and Best regards,
    Stefan

    Hello again,
    I hope this case is the solution.
    https://supportforums.cisco.com/message/3942112#3942112
    I will let you know after downgrade.
    Best regards,
    Stefan

  • Firefox 10 and IE 9 is not displaying Cisco ASA Web Authentication

    Hi All,
    We are having issue on AAA authentication page display for our ASA.
    1. There 2 issue reported here.
    2. First is customer cannot access the  website using IE 9. But this is because there is security patch on customer  PC.
    3. After customer uninstall KB2585542, the website load fine.
    4.  Second issue is, today morning, there is auto update on FireFox which  automatically upgrade users firefox to Firefox 10.
    5. After these upgrade,  users cannot load the website anymore.
    6. Error message is Server Does Not  Support RFC 5746/ CVE-2009-3555
    7. Customer using Firefox as default Internet  Browsing.
    8. As workaround, customer have downgrade their Firefox to version  3.6.22 and it's working fine.
    9. Java Version 6 update 23.
    10. An Cisco  case have been raise the check the compatibility of Cisco Web Authentication  with the FF10
    11. SR 620756799.
    Firewall Version : ASA 5520 7.2(5)
    Does anyone also experiencing the same issue? Any idea does this is a cisco bug or AAA issue.

    Hi,
    Please share the URL of the web site.
    Regards,
    Abhishek Maurya

  • Port Forwarding for Cisco ASA 5505 VPN

    This is the Network
    Linksys E2500 ---> Cisco ASA 5505 ---> Server
    I beleive I need to forward some ports to the asa to use the IPsec VPN I just setup. I had the SSL VPN working but only needed to forward 443 for that....I assume that IPsec tunnel is a specific port.
    Thank You

    For IPSec VPN, you need to port forward UDP/500 and UDP/4500, and remember to enable NAT-T on the ASA.
    Command to enable NAT-T on ASA:
    crypto isakmp nat-traversal 30

  • FLV File does not play when published to my web server

    Hi. I have created a short video in VC3 and selected the FLV option to create a web page. When I uploaded the entire file content to my web server (windows 2003 server hosted at Network Solutions) the FLV file will not play. Now... if I do the same with a WMV tile, the video plays.
    You can view the file at
    http://www.airforcehomeseller.com/videos/va_education/VATutorials/index.htm
    We have another video published in WMV format, although the video vs audio sync is out of wack at the moment, at
    http://www.airforcehomeseller.com/videos/Energy%20Pricing%20101/index.htm
    What am I doing wrong?
    Any help would be greatly appreciated.
    G-II

    Hi again
    You should probably double-check to ensure the standard.js file was also copied in when the HTML page was imported. It should be there but it never hurts to double check.
    You might also perform a double-check to ensure things ended up in the correct folder (if you are organizing your project into folders). It could be that you moved the HTML page into a different folder and orphaned the JavaScript file.
    Cheers... Rick
    Helpful and Handy Links
    Captivate Wish Form/Bug Reporting Form
    Adobe Certified Captivate Training
    SorcerStone Blog
    Captivate eBooks

  • I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

    I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
    I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
    I need to allow the following IP addresses to have RDP access to my server:
    66.237.238.193-66.237.238.222
    69.195.249.177-69.195.249.190
    69.65.80.240-69.65.80.249
    My external WAN server info is - 99.89.69.333
    The internal IP address of my server is - 192.168.6.2
    The other server shows up as 99.89.69.334 but is working fine.
    I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
    THE FOLLOWING IS MY CONFIGURATION FILE
    Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
    Also the bolded lines are the modifications I made but that arent working.
    ASA Version 7.2(4)
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password DowJbZ7jrm5Nkm5B encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.6.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 99.89.69.233 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    object-group network EMRMC
    network-object 10.1.2.0 255.255.255.0
    network-object 192.168.10.0 255.255.255.0
    network-object 192.168.11.0 255.255.255.0
    network-object 172.16.0.0 255.255.0.0
    network-object 192.168.9.0 255.255.255.0
    object-group service RDP tcp
    description RDP
    port-object eq 3389
    object-group service GMED tcp
    description GMED
    port-object eq 3390
    object-group service MarsAccess tcp
    description MarsAccess
    port-object range pcanywhere-data 5632
    object-group service MarsFTP tcp
    description MarsFTP
    port-object range ftp-data ftp
    object-group service MarsSupportAppls tcp
    description MarsSupportAppls
    port-object eq 1972
    object-group service MarsUpdatePort tcp
    description MarsUpdatePort
    port-object eq 7835
    object-group service NM1503 tcp
    description NM1503
    port-object eq 1503
    object-group service NM1720 tcp
    description NM1720
    port-object eq h323
    object-group service NM1731 tcp
    description NM1731
    port-object eq 1731
    object-group service NM389 tcp
    description NM389
    port-object eq ldap
    object-group service NM522 tcp
    description NM522
    port-object eq 522
    object-group service SSL tcp
    description SSL
    port-object eq https
    object-group service rdp tcp
    port-object eq 3389
    access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
    access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
    access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
    access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
    access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.6.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer 68.156.148.5
    crypto map outside_map 1 set transform-set ESP-3DES-MD5
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 1
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    tunnel-group 68.156.148.5 type ipsec-l2l
    tunnel-group 68.156.148.5 ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
    : end
    ciscoasa(config-network)#

    Unclear what did not work.  In your original post you include said some commands were added but don't work:
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    and later you state you add another command that gets an error:
    static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
    You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
    The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
    Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

  • How to sync clock of Cisco ASA 5505 from NTP Server on internet

    Hi there!
    i've setup a site, with cisco ASA 5505. It has public ip also.
    i want to sync the clock of firewall from on ntp server on internet, or with internal domain controller that is inside LAN.
    The firewall has public IP also.
    how can i do this?
    Regards!

    Hello Lasandro,
    This should do it!
    http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_hostname_pw.html#wp1236530
    Looking for some Networking Assistance? 
    Contact me directly at [email protected]
    I will fix your problem ASAP.
    Cheers,
    Julio Carvajal Segura
    http://laguiadelnetworking.com

  • Web Filtering Cisco ASA 5510

    Hello !
    I m a netword administrator, and i have been looking how to setup web filtering in a network, we are using cisco asa 5510 as a firewall and i have been looking for a way to block url such as facebook and streaming web sites since users are allowed to access to any website and they have been downloding stuff lately and i cant controll the bandwith!!
    What u guys recommand !
    Thanks

    Hi Neji,
    Here you have all the content security options available on the ASA. I think only the CX doesn't apply to your HW but the other options are available.
    Block URLs using Regular Experessions (Regex)
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
    CSC module:
    http://www.cisco.com/en/US/products/ps6823/index.html
    How to enable the CSC module:
    http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html
    ASA CX module (ASA 5512,5525,5545,5545,5555)
    http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html
    Scansafe:
    http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/scansafe.html
    Configuration Cisco Cloud Web Security
    http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/protect_cloud_web_security.html#wp1559223
    Ironport:
    http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/ironport.html
    How to integrate the ASA with Ironport (WCCP):
    https://supportforums.cisco.com/docs/DOC-12623
    HTH
    Luis Silva
    "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
    http://www.cisco.com/web/partners/tools/pdihd.html

  • My animate file seems to work fine locally, but the images aren't linked properly when I publish and post them to a web server.

    I have an HTML5 animation that I am working on. When I preview it locally, it seems to work fine, but when I publish and post it on our web server, it doesn't seem to be able to find the images. The images are all in the images folder and it all seems to be pointing the right location, but it isn't showing up properly on the web server.
    If anyone has any insight, I would greatly appreciate it.

    The site runs fine offline. If I am watching it locally, it seems to be OK. The problem only occurs when I copy all of the content to the host. I have also checked to be sure that the images are in the correct folder and uploaded.
    Here is one of the images that is definitely live, but is showing as unlinked/missing in the HTML5 version.
    https://apps.treca.org/creative/ODE/70%20-%20Misc/images/ODE-Logo.svg
    Also, here is the URL of the site for review
    https://apps.treca.org/creative/ODE/70%20-%20Misc/ODE-VA-App.html

  • Publishing to Appache Web Server

    I need help publishing a site to my appache web server.  I keep getting error messages when I try.  I've attempted with FTP, SFTP and WebDav I keep getting that it can't connect or that the server actively refused the connection.  I want to make sure I used the correct setting in dreamweaver.

    If all of your credentials are correct, Server Name/IP Address, Username, Password, Root Directory and it's still not connecting, I would try toggling the Passive FTP checkbox.
    If you still can't connect in DW, try downloading a third party FTP program like Filezilla (free) and uploading there. If the third party app doesn't work either, there is likely a problem with your credentials and you would need to contact your hosting provider to straighten it out.

  • Publishing .shtml files to web server

    Hi,
    I am evaluating CQ5 to manage my web application having .html and .shtml pages (pages with SSIs, server side includes). I want to manage the web content - htmls, .shtmls, images etc using CQ5.
    I have following questions -
    1. Does CQ5 have any restrictions in publishing pages with extension .shtml?
    2. What are the best ways to manage these .shtml in CQ5?
    3. How do I publish these .shtmls to web server?
    Regards,
    vkp

    As a general rule anything you manage in CQ gets published to the web server via the Dispatcher plugin. Dispatcher functions as a reverse proxy sending request back to the publish servers and caching the result.
    As far as managing the .shtml items I am assuming that you want them to be generated and managed as pages in CQ with traditional component authoring interfaces. You will have two big challenges in this scenario:
    Sling request handling - Sling uses the extension to map a request to script. By default sling would consider .shtml to be different than .html and you'd need to name your JSPs appropariately. This could be problematic if you are reusing components across both page types. I have never tried this, but you could consider using the Sling Default Get servlet's alias configuration to map .shtml to .html which might work, but I have never actually done that.
    Link rewriting - you are going to have to write a layer of code that you use in your components to properly set the right extensions on the URLs when linking to these .shtml pages. By default CQ is just going to add .html. You will need to make sure you have some sort of way to tell in the page's meta-data whether or not it's an .shtml - perhaps based on template and then make sure you take that into account when writing out links. The rich text editor will be a challenge because adds the .html in JavaScript and stores it in the repository. You will have to override this in someway if you want to link to these .shtml pages in a rich text editor.
    In the past when I have needed to leverage SSIs through CQ I have just configured Apache to do do the SSI processing on .html to avoid these challenges. It means a heavier load on the web tier and it has some potential issues but generally is a better option than trying to get CQ to handle the .shtml extension.
    Also the other thing to consider is whether or not you really need .shtml files since CQ is pretty dynamic - usually you can figure out how to handle the dynamic assembly in CQ and not at the web tier (or using AJAX).
    Or did I misunderstand your plan - are you managing these as files in the DAM. If you are managing them as files in the DAM then you just have to make sure that you have a rendering servlet that will set the right mimetype.

  • Publishing front panels with web server

    Hello,
    I'm working with LabView 7.1 and trying to publish a front panel by means of the web server.
    The problem is that I'm only able to connect to the VI through the internet when both , the host and the remote are networked. 
    When I try with computers outside that network the browser doesn't find the webpage.
    Thank you for your help
    Lian

    You need to know:
    The public IP of your router.
    The private IP of your LabVIEW server.
    The port used by your server.
    First you need to forward the port on your router. Basically, you need to tell the router that incoming NEW connections to a certain port of the public IP of the router should get forwarded your server. (Without forwarding, the router only works for outgoing connections). Once the port is forwarded, clients located on the outside need to connect to the public IP of your router.
    Possible complications:
    Your ISP might block certain incoming ports for security reasons. In this case you can configure a different port for the server.
    With some routers you will not be able to connect to your server (for testing) with a client located on the same LAN via the public IP of the router. Only routers that incorporate a loopback proxy support this. What is the brand and model of your router?
    Good luck!
    LabVIEW Champion . Do more with less code and in less time .

  • Cisco Prime Infra 1.2 Web server

    Hello,
    I have installed a version of Cisco Prime Infrastructure 1.2.11 with a kickstart .ova file on my production network.
    Everything goes fine and I follow the instructions for installation ; i can ping my Cisco PI server and ssh into it as admin.
    However, when I try to reach the web server via https, it does not work. I have reviewed my proxy settings and they are not to blame. The nslookup returns the IP address when I poll it. I have read elsewhere that I would need "NCS" service to be started, but I can't find anything called NCS on my Prime Infra server in CLI mode.
    Anyone with a suggestion for this issue ?
    Thanks
    Jeremy

    Actually I know what's happening ; the PnP (plug n play) setup was not configured, and so 443 port was not up.
    I configured PnP using "pnp setup" command, but then I have to supply a list of certificates and keys :
    Enter absolute pathname of PnP Gateway server key file:
    Enter absolute pathname of PnP Gateway server certificate file:
    Enter absolute pathname of Prime Infrastructure server certificate file:
    I tried to do this with the private key I had for my server. I created it on my Certificate Authentication and got a .key and a .csr (certificate server request).
    However when i feed them to my PnP setup I get this error :
    Setup is in progress.......
    Stop PnP Gateway server
    OpenSSL command failed for mycert.csr and mykey.key
    any idea as to why this is happening?
    I read elswhere again that i need to run commands with "ncs" but I don't have "ncs" commands on my prompt...
    Thank you for your time

  • Published Flash module and 404 errors in the web server log

    I’ve created a Presenter module, published it to my computer, and uploaded all the files to a web server. And it plays fine via the web.
    The odd thing is a bunch of 404 errors in the web log:
    10.1.2.104 - - [29/Jul/2009:10:36:00 -0700] "GET /repository/university/courses/3/flash/data/spk10821.1.jpg HTTP/1.1" 404 255 "-" 1166 419
    10.1.2.104 - - [29/Jul/2009:10:36:29 -0700] "GET /repository/university/courses/3/flash/data/spk10821.1.jpg HTTP/1.1" 404 255 "-" 1166 419
    10.1.2.104 - - [29/Jul/2009:10:36:57 -0700] "GET /repository/university/courses/3/flash/data/spk10821.1.jpg HTTP/1.1" 404 255 "-" 1166 419
    In the data directory there is a file named spk10821.jpg that was generated by Presenter. The image is actually the presenter bio photo that would normally show up in the sidebar -- but no photo is there. The browser never requests the valid spk10821.jpg file, only the non-existent spk10821.1.jpg path.
    Anybody know why this would be happening? I see in data/viewer.xml there is a tag for <image>spk10821.1.jpg</image> but I don’t know why Presenter would mention that file in the XML but generate a differently-named one in the publish folder.
    I’m wondering if I should have the web server rewrite requests with the ".1.jpg" ending to get rid of the ".1" part so they will work.
    By the way, this is with PowerPoint 2003 SP3 and Presenter 7.0.1.

    Hi Daniel,
    I am assuming that you are using Visual Studio 2010 to target the .Net framework 4.0
    Crystal Reports 2008 is not compatible with VS 2010. Use [Crystal Reports for Visual Studio 2010|Crystal Reports for Visual Studio 2010 Production Release Now AvailableCystlR%2528SAPWeblogs%253ACrystal+Reports%2529] to target .Net framework 4.0.
    Deploy the application using the methods specified in the 'Deployment' section of the [CR for VS 2010 .Net SDK developer guide|http://help.sap.com/businessobject/product_guides/sapCRVS2010/en/crnet_dg_2010_en.zip].
    See if you can reproduce the issue after redeploying the application as mentioned above.
    Few questions-
    - Is it the dev machine or production machine causing the issue?
    - OS version?
    - What does the application do? i.e. view, export, print report?
    - Issue is with some reports or all the reports.
    See if there is an image on the report, remove the image and add it as a picture object ' Insert --> Picture' from the CR designer.
    Hope this helps,
    Bhushan.

Maybe you are looking for