Clarification of Servlet Spec for forwarding and filters

Hi everybody,
I'm having a problem trying to use SiteMesh in WebLogic 9.1 vs Tomcat 5.5.17. The issue seems to come up because the two containers have different behavior when it comes to forwarding and filters.
The scenario is this: A request comes in to a servlet, that servlet forwards to a JSP page using RequestDispatcher.forward(). The SiteMesh filter looks at request.getServletPath() after the chain has executed and determines whether or not to apply the decoration based on the path of the page. The filter's doFilter() method looks something like :
chain.doFilter(request, response)
if(request.getServletPath() = matchingPath)
    applyDecoration();
}Now, in Tomcat, a call to request.getServletPath() before and after the call to chain.doFilter() returns the exact same thing, regardless of whether the target servlet executes a forward. But in WebLogic, the call to getServletPath() after chain.doFilter() returns the forwarded path, not the original path.
Who is right? Or is this one of those gray areas?
Thanks,
Scott

Thanks for the info. You are correct, I was using 'forward'. I changed it to use 'sendRedirect' and this time the request goes via the filter. However, the request parameters that were in the original request have disappeared after the 'sendRedirect'. I could just add all the request parameters to the string I pass to sendredirect but was wondering if there was a better/simpler way.
Thanks,
Paul

Similar Messages

  • Asymmetric NAT rules matched for forward and reverse flows - NAT Issue

    Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505.   The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet).   I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
    The Error:
    5          Nov 12 2012          13:52:50                    192.168.9.19                                        Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
    I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes.   Here's my current running configuration.
    : Saved
    ASA Version 8.3(2)
    hostname fw1
    domain-name xxxxxxxx.xxx
    enable password <removed>
    passwd <removed>
    names
    interface Vlan1
    description Town Internal Network
    nameif inside
    security-level 100
    ip address 192.168.9.1 255.255.255.0
    interface Vlan2
    description Public Internet
    nameif outside
    security-level 0
    ip address 173.xxx.xxx.xxx 255.255.255.248
    interface Vlan3
    description DMZ (CaTV)
    nameif dmz
    security-level 50
    ip address 192.168.2.1 255.255.255.0
    interface Vlan10
    description Infrastructure Network
    nameif InfraNet
    security-level 100
    ip address 192.168.10.1 255.255.255.0
    interface Vlan13
    description Guest Wireless
    nameif Wireless-Guest
    security-level 25
    ip address 192.168.1.1 255.255.255.0
    interface Vlan23
    nameif StateNet
    security-level 75
    ip address 10.63.198.2 255.255.255.0
    interface Vlan33
    description Police Subnet
    shutdown
    nameif PDNet
    security-level 90
    ip address 192.168.0.1 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    switchport trunk allowed vlan 1,5,10,13
    switchport trunk native vlan 1
    switchport mode trunk
    speed 100
    duplex full
    interface Ethernet0/2
    switchport access vlan 3
    interface Ethernet0/3
    interface Ethernet0/4
    switchport trunk allowed vlan 1,10,13
    switchport trunk native vlan 1
    switchport mode trunk
    interface Ethernet0/5
    switchport access vlan 23
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    switchport trunk allowed vlan 1
    switchport trunk native vlan 1
    switchport mode trunk
    shutdown
    banner exec                     Access Restricted to Personnel Only
    banner login                     Access Restricted to Personnel Only
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns server-group DefaultDNS
    domain-name xxxxxxx.xxx
    same-security-traffic permit inter-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object service IMAPoverSSL
    service tcp destination eq 993
    description IMAP over SSL     
    object service POPoverSSL
    service tcp destination eq 995
    description POP3 over SSL     
    object service SMTPwTLS
    service tcp destination eq 465
    description SMTP with TLS     
    object network obj-192.168.9.20
    host 192.168.9.20
    object network obj-claggett-https
    host 192.168.9.20
    object network obj-claggett-imap4
    host 192.168.9.20
    object network obj-claggett-pop3
    host 192.168.9.20
    object network obj-claggett-smtp
    host 192.168.9.20
    object network obj-claggett-imapoverssl
    host 192.168.9.20
    object network obj-claggett-popoverssl
    host 192.168.9.20
    object network obj-claggett-smtpwTLS
    host 192.168.9.20
    object network obj-192.168.9.120
    host 192.168.9.120
    object network obj-192.168.9.119
    host 192.168.9.119
    object network obj-192.168.9.121
    host 192.168.9.121
    object network obj-wirelessnet
    subnet 192.168.1.0 255.255.255.0
    object network WirelessClients
    subnet 192.168.1.0 255.255.255.0
    object network obj-dmznetwork
    subnet 192.168.2.0 255.255.255.0
    object network FD_Firewall
    host 74.94.142.229
    object network FD_Net
    subnet 192.168.6.0 255.255.255.0
    object network NETWORK_OBJ_192.168.10.0_24
    subnet 192.168.10.0 255.255.255.0
    object network obj-TownHallNet
    subnet 192.168.9.0 255.255.255.0
    object network obj_InfraNet
    subnet 192.168.10.0 255.255.255.0
    object-group service EmailServices
    description Normal Email/Exchange Services
    service-object object IMAPoverSSL
    service-object object POPoverSSL
    service-object object SMTPwTLS
    service-object tcp destination eq https
    service-object tcp destination eq imap4
    service-object tcp destination eq pop3
    service-object tcp destination eq smtp
    object-group service DM_INLINE_SERVICE_1
    service-object object IMAPoverSSL
    service-object object POPoverSSL
    service-object object SMTPwTLS
    service-object tcp destination eq pop3
    service-object tcp destination eq https
    service-object tcp destination eq smtp
    object-group service DM_INLINE_SERVICE_2
    service-object object IMAPoverSSL
    service-object object POPoverSSL
    service-object object SMTPwTLS
    service-object tcp destination eq https
    service-object tcp destination eq pop3
    service-object tcp destination eq smtp
    object-group network obj_clerkpc
    description Clerk's PCs
    network-object object obj-192.168.9.119
    network-object object obj-192.168.9.120
    network-object object obj-192.168.9.121
    object-group network TownHall_Nets
    network-object 192.168.10.0 255.255.255.0
    network-object object obj-TownHallNet
    object-group network DM_INLINE_NETWORK_1
    network-object 192.168.10.0 255.255.255.0
    network-object 192.168.9.0 255.255.255.0
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
    access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
    access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
    pager lines 24
    logging enable
    logging asdm debugging
    logging mail errors
    logging from-address hostmaster@xxxxxxxxx
    logging recipient-address john@xxxxxxxxx level errors
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    mtu Wireless-Guest 1500
    mtu StateNet 1500
    mtu InfraNet 1500
    mtu PDNet 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-635.bin
    no asdm history enable
    arp timeout 14400
    nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
    nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
    object network obj_any
    nat (inside,outside) static interface
    object network obj-claggett-https
    nat (inside,outside) static interface service tcp https https
    object network obj-claggett-imap4
    nat (inside,outside) static interface service tcp imap4 imap4
    object network obj-claggett-pop3
    nat (inside,outside) static interface service tcp pop3 pop3
    object network obj-claggett-smtp
    nat (inside,outside) static interface service tcp smtp smtp
    object network obj-claggett-imapoverssl
    nat (inside,outside) static interface service tcp 993 993
    object network obj-claggett-popoverssl
    nat (inside,outside) static interface service tcp 995 995
    object network obj-claggett-smtpwTLS
    nat (inside,outside) static interface service tcp 465 465
    object network obj-192.168.9.120
    nat (inside,StateNet) static 10.63.198.12
    object network obj-192.168.9.119
    nat (any,StateNet) static 10.63.198.10
    object network obj-192.168.9.121
    nat (any,StateNet) static 10.63.198.11
    object network obj-wirelessnet
    nat (Wireless-Guest,outside) static interface
    object network obj-dmznetwork
    nat (any,outside) static interface
    object network obj_InfraNet
    nat (InfraNet,outside) static interface
    access-group outside_access_in in interface outside
    access-group StateNet_access_in in interface StateNet
    route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
    route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable 5443
    http 192.168.9.0 255.255.255.0 inside
    http 74.xxx.xxx.xxx 255.255.255.255 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map outside_map 2 match address outside_2_cryptomap
    crypto map outside_map 2 set pfs
    crypto map outside_map 2 set peer 173.xxx.xxx.xxx
    crypto map outside_map 2 set transform-set ESP-3DES-SHA
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 192.168.9.0 255.255.255.0 inside
    telnet timeout 5
    ssh 192.168.9.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    dhcpd dns 208.67.222.222 208.67.220.220
    dhcpd lease 10800
    dhcpd auto_config outside
    dhcpd address 192.168.2.100-192.168.2.254 dmz
    dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
    dhcpd enable dmz
    dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
    dhcpd enable Wireless-Guest
    threat-detection basic-threat
    threat-detection statistics host number-of-rate 2
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 63.240.161.99 source outside prefer
    ntp server 207.171.30.106 source outside prefer
    ntp server 70.86.250.6 source outside prefer
    webvpn
    group-policy FDIPSECTunnel internal
    group-policy FDIPSECTunnel attributes
    vpn-idle-timeout none
    vpn-tunnel-protocol IPSec l2tp-ipsec
    username support password <removed> privilege 15
    tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
    tunnel-group 173.xxx.xxx.xxx general-attributes
    default-group-policy FDIPSECTunnel
    tunnel-group 173.xxx.xxx.xxx ipsec-attributes
    pre-shared-key *****
    smtp-server 192.168.9.20
    prompt hostname context
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
    : end
    Any ideas would be appreciated.
    John

    I don't see any inspection-commands in your config. Is there a reason for not using any of them?
    If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
    Sent from Cisco Technical Support iPad App

  • %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure

    Hi,
    I have an ASA5510 running version 8.2(5). I have set up a new network on interface Ethernet0/1.777 of the fwl. The firewall works perfectly with remote access VPNs but has now given me the error with the new network that has been set up:
    %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure
    The difference between the other networks and the new one that I have set up is that this is the first one using a private addressing scheme. I understand that NAT is not allowing something along the way but I cant figure out what needs to change in order to get it to work. My config is as follows:
    interface Ethernet0/1.777
    description TRU 777
    vlan 777
    nameif tru777
    security-level 50
    ip address 10.1.34.17 255.255.255.240 standby 10.1.34.18
    access-list acl_tru777 remark * ALLOW ALL OUTBOUND *
    access-list acl_tru777 extended permit ip any any
    access-list RA-VPN extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
    access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 10.0.0.0 255.0.0.0
    access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 172.16.0.0 255.240.0.0
    access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 192.168.0.0 255.255.0.0
    access-list acl_ra-lock-tru777 extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
    access-list acl_ra-lock-tru777 extended permit ip 10.159.159.0 255.255.255.0 10.1.34.16 255.255.255.240
    ip local pool ra-pool 10.159.159.0-10.159.159.254 mask 255.255.255.0
    nat (tru777) 4 access-list acl_no-nat
    nat (tru777) 2 10.1.34.16 255.255.255.240
    global (outside) 2 x.x.x.x
    crypto isakmp nat-traversal 20
    I think that is everything you should need, if not please just ask.
    Thank you very much in advance,
    Chris

    Hi Julio,
    Here you go:
    FWL01# sh nameif
    Interface                Name                     Security
    Ethernet0/0              outside                    0
    Ethernet0/1              CLIENTS                 50
    Ethernet0/1.314        tru01                      50
    Ethernet0/1.313        dmz01                    50
    Ethernet0/1.316        tru02                      50
    Ethernet0/1.776        dmz776                  50
    Ethernet0/1.777        tru777                     50
    Management0/0       management           100
    FWL01#  sh run nat
    nat (tru02) 1 192.168.3.0 255.255.255.240
    nat (tru777) 4 access-list acl_no-nat
    nat (tru777) 2 10.1.34.16 255.255.255.240
    FWL01#    sh run glob
    global (outside) 1 interface
    global (outside) 2 x.x.x.x
    Thanks,
    Chris

  • Asymmetric NAT rules matched for forward and reverse flows

    Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
    crypto dynamic-map L2L_MAP 50 set reverse-route
    crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
    crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
    crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
    crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
    crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 20 match address IDP_VPN
    crypto map L2L_MAP 20 set peer x.x.x.x
    crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 40 match address cp_l2l_map_40
    crypto map L2L_MAP 40 set peer x.x.x.x
    crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 60 match address bwi_l2l
    crypto map L2L_MAP 60 set peer x.x.x.x
    crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 80 match address outside_80_cryptomap
    crypto map L2L_MAP 80 set peer x.x.x.x
    crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
    crypto map L2L_MAP interface outside
    crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
    crypto map INSIDE_map interface inside
    I am able to connect successfully via vpn client.  Its just that i cant reach the internal servers...  Any ideas?
    i get this error:
    Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 denied

    I put in the important configs:
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address x.x.x.x 255.255.255.0 standby x.x.x.x
    ospf cost 10
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
    ospf cost 10
    interface GigabitEthernet0/2
    nameif dmz
    security-level 50
    no ip address
    ospf cost 10
    interface GigabitEthernet0/2.720
    vlan 720
    nameif dmz-vsp
    security-level 50
    ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
    ospf cost 10
    interface GigabitEthernet0/2.724
    vlan 724
    nameif dmz-dbz
    security-level 75
    ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
    ospf cost 10
    interface GigabitEthernet0/2.725
    vlan 725
    nameif dmz-smtp
    security-level 50
    ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
    ospf cost 10
    dns domain-lookup outside
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 10.10.10.50
    domain-name xxxx.local
    access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
    access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
    access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
    access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
    access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
    access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
    access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
    access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
    access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
    ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
    global (outside) 201 192.168.16.1-192.168.16.250
    global (outside) 202 10.201.5.145-10.201.5.158
    global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
    global (outside) 101 interface
    global (outside) 1 x.x.x.x netmask 255.0.0.0
    global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
    nat (inside) 0 access-list nonatacl
    nat (inside) 201 access-list NAT_TO_IDP
    nat (inside) 202 access-list inside2-vsp_nat_outbound
    nat (inside) 101 0.0.0.0 0.0.0.0
    nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
    nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
    route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
    route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
    route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
    route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
    route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
    route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
    route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
    route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
    route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server VPN_Auth protocol radius
    aaa-server VPN_Auth (inside) host 10.10.2.20
    timeout 5
    key *****
    no mschapv2-capable
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map L2L_MAP 50 set reverse-route
    crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
    crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
    crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
    crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
    crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
    crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 20 match address IDP_VPN
    crypto map L2L_MAP 20 set peer x.x.x.x
    crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 40 match address cp_l2l_map_40
    crypto map L2L_MAP 40 set peer x.x.x.x
    crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 60 match address nonatacl
    crypto map L2L_MAP 60 set peer x.x.x.x
    crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 80 match address outside_80_cryptomap
    crypto map L2L_MAP 80 set peer x.x.x.x
    crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
    crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
    crypto map L2L_MAP interface outside
    crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
    crypto map INSIDE_map interface inside
    crypto isakmp enable outside
    crypto isakmp enable inside
    crypto isakmp enable dmz
    crypto isakmp enable dmz-vsp
    crypto isakmp policy 20
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    no vpn-addr-assign aaa
    no vpn-addr-assign dhcp
    group-policy ihasavpn2_gp internal
    group-policy ihasavpn2_gp attributes
    dns-server value 10.10.10.52
    vpn-tunnel-protocol IPSec
    default-domain value xxxx.local
    tunnel-group ihasavpn2 type remote-access
    tunnel-group ihasavpn2 general-attributes
    address-pool inshse-vpn-pool2
    authentication-server-group VPN_Auth
    authentication-server-group (inside) VPN_Auth
    default-group-policy ihasavpn2_gp
    tunnel-group ihasavpn2 ipsec-attributes
    pre-shared-key *****
    tunnel-group ihasavpn2 ppp-attributes
    authentication ms-chap-v2

  • Question on Forwarding and Filters

    Hi,
    I have a servlet X that forwards to a servlet Y. When Y is requested directly there is a filter specified in web.xml that does some preprocessing of the request. When X forwards to Y I want the request to pass through the filter, but it seems to go straight to Y. Associating the filter with X wont work because the filter would then process the request before X, instead of between X and Y. I can incorporate the functionality of the filter in Y but that defeats the whole purpose of using filters (there is a situation where I want to use Y without the filter). Is there is way to do what I want?
    Thanks,
    Paul

    Thanks for the info. You are correct, I was using 'forward'. I changed it to use 'sendRedirect' and this time the request goes via the filter. However, the request parameters that were in the original request have disappeared after the 'sendRedirect'. I could just add all the request parameters to the string I pass to sendredirect but was wondering if there was a better/simpler way.
    Thanks,
    Paul

  • Server Specs for SLES and GW 12

    I need to look into a new server to put SLES and GroupWise 2012 on it. I am having trouble finding server specs for this, so I was hoping to get a little advice. GW will be the only thing on this box, one PO with about 150 users. Hoping to build something or purchase something that isn't too expensive due to budget restraints.
    Thanks

    I work for a small non profit organization and we only have one server, never found the need for virtualized servers.
    >>> magic31<[email protected]> 3/6/2013 1:46 AM >>>
    umchs;2250164 Wrote:
    > I need to look into a new server to put SLES and GroupWise 2012 on it.
    > I am having trouble finding server specs for this, so I was hoping to
    > get a little advice. GW will be the only thing on this box, one PO with
    > about 150 users. Hoping to build something or purchase something that
    > isn't too expensive due to budget restraints.
    >
    > Thanks
    If this is going to be a dedicated physical setup (you are not planning
    to run GroupWise on a virtualised server) you should not need a big
    budget to find a decent server for those 150 users.
    IMO, a dual core CPU with 4 GB of RAM would seem quite sufficient in
    this case. Getting a proper disk controller (with a true hardware raid
    handling if you are looking for a raid setup) & decent disks that can
    handle the I/O required is important too.
    The A brand entry level servers that I've seen easily meat this
    requirement. Do make sure it's suitable for 64bit.
    In any case, GroupWise 2012 has about the same requirements version 8
    would demand.
    I'm curious, you are not already virtualising servers?
    Cheers,
    Willem
    Knowledge Partner (voluntary sysop)
    It ain't anything like Harry Potter.. but you gotta love the magic IT
    can bring to this world
    magic31's Profile: http://forums.novell.com/member.php?userid=2303
    View this thread: http://forums.novell.com/showthread.php?t=464618

  • Passing two values in a column prompt for display and filtering

    Hi All,
    Is there a workaround to use two columns in a prompt for display and passing the input value for a prompt value in dashboard prompt? For eg we want to display the description in the prompt but pass the id to the filter value or presentation variable, just like we have in bi publisher,LOV automatically grab the two value for display and actual value to pass to the query.Therefore, user will click the description and corresponding id will be saved in presentation variable from the prompt .
    Thanks,
    Sushil
    Edited by: 872073 on Apr 5, 2013 11:06 AM

    Check this
    http://www.rittmanmead.com/2010/08/oracle-bi-ee-11g-handling-double-columns-iddescription-interoperability/

  • Three finger swiping for forward and backwards

    I just recently installed Lion (Yay) and I noticed that they have taken out something that I really used a lot in Snow Leopard; the three finger swiping, that could navigate back and forward through pages on the web and replaced the need of using the arrow keys to navigate up and down in apps such as Mail. I loved this feature because it simply made it easier and enjoyable to navigate. I know that it has been replaced with a two finger swipe, but to my knowlege, this is only used it Safari not Chrome or anyother application. Now my question is "Is there a way to get it back?" I'm just looking for something that will at least get the two finger swipe to navigate more than the Safari Application.
    Cheers,
    Callum

    So i was in the same boat, and I literally just figured it out like 5 mins ago.
    Go into system preferences>Trackpad, click on the tab for More Gestures
    Its the very first option you come to on that page, Its 'Swipe between Pages', I was used to 3 fingers left or right.
    Ahh back to normal...On to other problems with Lion. Good Luck and I hope this helped.

  • Delivery date for forwarder and plant

    Hi Gurus,
    I have got one issue, the description provided for me is "We have delivery date plant, and delivery date forwarder, but in case we use one lead time, should only delivery date plant showed in form." Could any body help me out in this regard.
    Please reply me if you need any further information.
    warm regards
    Sridhar B

    Yeah got ur point i was mapping the table configuaration for ur reference.
    This grouping is supposed to make sure that all materials are delievered at the same Date (VBEP-EDATU) and must use the last date in the delivery group.
    say materials  X -- DELIVERY DATE  20 12 2006
                         Y -- DELIVERY DATE  27 12 2006
    so the matnrs are avalaible in VBAP along with  for the VBELN and POSNR values now pick the delivery date for this material from VBEP   ,,
    Now once the itab is sorted by delivery group  and EDATU descending .
    so X and Y are present in for delivery group 001 say .
    X -- DELIVERY DATE  20 12 2006
    Y-- DELIVERY DATE  27 12 2006
    after sort by date it will be
    Y-- DELIVERY DATE  27 12 2006
    X -- DELIVERY DATE  20 12 2006
    which will pick up the latest date (or max date)
    Tis was what i meant to say.
    what is the incude you r using ?
    regards,
    vijay

  • Which specs for FCP and which camcorder?

    Hi guys,
    will be using the macbook for editing gigs/events/music video's etc. what specs would be best?
    and any thoughts on a camcorder? currently got my eye on sony hxr mc50e but wanting to know if you think any others are better?
    defo needs to be HD, portable, SD preferred over MiniDV, Needs to have good low light recording and good audio. Max budget is about £1300
    hope u can help
    many thanks

    If, despite all advice to the contrary, you still go for the MacBook Pro then I'd recommend the base 17” MacBook Pro (MBP) configuration, with 160GB 5400 RPM hard disc option, and an additional 1 GB RAM (to make 3 GB total).
    Why the 17” model?
    Because when editing you need as much screen space as possible. Yes, it is bigger and heavier than the 15”, but I think that it’s larger and higher resolution display is worth that sacrifice.
    Why the bigger but slower 160GB 5400 RPM hard disc option?
    Laptop drives already have a much smaller capacity than their desktop cousins and those little drives, inevitably, fill up quickly with all your stuff!
    And of course, you're planning to get an external media drive too, right? If you don’t have one then your internal disc will be eaten up by clip media in no time (especially if you opted for the smaller faster internal disc).
    Why 3 GB RAM?
    Well OK, thats an expensive option, but seriously, if you can afford it the money is well spent.
    I'd also strongly recommend the extended AppleCare Protection Plan.

  • ICloud mail forward and filters broken, again.

    Trying to forward iCloud mail to gmail. Keeps saying 'can't do that now, try again later'. It's been like this for several days. Any idea when it will be fixed?

    Have you had any luck getting it to work?  I'm in the same situation.

  • I cannot expand (maximize) new windows for forwards and writing new messages

    I am using the most recent version of Thunderbird on W7 laptop. When i attempt to forward an email it shows up as being there on the task bar (when you hover the mouse over the TB icon it shows all the new windows), I cannot maximize these new windows. It does the same thing when I try to create a new message. I can see the thumbnail on the task bar but I cannot expand it. It lets me close it, but that's it. I can read emails fine unless I double-click them. It opens the message in a new window but I cannot expand it.
    Any ideas?

    Do you have the option to activate/ have focus on the window which the mouse is hovering over? I'm thinking that if you have this option selected then the main TB window may stay in focus because that is where the mouse pointer is pointing?
    If you click on 'Write' and you see the Write icon in bottom Task Bar, this sounds like the window has opened but it is either:
    Not got focus, so it is hidden behind the main thunderbird interface or another opened window.
    or it has opened in minimised state, so is not behind other opened windows.
    '''First test: '''
    Click on Write to open a new Write message.
    Minimise Thunderbird, so it shows as icon on bottom Task Bar.
    Can you see the open Write window?
    If yes, then the Write message window is not getting focus.
    If no
    click on the Write icon in the Task Bar does it then open?
    If yes, then the Write window is opening in a minimised state.
    When you right click on the Write window icon in the bottom task bar, please list all options available - not the greyed out ones.
    What results did you get?
    Second Test: Restart Thunderbird in Safe mode.
    Help > Restart with Addons disabled
    Now test:
    click on Write - did Write window open in the front in focus.
    If yes then it is likely that an addon is causing a conflict.
    You would need to test by gradually enabling addons/extensions until you find the one which is causing the problem.
    So, restart thunderbird, then go to Tools > Addons disable all the addons and then enable one at a time to see when the error occurs. This will tell you which Addon is causing the problem.
    Maybe the addon needs updating.
    Please report back on results.
    In both thunderbird Safe mode and normal mode, does Ctrl+N open a new Write window in focus ?

  • Forward and backward buttons for a player

    Hi all,
    this is rakesh. I am trying to make a media player in swings(using media API). But i am not getting functions for forwarding and rewinding a song. so can any one help me by giving any idea about how to write that function. Any idea that is useful for this functions.
    thanking u all
    Rakesh...

    If you are using CS4, there is a Command to create a Web Album... this does it automatically for you.
    Otherwise, you can create this manually.  Say you have 3 pages,
    page1.html  (is the index page of the album)
    page2.html
    page3.html
    Therefore, using ordinary text links
    Home would link to page1.html
    Previous would link to page3.html
    Next would link to page2.html
    You would need to make adjustments naturally to each page as you move along with the gallery pages, changing the previous and the next links as needed.  Below is a a basic example of setting up the links in a simple table structure.  You would also then style the table layout as you see fit - yes, using css preferably  :-)
    <table>
    <tr>
    <td><h2>MY GALLERY OF PHOTOS</h2>
    <a href="page3.html">Previous</a> | <a href="index.html">Home</a> | <a href="page2.html">Next</a>
    </td>
    </tr>
    <tr>
    <td>
    <br>
    <a href="../images/img_2401_jpg.jpg"><img src="../images/img_2401_jpg.jpg" border=0></a><br>
    </td>
    </tr>
    </table>
    Here's an article on creating an album using the DW Command I mentioned earlier. You could create the album and then copy and paste the code into a current page if you've already designed on.,... not too difficult, I just tested it.  You do however, need to have Fireworks to process the images.
    http://livedocs.adobe.com/en_US/Dreamweaver/9.0/help.html?content=WSc78c5058ca073340dcda91 10b1f693f21-7ad1.html
    You could also check out the Lightbox effect which is very popular:
    http://www.lokeshdhakar.com/projects/lightbox2/
    Or do a google search for 'jquery'.  There are different album effects using that framework as well.
    Hope some of this helps  :-)
    Nadia
    Adobe® Community Expert : Dreamweaver
    Unique CSS Templates |Tutorials |SEO Articles
    http://www.DreamweaverResources.com
    Book: Ultimate CSS Reference
    http://www.sitepoint.com/launch/005dfd4/3/133
    http://twitter.com/nadiap

  • How to change the style of icons used on the tool bars mainly the forward and backwards arrows

    Hi .
    There always used to be a way of changing the look of firefox the arrowws ect at the moment i have just outline type arrows for forwards and backwards i would far rather have the older Green arrows far easier to see and look far better how do i cange this now
    This is on Firefox 9.0.1 64 bit on Arch Linux current

    Ok well this has only recently happened that the arrows have gone to these horrible outline things i use themes and personas but this is a new effect so looks like ity is down to canning either themes or personas because those arrows are to put it politely disgusting

  • How to place Forward and Back button in left pane of WebHelp?

    Along with buttons for Contents, Index, Search, and Glossary, I want to put buttons for Forward and Back in the left pane of my WebHelp. These buttons appear automatically on the WebHelp Skin Editor dialog box in an earlier version of RoboHelp, but in RoboHelp HTML 10, they do not appear. What do I have to do to enable them? I see there was another article about this on the RoboHelp forum, but I really don't understand what it's telling me to do.
    Thanks for any help!

    I believe I have covered that aspect in a file you may download from the link below:
    Click here to view the page
    Cheers... Rick

Maybe you are looking for