CME conferencing source IP address

Similar Messages

• Route call based on source IP address

  Hello Guys,
  Is there a way to route calls based on source IP address?
  I want to redirect calls to specific queues based on the ip of the phone who's starting it.
  Any ideas?
  Thanks in advance.
  Filipe Leite                  

  Hi Filipe
  I'm assuming here that you are using CallManager rather than CME?
  One option might be to use the 'device mobility' feature to assign a specific CSS to devices based on their IP subnet. That CSS could have the appropriate partitions to route to a seperate trigger that directs calls to a separate CSQ.
  Of course, whether you can do this depends on whether it would be appropriate to override the device CSS in this way.
  Aaron

• Ip igmp snooping querier on Nexus, what source IP address to use?

  Am looking at a problem with servers in the same vlan across multiple switches that are unable to communicate using multicast. I have found that in the systen I'm to set up I need to apply the ip igmp snooping querier command, in the vlan, but it needs a source IP address.
  Different documents make conflicting recommendations for this address, one suggests that any unused address will do, another suggests to use the IP address that is configured on the SVI for the vlan.
  Which is correct?

  Eventually I had to ask Cisco TAC, the response was that any IP address within the subnet could be used. The recommendation was to allocate an unused address in the vlan subnet for this purpose, use the same address on multiple switches should resiliance be required.

• ISCSI Initiator favourites revert to using the IPv6 or the apipa IP address from other NICs instead of the source IP address that I specified

  Windows 2008 R2
  ISCSI Initiator favourites revert to using the IPv6 or the apipa IP address from other NICs instead of the source IP address that I specified. 
  When I manually connect to multiple targets and specify the correct ISCSI source IP address, I check the favourites and everything looks okay. But when the server is rebooted I check the favourites again and the source IP is now referencing the IPv6 and
  sometimes the apipa address. 
  I have unbound IPv6 from the ISCSI NICS but this has made no difference.
  Can anyone explain why this is happening?
  Although the server still reconnects to the storage oaky, I’m concerned that if a path goes down that is might try to use the wrong interface to re-establish a connection.
  Thanks.  

  Hi,
  IPV6 is supported with MS iSCSI. Do you have Multiple Connections per Session (MCS) configured? Is your storage configured to use both IPv4 and IPv6?
  If yes, please see if http://support.microsoft.com/kb/2014131 helps.
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to change the source ip address

  hi all,
  i got the problem that how to change the source ip address when i
  get a website's page!
  i mean i want to change the source ip address when i access the
  remote website, sure i know when change the source ip, i can not get
  the result correctly when changing the source ip address, but it is not
  important to get the result i just want to send out a "click" event to the website by calling a post method in the site!
  does anybody have some ideas?
  Best Regards,
  Eric Gau

  Here's some code that connects to google and does a get:
  import java.io.*;
  import java.net.*;
  public class HTTPTest {
      private Socket sock;
      private BufferedReader in;
      private BufferedWriter out;
      private boolean running = false;
      HTTPTest() {
      private void go(String site) {
          try {
              sock = new Socket(site, 80);
              in = new BufferedReader(new InputStreamReader(sock.getInputStream()));
              out = new BufferedWriter(new OutputStreamWriter(sock.getOutputStream()));
              System.out.println("Connected");
              out.write("GET / HTTP/1.1\r\n\r\n");
              out.flush();
              doRead();
          } catch (IOException e) {
              e.printStackTrace();
      private void doRead() {
          running = true;
          String line;
          System.out.println("Read started");
          while (running) {
              try {
                  line = in.readLine();
              } catch (IOException e) {
                  e.printStackTrace();
                  line = null;
              if (line == null) {
                  running = false;
              } else {
                  System.out.println(line);
          System.out.println("Socket closed");
      public static void main(String [] args) {
          String site;
          if (args.length > 0) {
              site = args[0];
          } else {
              site = "google.ca";
          new HTTPTest().go(site);
  }

• Redirect based on source IP address????

  I have a site that I don't want our competitors to view! By
  tracking code, I have managed to obtain their source IP addresses.
  After looking around, there is a .php solution to my problem
  but my host is not well suited to .php files (although it does some
  processing).
  My pages are in .shtml (to process css drop-down menus
  correctly) and I understand that this attached code, if put at the
  top of the page before anything else, will work.
  I have managed to get one working
  http://www.donbur.co.uk/gb/newindex.php
  but am having difficulty getting this code to work elsewhere.
  The problem is, when I try to put this code into either a
  template or as an include, it won't process correctly or the page
  won't render at all.
  Do I have to use .php files or can I insert php script into
  an .shtml document.
  Getting really confused now.... HELP

  Thanks for the constructive advice...
  quote:
  >After looking around, there is a .php solution to my
  problem but my host is not well
  >suited to .php files (although it does some processing).
  What does this mean? Does your hosting plan include php
  support or not?
  You can't just put a php script into any page. It needs to be
  a .php page or you need to reconfigure the server to parse other
  pages for php. But if your hosting plan doesn't support php then it
  won't work in any case.
  My host is BT Internet and they claim not to process .php
  files which is why our main .php site is hosted elsewhere; however,
  it seems that, although it has difficulty (to clarify: doesn't
  render) with main full scripts, it does seem to process simple
  <?php echo commands for example.
  It has been suggested on another forum that the .shtml files
  are set to be recognised by .php in the cpanel but our host will
  not do this...
  Our competitors are not particularly smart or up-to-date and
  this would have been reasonably effective; however, I bow to better
  judgement and close this topic.

• Load balancing based on source IP address

  Hi,
  I configured a CSS to balance the load depending on source IP address to suppport a application feature in the server.
  We have two firewalls and behind we have different users. We have also two servers behind the CSS.
  Firewalls perform NAT with a unique outside IP address. So, for example, in these conditions the CSS balances requests coming from FW 1 to server 1 and requests coming from FW 2 to server 2. Is it correct this scenario?
  Is it possible that requests coming from FW 1 could be forwarded to Server 2 and viceversa?
  Could anyone answer me?
  Thanks in advance.
  Best regards.
  Giuseppe.

  Giuseppe,
  it all depends on how you configured your CSS.
  Did you use an ACL to force traffic from SRC1 to server1 and traffic from SRC2 to server2 ?
  Or did you simply configure sticky based on source ip or a source ip hash loadbalancing ?
  Except the ACL, all other methods do not guarantee that the traffic will be splitted in 2.
  Gilles.

• Log connection attempts and source IP address for connections that fail/timeout on RADIUS

  How can I log the connection attempts and source IP address for connections that fail RADIUS authentication?  I'm using RD Gateway on 2012 R2 in conjunction with Azure Multi-Factor Authentication Server on another 2012 R2 server.  When a user fails
  multifactor authentication or the authentication times out, all I get is Security event 6273 on the RD Gateway that the radius server did not process the request, and only the radius server's IP is logged.  There's nothing logged in TerminalServices-Gateway\Operational
  because the TS Gateway hasn't yet processed the connection attempt (all auditing options for RD Gateway are enabled).  The MFA/Radius Server is only logging the connection from the TSGateway - it doesn't know the original client's IP address.
  I'm looking for the equivalent of an IIS log - somewhere the RD Gateway should log the initial HTTPS connection attempt and the source IP address of the client.  I need to be able to track down potentially fraudulent login attempts. 

  Hi,
  Thank you for your posting in Windows Server Forum.
  This error might be caused by one of the following conditions:
  •  The user does not have valid credentials
  •  The connection method is not allowed by network policy
  •  The network access server is under attack
  •  NPS does not have access to the user account database on the domain controller
  •  NPS log files or the SQL Server database are not available
  To perform these procedures, you must be a member of Domain Admins.
  Please check for more information:
  Event ID 6273 — NPS Authentication Status
  http://technet.microsoft.com/en-us/library/cc735399(v=ws.10).aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Source URL/Address - Hazel

  Hazel is not supporting my credit card so I cant get it. But in the trial version Hazel has this property "Source URL/Address" which is the same information as "Where from" value in "Get info" in the contextual menu of a file. 
  Does anyone know how to access this Where from value through AppleScript? If Hazel can do it why cant AppleScript?

  Hi
  set the_path to POSIX path of (choose file) as string
  set the_where_froms to (do shell script "mdls -name kMDItemWhereFroms " & quoted form of the_path)
  Hope this helps.
  H

• Doing Source IP address NAT. Using 1 address vs using many

  I have a few implimentations where I am using source groups to do NAT on the client's source IP address. It is possible to always translate the source IP address to the same one, or to have it be different depending on the content rule you hit.
  Is there any advantage of one over the other?

  Thanks for the thoughts. I am aware of the content rule limitation, and actually, (depending on your definition of PAT vs NAT) the CSS can do NAT of the source IP address using source groups and an ACL. It can translate the source IP address of an incoming packet from a client into a different IP address. You don't really have a pool of addresses like you do on a Cisco router, you can specify a single IP address to translate the source address to, or different ones depending on the content rule you hit, so it is kind of like NATing with overload on a router. I am doing it now.
  The basic steps for doing NAT on the source(I.E.-Client's) IP address are:
  group [groupx]
  ip address [source address you want to change client IP to]
  active
  acl 1
  clause 10 permit any any destination [VIP of content rule] sourcegroup [groupx]
  apply circuit-(VLANx)
  If the inbound packet on VLANx matches all the criteria in the clause statement, the "sourcegroup" part of the clause statement links you to the ip address that you want to NAT your client's source address to.
  You can build on this and make it as fancy as you like, even translating the source address to different addresses depending on the content rule you hit. I'm just wondering if there is an advantage of using many different IP addresses over using just one.

• VRF selector using PBR or Source IP address

  Could anyone can tell which is the better choice of VRF selector using PBR or Source IP address? From Cisco doc, VRF selection based on Source take advance over PBR. My feeling is that PBR may match more criterias than just match source IP address.
  Thanks

  I would personally use the "VRF selection based on source IP address" only where the "VRF selection using PBR" is not available since the latter is a superset of the former.
  Hope this helps,

• Source ip address for icmp messages not what is expected

  We have a router that has interfaces in multiple VRFs.  One interface sits on an interface that is routed on the Internet.  Other interface sits on a VRF that is in a private address space and is used for WAN connectivity.  The strange behavior that I'm seeing is related to icmp messages coming off the router.  It appears that scanners hitting the Internet-facing interface cause the router to generate icmp messages (type 3) that are source using the IP address of the WAN-facing interface and they are routed across the WAN, into our data center and dropped by our firewall due to anti-spoofing rules.  Is this normal behavior?  Doesn't seem normal to me. Is this behavior something that can be changed via configuration?

  probabaly some body attacking you
  you need inbound access-list in Internet-facing interface.
  and you need to filtr private source addresses classes  A, B, C 
  ip access-list extended InWorld
   deny   ip any 192.168.0.0 0.0.255.255
   deny   ip any 172.16.0.0 0.15.255.255
   deny   ip any 10.0.0.0 0.255.255.255
   permit ip any any
  interface FastEthernet0
   description Internet-facing interface
   ip address 9.2.3.6 255.255.255.252
   ip access-group InWorld in
  later you will see hit counts
  sh access-lis
  here is detailed explanation
  http://www.techrepublic.com/article/prevent-ip-spoofing-with-the-cisco-ios/
  they using more complicated acces-list
  In a typical IP address spoofing attempt, the attacker fakes the source of packets in order to appear as part of an internal network. David Davis tells you three ways you can make an attacker's life more difficult&mdash;and prevent IP address spoofing. 
  As you know, the Internet is rife with security threats, and one such threat is IP address spoofing. During a typical IP address spoofing attempt, the attacker simply fakes the source of packets in order to appear as part of an internal network. Let's discuss three ways you can protect your organization from this type of attack.
  Block IP addresses
  The first step in preventing spoofing is blocking IP addresses that pose a risk. While there can be a reason that an attacker might spoof any IP address, the most commonly spoofed IP addresses are private IP addresses (RFC 1918) and other types of shared/special IP addresses.
  Here's a list of IP addresses—and their subnet masks—that I would block from coming into my network from the Internet:
  10.0.0.0/8
  172.16.0.0/12
  192.168.0.0/16
  127.0.0.0/8
  224.0.0.0/3
  169.254.0.0/16
  All of the above are either private IP addresses that aren't routable on the Internet or used for other purposes and shouldn't be on the Internet at all. If traffic comes in with one of these IP addresses from the Internet, it must be fraudulent traffic.
  In addition, other commonly spoofed IP addresses are whatever internal IP addresses your organization uses. If you're using all private IP addresses, your range should already fall into those listed above. However, if you're using your own range of public IP addresses, you need to add them to the list.
  Implement ACLs
  The easiest way to prevent spoofing is using an ingress filter on all Internet traffic. The filter drops any traffic with a source falling into the range of one of the IP networks listed above. In other words, create an access control list (ACL) to drop all inbound traffic with a source IP in the ranges above.
  Here's a configuration example:
  Router# conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Router(config)# ip access-list ext ingress-antispoof
  Router(config-ext-nacl)# deny ip 10.0.0.0 0.255.255.255 any
  Router(config-ext-nacl)# deny ip 172.16.0.0 0.15.255.255 any 
  Router(config-ext-nacl)# deny ip 192.168.0.0 0.0.255.255 any 
  Router(config-ext-nacl)# deny ip 127.0.0.0 0.255.255.255 any
  Router(config-ext-nacl)# deny ip 224.0.0.0 31.255.255.255 any
  Router(config-ext-nacl)# deny ip 169.254.0.0 0.0.255.255 any     
  Router(config-ext-nacl)# permit ip any any     
  Router(config-ext-nacl)# exit
  Router(config)#int s0/0
  Router(config-if)#ip access-group ingress-antispoof in
  Internet service providers (ISPs) must use filtering like this on their networks, as defined in RFC 2267. Notice how this ACL includes permit ip any any at the end. In the "real world," you would probably have a stateful firewall inside this router that protects your internal LAN.
  Of course, you could take this to the extreme and filter all inbound traffic from other subnets in your internal network to make sure that someone isn't on one subnet and spoofing traffic to another network. You could also implement egress ACLs to prevent users on your network from spoofing IP addresses from other networks. Keep in mind that this should be just one part of your overall network security strategy.
  Use reverse path forwarding (ip verify)
  Another way to protect your network from IP address spoofing is reverse path forwarding (RPF)—or ip verify. In the Cisco IOS, the commands for reverse path forwarding begin with ip verify.
  RPF works much like part of an anti-spam solution. That part receives inbound e-mail messages, takes the source e-mail address, and performs a recipient lookup on the sending server to determine if the sender really exists on the server the message came from. If the sender doesn't exist, the server drops the e-mail message because there's no way to reply to the message—and it's very likely spam.
  RPF does something similar with packets. It takes the source IP address of a packet received from the Internet and looks up to see if the router has a route in its routing table to reply to that packet. If there's no route in the routing table for a response to return to the source IP, then someone likely spoofed the packet, and the router drops the packet.
  Here's how to configure RPF on your router:
  Router(config)# ip cef
  Router(config)# int serial0/0
  Router(config-if)# ip verify unicast reverse-path
  Note that this won't work on a multi-homed network.
  It's important to protect your private network from attackers on the Internet. These three methods can go a long way toward protecting against IP address spoofing. For more information on IP address spoofing, read "IP Address Spoofing: An Introduction."
  Is IP address spoofing a major concern for your organization? What steps have you taken to protect the company? Have you used RPF? Share your experiences in this article's discussion.
  and dont forget to rate post

• On getting packet 's source ip address

  Hi, i have been given project problem to capture packets and filter them base on their source ip addresses then later perform some analysis, but do not know how to get source ip address of a packet. could any one assist me through, its urgent please.
  Thank u and all the best.

  Thank u all for ur zeal [How To Ask Questions The Smart Way|http://www.catb.org/~esr/faqs/smart-questions.html#writewell]
  http://www.catb.org/~esr/faqs/smart-questions.html#writewell
  Eric Steven Raymond
  Rick Moen
  Write in clear, grammatical, correctly-spelled language
  We've found by experience that people who are careless and sloppy writers are usually also careless and sloppy at thinking and coding (often enough to bet on, anyway). Answering questions for careless and sloppy thinkers is not rewarding; we'd rather spend our time elsewhere.
  So expressing your question clearly and well is important. If you can't be bothered to do that, we can't be bothered to pay attention. Spend the extra effort to polish your language. It doesn't have to be stiff or formal - in fact, hacker culture values informal, slangy and humorous language used with precision. But it has to be precise; there has to be some indication that you're thinking and paying attention.
  Spell, punctuate, and capitalize correctly. Don't confuse "its" with "it's", "loose" with "lose", or "discrete" with "discreet". Don't TYPE IN ALL CAPS; this is read as shouting and considered rude. (All-smalls is only slightly less annoying, as it's difficult to read. Alan Cox can get away with it, but you can't.)
  More generally, if you write like a semi-literate b o o b you will very likely be ignored. So don't use instant-messaging shortcuts. Spelling "you" as "u" makes you look like a semi-literate b o o b to save two entire keystrokes.

• Source IP Address Access Rule Not Working

  I'm trying to create and access rule that denies certain source IP addresses
  from making SMTP connections to my email server. I create the access rule
  and put it at the top of the list but the connections are still happening.
  It's a deny rule to block Port, Service: SMTP, Origin Server Port 25, TCP &
  UDP, Specified 'ip addresses', Destination 'any'. Granted I have my email
  NATed through a secondary IP address to the email server. Any ideas why this
  isn't working? Thanks.

  It's a GWIA.
  >>> On 11/22/2006 at 11:27 AM, in message
  <bw19h.1043$[email protected]>, Jim
  Michael<[email protected]> wrote:
  > Adrian van Ravesteyn wrote:
  >> OK, that makes sense. Is there a way I can limit access for certain ip
  >> addresses on this NATed interface?
  >
  > Giving access to "all but a few" is a problem, but limiting access to
  > "all but a few" is relatively easy (you just create the exceptions you
  > need, with the allowed source IPs). You're better off blocking specific
  > IPs at your SMTP server. Is your mail server a GroupWise GWIA, or
  > something else?

• Datagram source IP address in J2ME

  When receiving a UDP datagram in MIDP/CLDC, how can I learn the source IP address of the datagram? Calling Datagram.getAddress() seems to return the source hostname (e.g. computer.sun.com) instead of an IP address.

  jpcap : http://jpcap.sourceforge.net/