CSM nat client sample config

Similar Messages

• [svn:bz-trunk] 13477: Bug: BLZ-455 - Document client-load-balancing property in the sample config

  Revision: 13477
  Revision: 13477
  Author:   [email protected]
  Date:     2010-01-13 05:17:10 -0800 (Wed, 13 Jan 2010)
  Log Message:
  Bug: BLZ-455 - Document client-load-balancing property in the sample config
  QA: No
  Doc: No
  Ticket Links:
      http://bugs.adobe.com/jira/browse/BLZ-455
  Modified Paths:
      blazeds/trunk/resources/config/services-config.xml

• Sample config

  So I have been trying to setup trunking (got that done and tested) on a pair of CSS 11503's and now i would like to setup ASR, vr and vip redudnacy to failover between them. Does anyone have any samples of how to do this with all public ips, all the cisco docs are for nat'd configuration which we do not run, everything would be public.
  right now management of the css is done over vlan100 but the servers are in vlan150, different subnet's obviously however what is messing me up is the docs are all saying to use outside public ips and inside for the servers. I only have public ips and don't have time to change anything to a nat...any help would be great

  actually let me append my previous comment with a question..
  since I am trunking up (to my 6509s) and down (to various switches)...what should my default route be on the CSS's
  i have 2 vlan's right now
  vlan 10
  ip address 192.168.10.10 255.255.255.240
  vlan 20
  ip address 192.168.11.11 255.255.255.224
  in my global however I am using
  ip route 0.0.0.0 0.0.0.0 192.168.10.1 1
  10.1 btw is a virtual (HSRP address) on my 6509's
  11.1 would be the virtual (HSRP address) on my 6509's for vlan20 etc..
  so yes my previous statement about the gateways for my web servers pointing to the CSS is true (redudant int), however if I have other servers on my switches that are not in the lb's groups and I point it those servers to my HSRP virtual for vlan20's 11.1 i cannot ping it... so what are my options cause I would rather not change gateways on some of the other machines that won't be load balancing.
  I noticed in the trunking sample config the global had no route, but when i removed it, i couldn't get to anything (of course).
  thanks again

• Mail Client Sample using Flex

  Hi, Is there a Flex/Air Mail Client sample demo application (with source code) like the the GWT one  -- http://gwt.google.com/samples/Mail/Mail.html --
  Thank you for your help

  No.

• Sample config for wireless

  Hi
  Does anyone have a sample config for standalone Cisco AP1252 (Cisco IOS)  for AD Authentication for wireless ?
  Appreciated your kind reply.

  The short version :
  in config terminal mode :
  -radius-server host auth-port 1812 acct-port 1813 key 0
  -aaa authentication dot1x eap_methods group radiusThen you need to configure your ssid for dot1x :-dot11 ssid -authentication open eap eap_methods-authentication network-eap eap_methodsThis is only the part needed for radius interaction. This assumes that you already configured your SSID with according WPA settings.that's about it I think.If you want info about more commands or so, just check out this link :http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap11-authtypes.html#wp1002608

• Sample Config - IDSM-2

  I'm looking for a sample config for a IPS IDSM-2. I've been reviewing the configuration manual and love the excruciating detail, but would like to work from a sample config. Maybe just the basics to get started and then I can add stuff in later.
  Any samples would be most appreciated.
  Thanks,
  Mike

  You need to decide the mode you want to run your IPS in? Promiscuous, Inline (VLAN/Interface pair) ?
  Here are two examples from CCO:
  https://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_example09186a0080876d9f.shtml
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml
  Regards
  Farrukh

• CSM client device config

  Hi,
  On CSM Client >device> Access rules is showing the old config and not showing the active running config. Where as tools>preview configuration show me the running config.
  How do I make the csm client show the running config.
  Thanks.

  Raj;
    When managing devices with CSM, it is expected that all configuration changes made to the device are made via CSM.  Any changes made via PuTTY will not be reflected within CSM without first re-discovering the device's policies.
    The screenshot does not indicate a specific error, only that policy objects alreadty present in CSM were re-used with this device.  For the yellow triangle items, you will need to highlight each item and reference the matching description pane.  But from the overall status, the discovery was completed successfully with three warnings.
  Thanks,
  Scott

• Sample Config ACE20-MOD-K9

  Hi,
  Can some one help me with a sample configuration for ACE20?
  Rgds....Partha Acharya

  here is a copy of my lab config.
  switch/User1# sho run
  Generating configuration....
  logging enable
  logging buffered 7
  access-list PERMIT_ANY line 10 extended permit ip any any
  access-list app line 10 extended permit ip host 192.168.20.41 any
  probe http ACECFG-http
  interval 5
  faildetect 2
  passdetect interval 10
  request method get url /index.html
  expect status 200 299
  probe ftp ftp_probe
  interval 10
  passdetect interval 10
  expect status 0 999
  open 5
  parameter-map type connection REPL
  parameter-map type connection TCP
  rserver host 20.20.20.20
  ip address 20.20.20.20
  inservice
  rserver host REFLECTOR-10
  ip address 192.168.60.10
  inservice
  rserver host REFLECTOR-11
  ip address 192.168.60.11
  inservice
  rserver host REFLECTOR-12
  ip address 192.168.60.12
  inservice
  rserver host REFLECTOR-13
  ip address 192.168.60.13
  inservice
  rserver host REFLECTOR-14
  ip address 192.168.60.14
  inservice
  rserver host REFLECTOR-15
  ip address 192.168.60.15
  inservice
  rserver host linux1-48
  ip address 192.168.30.48
  rserver host linux2
  ip address 192.168.20.41
  inservice
  serverfarm host 20.20.20.20
  rserver 20.20.20.20
  inservice
  serverfarm host REFLECTOR
  predictor leastconns
  rserver REFLECTOR-10
  weight 1
  inservice
  rserver REFLECTOR-11
  weight 1
  inservice
  rserver REFLECTOR-12
  weight 1
  inservice
  rserver REFLECTOR-13
  weight 1
  inservice
  rserver REFLECTOR-14
  weight 1
  inservice
  rserver REFLECTOR-15
  weight 1
  inservice
  rserver linux1-48
  inservice
  serverfarm host linux2
  failaction purge
  probe ACECFG-http
  rserver linux2
  inservice
  serverfarm host linux2-ftp
  probe ftp_probe
  rserver linux2 21
  inservice
  sticky ip-netmask 255.255.255.255 address source STICKY-REFLECTOR
  replicate sticky
  serverfarm REFLECTOR
  class-map match-all NAT
  2 match access-list app
  class-map type http loadbalance match-all URL
  2 match http url .*
  class-map match-all VIP-250-80
  2 match virtual-address 192.168.100.250 tcp eq www
  class-map match-all VIP-250-ftp
  2 match virtual-address 192.168.100.250 tcp eq ftp
  class-map match-any VIP-REFLECTOR-254
  2 match virtual-address 192.168.100.254 tcp eq www
  policy-map type management first-match ALLOW
  class class-default
  permit
  policy-map type loadbalance first-match 20.20.20.20
  class class-default
  serverfarm 20.20.20.20
  policy-map type loadbalance first-match LB_linux2
  class class-default
  serverfarm linux2
  policy-map type loadbalance first-match REFLECTOR
  class class-default
  sticky-serverfarm STICKY-REFLECTOR
  policy-map type loadbalance first-match ftp-linux2
  class class-default
  serverfarm linux2-ftp
  policy-map multi-match NAT1
  class NAT
  nat dynamic 1 vlan 100
  policy-map multi-match SLB-REFLECTOR
  class VIP-REFLECTOR-254
  loadbalance vip inservice
  loadbalance policy REFLECTOR
  loadbalance vip icmp-reply
  policy-map multi-match SLB1
  class VIP-250-80
  loadbalance vip inservice
  loadbalance policy 20.20.20.20
  loadbalance vip icmp-reply
  class VIP-250-ftp
  loadbalance vip inservice
  loadbalance policy ftp-linux2
  loadbalance vip icmp-reply
  inspect ftp
  service-policy input ALLOW
  interface vlan 20
  ip address 192.168.20.253 255.255.255.0
  mac-sticky enable
  access-group input PERMIT_ANY
  service-policy input SLB1
  no shutdown
  interface vlan 100
  ip address 192.168.100.2 255.255.255.0
  alias 192.168.100.1 255.255.255.0
  peer ip address 192.168.100.3 255.255.255.0
  access-group input PERMIT_ANY
  nat-pool 1 192.168.100.240 192.168.100.245 netmask 255.255.255.0
  no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.100.9
  ip route 192.168.100.4 255.255.255.255 192.168.100.9
  ip route 171.69.146.79 255.255.255.255 192.168.20.41
  ip route 192.168.30.0 255.255.255.0 192.168.20.37
  ip route 20.20.20.20 255.255.255.255 192.168.20.41

• Cisco Jabber Client - QoS Config

  Hi Guys,
  I'll be deploying the new jabber client for a customer and i'm unsure of what QoS to configure on the switch ports for end users. Users will also have 7942 handsets, so if i configure auto qos voip cisco-phone, I doubt this will protect the voice/video for Jabber.
  Has anyone got any config or tips they can share?
  Cheers,
  James

  Hi,
  I believe you can use "auto qos voip cisco-softphone"
  Please see below QOS SRND.
  http://www.cisco.com/univercd/cc/td/doc/solution/esm/qossrnd.pdf
  Regards
  Ronak

• RMI - NAT - Client within the LAN and outside the LAN

  I'm having an RMI server in a machine within a LAN with the private IP 10.XX.XX.XX and a NAT with the public IP 196.XX.XX.XX.
  I am using the property: java.rmi.server.hostname to 196.XX.XX.XX. The server is behind a NAT machine.
  Everything works fine when the client is outside the LAN, but when the client is within the LAN it fails to lookup the server (of course it would work fine if I ommit the java.rmi.server.hostname property or set it to the server IP, but then I cannot work with a client outside the LAN).
  To conclude, my question is how I can work with both clients simultaneously (one within the LAN and one outside the LAN)?

  Most firewalls block access from inside the network to the external IP address (10.x.x.x to 196.x.x.x) as this approach could also be used by an attacker masquerading as a local network computer.
  You're going to need to make sure that all your Internal computers do not go via your firewall to get to the server.
  You can either add a route to the server on the Internal client machines overriding the default routing table or you can use your public domain name instead of the IP address. Then change your internal DNS configuration (if you use one) to point internal users to the local IP address instead.

• CSM + multiple client vlan

  If a CSM has more than one client VLANs, connected to different routers, how does CSM decide what path to take when server initiate a connection? in other words is there a way to associate server vlan(s) to client vlan?

  The term client vlan actually represents an interface between the CSM and the 6500's L2 and L3 vlan.
  If you have multiple routers connecting to your 6500, they will be associated vlan(s) n the 6500 as any other vlan is...you define the balanced servers default gateway as the alias address within the server vlan define on the CSM...the CSM then forwards this to the gateway defined on the csm client vlan which is also the 6500's L3 interface. The 6500 then uses it's own routing table to define where the next hop for this destination is.
  Hope this helps
  Steve

• CSM-S SSL daughtercard config sync

  Hi there,
  First Question
  Is it possible to do a config sync for the CMS-S SSL daughtercard ?? On the SSL daughtercard of the standby CSM is no config _
  Second Question
  How can we built up an redundent configuration (FT) with the CSM-S SSL daughtercard ??
  In our actual configuration the CSM works in active - standby mode.
  Thanks a lot
  Dirk Barnekow

  No, you cannot config sync for the CMS-S SSL daughtercard

• OD managed client proxy-config

  Hello all,
  we created at the OD-server (OSX 10.5.8) a computergroup for our
  managed clients (OSX 10.6.2).
  Some configs working correct, f.e dock-config (ID com.apple.dock).
  But the proxy-config (ID com.apple.SystemConfiguration)
  wasn't executed at the client.
  The client keep former proxy-entries.
  Is this an error or because of forward reverse proxy?
  Thanks! Wolfgang

  Hi
  I have seen this before a number of times and only on Intel iMacs, old and new. All I can put it down to is a possible screen corruption at the Login Window? Perhaps a rogue or damaged/corrupted font? It may also have something to do with how the setting is being applied locally which might be conflicting with the Managed Preferences applied from the Server?
  I have also seen it initially with an OD Master/Replica pair.
  For me it tends to disappear after a while or if you click the back button or restart. It might be a timing issue with whatever is providing the routing? Perhaps the NTP Server? If you're in a position you could investigate the Switch or Router? Perhaps replace one or the other or both (temporarily) to see if things change?
  Tony

• Client advanced config

  Hello,
  I wish to connect to an enterprise level wireless network. To connect requires client-side advanced settings. I believe there must be a config file located somewhere where I can vi the required settings, but as of now I am unable to locate the file.
  Can you help point me to the wireless config file location on Tiger? I have explored all the gui AirPort settings which do not provide the settings I need to configure.
  Thanks for your help.
    Mac OS X (10.4.9)  

  Sorry, wasn't paying attention and posted this in the windows group, when it's a Mac question. If you do know the answer feel free.

• [CGSE] nat 0 working config

  Hi, All:
  Can someone provide a working config for a CGSE that implements NAT44 for traffic-A (src-A-privateAdd to any) and does NAT bypass (nat0) for traffic-B (src-B-publicAdd to any)? Can you implement it simultaneously on the same CGN card and same inside interface?
  I read the configuration guide and from the only example is not clear to me: the fact that they use 0.0.0.0/0 as the address-pool makes me assume that traffic should retain it's own src-ip address, but it is not clear to me how I could do both at the same time on same card and same (only) inside interface/vrf.
  Thanks!
  c.
  http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-2/cg-nat/configuration/guide/b_cgnat_cg52xasr9k/b_cgnat_cg52xasr9k_chapter_011.html#reference_956F69C110A54DC3BD998D9395C062B8
  service cgn cgn1
  service-location preferred-active 0/2/CPU0
  service-type nat44 nat1
  inside-vrf Inside_1
  map outside-vrf ovrf outsideServiceApp ServiceApp2 address-pool 0.0.0.0/0
  nat-mode no-nat

  Hi Jouni,
  I went down this route -
  object-group network DYNAMIC-PAT-SOURCE
  network-object 192.168.127.0 255.255.255.0
  network-object 192.168.128.0 255.255.255.0
  nat (any,outside) after-auto source dynamic DYNAMIC-PAT-SOURCE interface
  and it worked! What is this part of the command actually doing - after-auto source dynamic ? Also at the end of the command there is the interface word. How does this know to use the Outside interface?
  Thanks