DMZ and the Portal
Hello,
I hope this is the right forum for this question. Our Portal is up and running fine however we are having problems with our DMZ and need to replace it. Can anyone tell me what if any configuration will need to be done with the new DMZ.
Thanks in advance
Stephanie
Hi Stephanie,
In the portal the system object pointing to the new cluster instance needs to point at the virtual node which will always be available. So instead of an alias you use the virtual name of the clustered instance. Also in the configuration parameters remember to use UNC paths (ex. "
virtualservernode\sapmnt\SID\SYS\profile" instead of "C:\usr\sap\SID\SYS\profile".) We have a problem due to this in my company at the moment because it wasnt installed using virtual nodes and UNC paths, but using physical hardware nodes/names, and non UNC paths. So if the cluster fails over, it will be alive, but users would not be able to log on anymore because their links (favourites etc) points to the physcal node 1 of the cluster, and the system object in the portal points to the old node 1. Its easy enough to change the portal system object, but parameters are wrong in the profile too, which is a bigger issue. So please be aware about functionality in the cluster operation, and make sure to implement it after best practise methods so that you can avoid these issues.
Another way of controlling this would be to use a Web Dispatcher in front of your portal so if you should encounter problems you only have 1 place to correct paths etc. So the users would have 1 link to the portal, and you could change whats behind the Web Dispatcher without any user interruption - they still just have the pointer for the Web Dispatcher - as a single point of entrance to the portal. This is a solution I will implement myself Q1 of next year, because I had issues with old saved favourites when I changed our portal environment to run https/ssl. everyone still had the old link for http - and you cant blame the users really, I use favourites a lot myself So I want a single point of entry for the portal environment, nomatter whats behind.
I hope everything will be ok in your project.
Kind Regards,
Soren
Edited by: Soeren Friis Pedersen on Dec 23, 2010 7:37 AM
Similar Messages
-
Extended notifications and the portal
Hi All,
I'm using extended notification ( SWNADMIN ) to send the workitems in SRM/ECC to MS outlook . The background jobs SWNSEL etc are run in the respective systems . Emails produced have links to logon to the respective systems and display/execute the workitem but I want the users to login via the portal . Is that possible ?
Regardshi,
then i would suggest, before the link opens the corresponding appl, pop up for the userid , create specific portal roles lik manager,hradmin etc, so that the workitems are executed.
But one thing i would like to mention is : extended notification is mainly useful for those who do not access portal often.
hope this helps.
Regards,
Saujanya -
Weird case involving NTLM, Windows XP and the portal
I have a very peculiar case here for a few users.
The users have in common that they are all using windows xp (and just migrated), though most other person (even ones using windows XP do not have the problem).
We have implemented SSO to the portal, and done this using IIS on the portal servers. In front of that we are using IBM edge loadbalancers.
From a troubled user perspective, when the he opens the browser against the portal, he gets the portal logon page with a message saying user authentication failed.
I've found out what happens behind the scene and why the portal fails, but I can't explain it thoroughly.
The user's browser reaches the portal.company.com address. IIS requests NTLM login and after a few packets, the browser sends the user's userprincipalname ([email protected]) via the NTLM login (i've documented this in the network traces from ethereal). That the browser sends the userprincipalname is the core of the problems, all other user's send the SAMaccountname. The portal reads the NTLM information and parses the userinformation (here the userprincipalname) However, we have configured our portal to use the SAMaccountname when authentication against AD, and therefore the login fails.
If I use an DNS alias for the portal.company.com addresse, say aliasportal.company.com (actually portal.company.com is an alias for aliasportal.company.com, but don't let that confuse you), the same client that sent userprincipalname earlier, now sends the SAMaccountname and therefore gets SSO (and goes through the loadbalancer). And if I try to access one of the portal servers directly (without going through the load balancer), it also sends SAMaccountname. So basically, there has to be something with the address portal.company.com that makes the user's browser to send the userprincipalname.
Also, this problem is not tied to the user's profile, because if he uses another pc, it works like a charm.
<b>If you have any idea at all what could have caused this, please do contribute.. No answers are stupid (in this case). I am especially looking for details to what causes IE to send userprincipalnames, and what causes it to send SAMaccountname.</b>
Network sniffing(some minor changes to hide information):
This is the NTLM packet which "wrongly" contains the userprincipalname.
No. Time Source Destination Protocol Info
17 0.107258 xxxxx xxxxxx HTTP GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
Frame 17 (792 bytes on wire, 792 bytes captured)
Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
Internet Protocol, Src Addr: xxxxxxxxx , Dst Addr: xxxxxxx
Transmission Control Protocol, Src Port: 2201 (2201), Dst Port: http (80), Seq: 403, Ack: 741, Len: 738
Hypertext Transfer Protocol
GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
Accept: /\r\n
Accept-Language: da\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
Host: portal.company.com\r\n
Connection: Keep-Alive\r\n
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAACkAKQAkgAAAAAAAABIAAAAIAAgAEgAAAASABIAaAAAAAAAAAA2AQAABYKIogUBKAoAAAAPZABqAHcAbABAAHMAdABhAHQAbwBpAGwALgBjAG8AbQBQAEMALQAzADkAMwA3ADEANAAjkf2i0gE5YfLWa6LaFWq/QOJVBMBK+X/0eZk41NRM7wDew37l6/jmAQE
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: 2391FDA2D2013961F2D66BA2DA156ABF40E25504C04AF97F
NTLM Response: F4799938D4D44CEF00DEC37EE5EBF8E60101000000000000...
Domain name: NULL
User name: [email protected]
Host name: PC-393714
Session Key: Empty
Flags: 0xa2888205
\r\n
And this is the packet against the dns alias which works
No. Time Source Destination Protocol Info
17 0.103528 xxxxx xxxxx HTTP GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
Frame 17 (788 bytes on wire, 788 bytes captured)
Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
Internet Protocol, Src Addr: xxxx, Dst Addr: xxxx
Transmission Control Protocol, Src Port: 1825 (1825), Dst Port: http (80), Seq: 403, Ack: 741, Len: 734
Hypertext Transfer Protocol
GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
Accept: /\r\n
Accept-Language: da\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
Host: aliasportal.company.com\r\n
Connection: Keep-Alive\r\n
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAACkAKQAkAAAABYAFgBIAAAACAAIAF4AAAASABIAZgAAAAAAAAA0AQAABYKIogUBKAoAAAAPUwBUAEEAVABPAEkATAAtAE4ARQBUAEQASgBXAEwAUABDAC0AMwA5ADMANwAxADQAyhO3U1uCz0jn55samc+TUJmnyefvp0tXQN0VMytYEG3YDADHwRicxwEBAAA
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: CA13B7535B82CF48E7E79B1A99CF935099A7C9E7EFA74B57
NTLM Response: 40DD15332B58106DD80C00C7C1189CC70101000000000000...
Domain name: COMPANY-NET
User name: DAPA
Host name: PC-393714
Session Key: Empty
Flags: 0xa2888205
\r\n
I'll be truely impressed if anyone solves this one!Hi Dagfinn,
There are a few things I would check in the Internet explorer settings on the client, namely :
-The security zones (which addresses are in Intranet, Trusted sites, etc.)
-Check in the security settings if automatic logon with current username is enabled.
-Look if "Enable integrated Windows authentication" is enabled in the advanced settings.
Are you using Kerberos authentication? There's a long article on Microsoft's website about troubleshooting Kerberos errors which might give a few clues :
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx -
Are there any versions of the portal that have native support for communications to Web Services? Is it going to be eventually possible to dynamically discover channels via a discovery method like UDDI?
Currently no, in the next release we have preliminary support for web services and there might be web services provider but eventually no time frame yet we do plan to support UDDI ..
-
Hi - has anyone used IVR in conjunction with the Portal (and does it work with Adobe Forms as well)?
Thanks!
SteveHi Stephanie,
In the portal the system object pointing to the new cluster instance needs to point at the virtual node which will always be available. So instead of an alias you use the virtual name of the clustered instance. Also in the configuration parameters remember to use UNC paths (ex. "
virtualservernode\sapmnt\SID\SYS\profile" instead of "C:\usr\sap\SID\SYS\profile".) We have a problem due to this in my company at the moment because it wasnt installed using virtual nodes and UNC paths, but using physical hardware nodes/names, and non UNC paths. So if the cluster fails over, it will be alive, but users would not be able to log on anymore because their links (favourites etc) points to the physcal node 1 of the cluster, and the system object in the portal points to the old node 1. Its easy enough to change the portal system object, but parameters are wrong in the profile too, which is a bigger issue. So please be aware about functionality in the cluster operation, and make sure to implement it after best practise methods so that you can avoid these issues.
Another way of controlling this would be to use a Web Dispatcher in front of your portal so if you should encounter problems you only have 1 place to correct paths etc. So the users would have 1 link to the portal, and you could change whats behind the Web Dispatcher without any user interruption - they still just have the pointer for the Web Dispatcher - as a single point of entrance to the portal. This is a solution I will implement myself Q1 of next year, because I had issues with old saved favourites when I changed our portal environment to run https/ssl. everyone still had the old link for http - and you cant blame the users really, I use favourites a lot myself So I want a single point of entry for the portal environment, nomatter whats behind.
I hope everything will be ok in your project.
Kind Regards,
Soren
Edited by: Soeren Friis Pedersen on Dec 23, 2010 7:37 AM -
Hello Fellow Experts...
Can someone provide a pros-cons as to running ICSS thru the portal. I've got a client looking to replace a web based crm system and they are trying to avoid the portal if possible...We'd like them to go with the portal...
Look forward to your repliesHello,
from my understanding, the customer portal can give access to e-selling (ISA), e-service (ICSS), e-analytics and some user administration tools.
I don't think you can give access to a PCUI screen over the Internet to your customer. PCUI screens are generated on the CRM WAS which is not accessible from the Internet.
Hope it will help.
Regards,
Maxime -
Treasury capability in ECC6 and the portal
Is the Treasury and Risk management product delivered as a standard part of ECC6 or is it an add on component. I have been searching and cannot find the answer to this question. Also, is there a portal business package for treasury available.
Regards,
Paul RichardsonIn ECC 6 it is delivered as part of mySAP licence. There is no additional charge.
-
The User portlet and the Portal User Profile portlet
Im trying to create a sub administrator home page on version
309, however the 'create user' portlet has been split into
a 'create user' and a 'update user profile' portlet (as seen on
the new default portal30 homepage).
However the only portlet that seems to be available in the
portlet list is 'update user profile' portlet.
So how do I add the create user portlet to my homepage?I found the wwsec_api and wwsso_api_user_admin packages. I now know I can build my own user profile screen and use these APIs to add, update, and remove users.
However, do I need to use the wwsec_person$ table, or can I create my own? Or can I add additional fields to the wwsec_person$ table? I have 7 additional pieces of information that need to be captured. I could just use some of the database fields in the table that we don't currently have use for, but then the name of the field will not accurately represent the contents of the data (i.e. store our "Organization" data in the "Department" field, our "DSN Phone Number" in the "Work Phone Number" field, etc.) and it would make for difficult maintenance.
Can anyone offer suggestions as to how they implemented a customized User Profile, easily? -
MDM Record Check out and Check in from the Portal
Hi everybody,
I'm trying to figure out what is the standard way to trigger the Check out and Check in from the Portal.
How do I need to configure the MDM workflows and the Portal, so the standard Item Details iView would automatically check out the record when the Edit button is pressed.
Do I need to configure Guided Procedures or UWL on the Portal or can I avoid that?
Thanks for your help in advance,
BorisHi Boris,
When we connect MDM to a front end system like Portal,the portal will replicate all teh functionalities of the backend sytem from the front end as in this case in EP.
But when we maintain Master data form the MDM Data Manager we get a lot of options in the context menu ,when we right click a record in the record pane.
All of these cannot be made available on the portal,but however the feature of Checkout can be made possible if you try to update the record through a MDM workflow.
As in MDM workflow you have to option of Checking ou the record at the beginning of the Uddate and then checking in back at the completion of the record update.
For this you can use the MDM workflows and integrate it through EP using UWL.
Kindly refer some additional docs which will guide you in the configuration of the same:
Re: MDM workflow with UWL
Re: Need to Integrate Universal Worklist in SAP Master Data Management.
Re: MDM Portal configurations.
Hope It Helped
Thanks & Regards
Simona Pinto -
Guest WLAN Deployment, and the EtherIP Process from Campus to DMZ WLCs
Hi All,
In the WLC deployment guide
http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html
It has a very nice and easy way to understand how traffic is passed from the wifi device to the LAN device as listed below.
Now, what happens when there is a controller in the DMZ and the WLC on the campus passes this traffic to that controller via ethernet over IP.
Is the 802.11 header preseved or is it stripped off at the campus WLC? One would assume it is preserved as the WLC in the DMZ may need to act on information in the 802.11 header?
Can anyone help me on this please?
Is there a similar example to the one listed below, but for the full flow from end-user wifi device to the guest controller in the DMZ?
Many thx
Ken
In Figure 3, Host A is a wireless LAN client communicating with the wired device, Host B. When Host A sends a data packet to Host B, the following sequence occurs:
⢠The packet is transmitted by Host A over the 802.11 RF interface. This packet is encapsulated in an 802.11 frame with Host A's MAC address as the source address and the access point's radio interface MAC address as the destination address.
⢠At the access point, the access point adds an LWAPP Header to the frame with the C-Bit set to zero and then encapsulates the LWAPP Header and 802.11 frame into a UDP packet that is transmitted over IP. The source IP address is the access point's IP address and the destination IP address is the WLC's AP Manager Address. The source UDP port is the ephemeral port based on a hash of the access point MAC address. The destination UDP port is 12222.
⢠The IP packet is encapsulated in Ethernet as it leaves the access point and transported by the switching and routed network to the WLC.
⢠At the WLC, the Ethernet, IP, UDP, and LWAPP headers are removed from the original 802.11 frame.
⢠After processing the 802.11 MAC header, the WLC extracts the payload (the IP packet from Host A), encapsulates it into an Ethernet frame, and then forwards the frame onto the appropriate wired network, typically adding an 802.1Q VLAN tag.
⢠The packet is then transmitted by the wired switching and routing infrastructure to Host B.
When Host B sends an IP packet to Host A, the process is essentially reversed:
⢠The packet is delivered by the wired switching and routing network to the WLC, where an Ethernet frame arrives with Host A's MAC address as the destination MAC address.
⢠The Ethernet header is removed by the WLC and the payload (the IP packet destined for Host A) extracted.
⢠The original IP packet from Host A is encapsulated with an LWAPP Header, with the C-bit set to zero, and then transported in a UDP packet to the access point over the IP network. The packet uses the WLC AP Manager IP address as the source IP address and the access point IP address as the destination address. The source UDP port is 12222 and the destination UDP port is the ephemeral port derived from the access point MAC address hash.
⢠This packet is carried over the switching and routing network to the access point.
⢠The access point removes the Ethernet, IP, UDP and LWAPP headers, and extracts the payload, which is then encapsulated in an 802.11 frame and delivered to Host A over the RF network.Hi There, no worries. Would be good if there was a doco on it.
From packet captures (see attached) it looks like when the campus WLC gets the original 802.11 packet (which is encap'd in LWAPP), the campus WLC strips off the LWAPP stuff and removes the 802.11 packet header, and just rebuilds original packet with an 802.3 packet header,
THEN
The WLC encaps the packet with a new ethernet/IP header and sends it off to the DMZ WLC.
I hope this is the way it works, and if anyone does have documentation to confirm it, that would be fantastic.
Many thx and kind regards,
Ken -
Error while login to the portal
Hi All,
When I try to login to the portal as a user who dont have Super administrator role and have only "Everyone" role are getting the following error.
Error occurred while trying to access desktop: "portal_content/every_user/general/com.sap.portal.defaultDesktop". The object does not exist or you are not authorized to access it. If this problem persists, contact your system administrator.
Log Off
I followed the steps which are given in the other threads as a solution but still facing the problem.
In my main rules we have given condition like If user = * then use the general default desktop and in the default desktop permissions that Everyone role has read permission . Even then the problem is not solving.
Can anybody help plzzzzz........
Thanks in advance.I'm not sure what you mean by "content admin" vs "system admin". Content admin is used mostly to navigate to the portal content studio where you can work with PCD objects and set permissions. You will not see all PCD objects here, so things like rules etc won't be visible.
System admin is a role. It has many functions, including the system landscape editor, where you can work with systems, and the portal dispay area, where you can work with display items, such as rules.
There is also a permission editor where you should be able to set permissions on any object.
So, what do you mean by asking if you should use content admin or syetm admin? -
No traffic from Outside1 (Security level 100) attached Networks to DMZ and Viceversa
I have an ASA5510, i configured an Outside, 1 DMZ and 2 interfaces 100 security level (Outside1 and Inside). I can ping and have fluid traffic between DMZ and Inside interface, but don't have any kind of traffic between DMZ and the Outside1. I wrote the same configuration for both 100 Security Level interfaces. Also I have connected a Cisco 892 router to Outside1. When i have attached a computer instead of 892, traffic between Outside1 and DMZ is fluid. i need to have fluid traffic between networks connected to 892
Someone can help me? Here are the 2 configs:
ASA5510:
: Saved
ASA Version 8.2(1)
hostname ASAFCHFW
domain-name a.b.c
enable password 6Jfo5anznhoG00fM encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.y.z.162 255.255.255.248
interface Ethernet0/1
nameif Outside1
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/2
nameif DMZ
security-level 10
ip address 172.16.31.1 255.255.255.0
interface Ethernet0/3
nameif Inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa821-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name farmaciachavez.com.bo
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list dmz_in extended permit tcp host 172.16.31.2 any eq domain
access-list dmz_in extended permit tcp host 172.16.31.2 any eq smtp
access-list dmz_in extended permit tcp host 172.16.31.2 any eq www
access-list dmz_in extended permit tcp host 172.16.31.2 any eq https
access-list dmz_in extended permit tcp host 172.16.31.2 any eq 3000
access-list dmz_in extended permit tcp host 172.16.31.2 any eq 1000
access-list Inside extended permit ip any any
access-list Inside extended permit icmp any any
access-list 100 extended permit tcp any host x.y.z.163 eq smtp
access-list 100 extended permit udp any host x.y.z.163 eq domain
access-list 100 extended permit tcp any host x.y.z.163 eq https
access-list 100 extended permit tcp any host x.y.z.163 eq www
access-list 100 extended permit tcp any host x.y.z.163 eq 3000
access-list 100 extended permit tcp any host x.y.z.163 eq 1000
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu Outside 1500
mtu Outside1 1500
mtu DMZ 1500
mtu Inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit host 192.168.0.22 Outside
icmp permit 192.168.0.0 255.255.255.0 Outside1
icmp permit 192.168.2.0 255.255.255.0 Outside1
icmp permit 172.16.31.0 255.255.255.0 Outside1
icmp permit 192.168.2.0 255.255.255.0 DMZ
icmp permit 192.168.2.0 255.255.255.0 Inside
icmp permit 192.168.0.0 255.255.255.0 Inside
icmp permit 172.16.31.0 255.255.255.0 Inside
asdm image disk0:/asdm-647.bin
asdm history enable
arp timeout 14400
global (Outside) 101 interface
nat (Outside1) 101 0.0.0.0 0.0.0.0
nat (DMZ) 101 0.0.0.0 0.0.0.0
nat (Inside) 101 0.0.0.0 0.0.0.0
static (DMZ,Outside) x.y.z.163 172.16.31.0 netmask 255.255.255.255
static (DMZ,Inside) 172.16.31.0 172.16.31.0 netmask 255.255.255.0
static (Outside1,Inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
static (Inside,Outside1) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
static (Outside1,Inside) 172.1.1.0 172.1.1.0 netmask 255.255.255.0
static (DMZ,Outside1) 172.16.31.0 172.16.31.0 netmask 255.255.255.0
static (Outside1,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (Outside1,Inside) 172.1.2.0 172.1.2.0 netmask 255.255.255.0
static (Outside1,Inside) 172.1.3.0 172.1.3.0 netmask 255.255.255.0
static (Outside1,Inside) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (Outside1,DMZ) 172.1.1.0 172.1.1.0 netmask 255.255.255.0
access-group dmz_in in interface DMZ
route Outside 0.0.0.0 0.0.0.0 x.y.z.161 20
route Outside1 172.1.1.0 255.255.255.0 192.168.2.2 1
route Outside1 172.1.2.0 255.255.255.0 192.168.2.2 1
route Outside1 172.1.3.0 255.255.255.0 192.168.2.2 1
route Outside1 192.1.0.0 255.255.192.0 192.168.2.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.0.0 255.255.255.0 Inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:7441424d1fcf87c3eb837b569e84aa9e
: end
Cisco 892:
Current configuration : 3296 bytes
! Last configuration change at 01:15:13 UTC Tue Apr 29 2014 by eguerra
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname RouterHQFCH
boot-start-marker
boot-end-marker
enable secret 4
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-1580540949
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1580540949
revocation-check none
rsakeypair TP-self-signed-1580540949
crypto pki certificate chain TP-self-signed-1580540949
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353830 35343039 3439301E 170D3134 30343134 31393433
30315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35383035
34303934 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BC61 7D5F7F47 65203EC9 1207B83F 19EC7AC3 00404F99 A89FD64B 1F0F659F
E99062C2 3BB1E517 075BAF59 D361FFC9 4F872A14 A7528061 CF936F40 D03F234B
5641147F D2B4AB7D 9E10F36A 087F511B F68ABC6E 98F96C74 8EF5084B F490D91B
0EC05671 D8C5B7DD EE8F48C2 CD76F7C9 B8405DD6 42375B3C 8D04FDEF 555D0FA0
0FDF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14FCB587 54EE2C1B 2B6DB648 A6FC0ECF 85062C8F 6A301D06
03551D0E 04160414 FCB58754 EE2C1B2B 6DB648A6 FC0ECF85 062C8F6A 300D0609
2A864886 F70D0101 05050003 81810033 A196E361 A273E890 146EF605 D7AB9235
52BA28F8 A526D8AE CD903257 E4E81C76 C85FBCD4 201DFF90 11FB1617 9210037E
B66299B3 FB2173D2 AFEC9B52 D2221BEA 9B8CC180 BE36F3AB D5811F9F 401043B0
4BDA8647 897D8FE7 6D753C4F 3C76A493 2C260C22 24E966EB BEE54A2A 51D58F21
23080B9D 9C5FD690 62C6B0C9 30C3AA
quit
license udi pid C892FSP-K9 sn FTX180484TB
username servicios privilege 15 password 7
username eguerra privilege 15 password 7
interface GigabitEthernet0
no ip address
interface GigabitEthernet1
switchport access vlan 2
no ip address
interface GigabitEthernet2
no ip address
interface GigabitEthernet3
no ip address
interface GigabitEthernet4
no ip address
interface GigabitEthernet5
no ip address
interface GigabitEthernet6
no ip address
interface GigabitEthernet7
no ip address
interface GigabitEthernet8
ip address 172.1.1.1 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet9
ip address 172.1.2.1 255.255.255.0
duplex auto
speed auto
interface Vlan1
ip address 192.168.2.2 255.255.255.0
interface Vlan2
ip address 192.168.100.200 255.255.255.0
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 172.16.31.0 255.255.255.0 192.168.2.1
ip route 192.168.0.0 255.255.255.0 192.168.2.1
control-plane
line con 0
password 7
login
no modem enable
line aux 0
line vty 0 4
password 7
login local
transport input all
scheduler allocate 20000 1000
end
Thanks in advanceMaybe I did not understand what you are trying to accomplish. What I mentioned was to make your ACL configuration better, meaning more secure. Changing the security level just helps understand that you are not coming from a site that does not require ACLs, thus from lower to higher security interfaces you need to place ACLs, then there is a hole other world regarding NAT/PAT that involve same security interfaces that sometimes confuse customers so I also wanted to avoid that for you.
To enforce security between interfaces you need to know what protocols and ports are being used by servers that reside behind the higher security interface so you only open what is needed then block the rest to that higher security interface. -
Page cannot be displayed message ONLY on the content area of the portal
Hi All,
I am using Netweaver Portal 7.0 and the portal works fine if logged in as an end user. But when I'm logged in as Administrator and whenever I try to create a portal object (iview or pages etc), I get a page cannot be displayed message ONLY on the content area of the portal. It is happening quite frequently, any clue what is wrong here?
Thanks for your help
-MikeHi
This could sometimes happen because of multiple users working on the same content .
Edited by: chandana kallu on Mar 11, 2008 1:41 PM -
What is the portal root directory for uploading files
Hi
I need to upload js files to my portal server (to the home page)
Can anyone let me know where is the the folder in the server that I need to put the files and the portal will see it.
Thanks!!Hi,
Oracle Portal doesn't have a "root" directory - Oracle Portal is a combination of many other products & services.
You need to put your .js files in a Directory & tell Apache to "look" in tthat directory for the .js files. You need to use a directive offered by Apache - Alias - to achieve this. You need to tweak main the Apache Configuration File - http.conf - & specify the folder where your .js files reside. You need to modify the Configuration File using the Entrerprise Manager only.
Here's an example :-
Alias /js C:/OraMidTier/javascript
<Directory C:/OraMidTier/javascript>
Order allow,deny
Allow from all
</Directory>You can then dump all your javascript files in this folder & access it in your HTL Pages with the Virtual Path - /js - e.g.:-
<script type="text/javascript" src="/js/mySrc.js">You can get more information from the Oracle HTTP Administrator's Guide ( or, the Apache Documentation ) about the Alias DIrective.
Regards,
Sandeep -
How to deconfigure the windows configuration with the portals
There is already configuration done b/w windows and the portals but now i have to deconfigure it.
May i know the steps to do that.
Thanks in advance.Hi Shreya
Did you configure SSO between windows and portal using kerberos authentication?
If so, Can you share how to achieve that task? Do you have any documents for that?
I have already opened a thread for this.I have given that link below.
regarding SSO between windows and portal
Thanks & Regards,
Yoga
Maybe you are looking for
-
Can't get to settings on ipod 4th generation
Can't get to settings on ipod 4th generation
-
How do I get my music and pictures back?
My iMac is having problems. I think its some combination of the processor and the cooling system, but basically I can't turn my computer on. But that's not what this question is about. Before I take the computer in to be looked at and/or repaired, I
-
File is shown as not saved even if it's just opened
I recently upgraded Logic Express 8 to 9, the downloaded and installed updates. When I open any Logic project it shows up as unsaved (window closing widget has black dot in it). I save project as Logic 9 file, close it, but when I reopen it, again bl
-
5.5 hangs when selecting objects
I run a mid-2010 Macbook Pro with Core 2 Duo 2.4 GHz and 8gb RAM. When I click on an object - image, text frame - or page in the Pages panel - there is a big spike in CPU usage (e.g. 3% to 60%) and the whole machine hangs for about 5 seconds before t
-
My 3rd party apps won't open. Please Help (Ipad Mini 6.1.3)
I have downloaded a 3rd party app, after using it for several weeks without interruption. It suddenly won't open (crashes) everytime I tried to open it. I have already tried on re installing the app, but nothing happened. Please help, I badly needed