DMZ and the Portal

Similar Messages

• Extended notifications and the portal

  Hi All,
           I'm using extended notification  ( SWNADMIN ) to send the workitems in SRM/ECC to MS outlook . The background jobs SWNSEL etc are run in the respective systems . Emails produced have links to logon to the respective systems and display/execute the workitem but I want the users to login via the portal . Is that possible ?
  Regards

  hi,
  then i would suggest, before the link opens the corresponding appl, pop up for the userid , create specific portal roles lik manager,hradmin etc, so that the workitems are executed.
  But one thing i would like to mention is : extended notification is mainly useful for those who do not access portal often.
  hope this helps.
  Regards,
  Saujanya

• Weird case involving NTLM, Windows XP and the portal

  I have a very peculiar case here for a few users.
  The users have in common that they are all using windows xp (and just migrated), though most other person (even ones using windows XP do not have the problem).
  We have implemented SSO to the portal, and done this using IIS on the portal servers. In front of that we are using IBM edge loadbalancers.
  From a troubled user perspective, when the he opens the browser against the portal, he gets the portal logon page with a message saying user authentication failed.
  I've found out what happens behind the scene and why the portal fails, but I can't explain it thoroughly.
  The user's browser reaches the portal.company.com address. IIS requests NTLM login and after a few packets, the browser sends the user's userprincipalname ([email protected]) via the NTLM login (i've documented this in the network traces from ethereal). That the browser sends the userprincipalname is the core of the problems, all other user's send the SAMaccountname. The portal reads the NTLM information and parses the userinformation (here the userprincipalname) However, we have configured our portal to use the SAMaccountname when authentication against AD, and therefore the login fails.
  If I use an DNS alias for the portal.company.com addresse, say aliasportal.company.com (actually portal.company.com is an alias for aliasportal.company.com, but don't let that confuse you), the same client that sent userprincipalname earlier, now sends the SAMaccountname and therefore gets SSO (and goes through the loadbalancer). And if I try to access one of the portal servers directly (without going through the load balancer), it also sends SAMaccountname. So basically, there has to be something with the address portal.company.com that makes the user's browser to send the userprincipalname.
  Also, this problem is not tied to the user's profile, because if he uses another pc, it works like a charm.
  <b>If you have any idea at all what could have caused this, please do contribute.. No answers are stupid (in this case). I am especially looking for details to what causes IE to send userprincipalnames, and what causes it to send SAMaccountname.</b>
  Network sniffing(some minor changes to hide information):
  This is the NTLM packet which "wrongly" contains the userprincipalname.
  No.     Time        Source                Destination           Protocol Info
       17 0.107258    xxxxx        xxxxxx        HTTP     GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
  Frame 17 (792 bytes on wire, 792 bytes captured)
  Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
  Internet Protocol, Src Addr: xxxxxxxxx , Dst Addr: xxxxxxx
  Transmission Control Protocol, Src Port: 2201 (2201), Dst Port: http (80), Seq: 403, Ack: 741, Len: 738
  Hypertext Transfer Protocol
      GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
      Accept: /\r\n
      Accept-Language: da\r\n
      Accept-Encoding: gzip, deflate\r\n
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
      Host: portal.company.com\r\n
      Connection: Keep-Alive\r\n
      Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAACkAKQAkgAAAAAAAABIAAAAIAAgAEgAAAASABIAaAAAAAAAAAA2AQAABYKIogUBKAoAAAAPZABqAHcAbABAAHMAdABhAHQAbwBpAGwALgBjAG8AbQBQAEMALQAzADkAMwA3ADEANAAjkf2i0gE5YfLWa6LaFWq/QOJVBMBK+X/0eZk41NRM7wDew37l6/jmAQE
          NTLMSSP
              NTLMSSP identifier: NTLMSSP
              NTLM Message Type: NTLMSSP_AUTH (0x00000003)
              Lan Manager Response: 2391FDA2D2013961F2D66BA2DA156ABF40E25504C04AF97F
              NTLM Response: F4799938D4D44CEF00DEC37EE5EBF8E60101000000000000...
              Domain name: NULL
              User name: [email protected]
              Host name: PC-393714
              Session Key: Empty
              Flags: 0xa2888205
      \r\n
  And this is the packet against the dns alias which works
  No.     Time        Source                Destination           Protocol Info
       17 0.103528    xxxxx          xxxxx         HTTP     GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
  Frame 17 (788 bytes on wire, 788 bytes captured)
  Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
  Internet Protocol, Src Addr: xxxx, Dst Addr: xxxx
  Transmission Control Protocol, Src Port: 1825 (1825), Dst Port: http (80), Seq: 403, Ack: 741, Len: 734
  Hypertext Transfer Protocol
      GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
      Accept: /\r\n
      Accept-Language: da\r\n
      Accept-Encoding: gzip, deflate\r\n
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
      Host: aliasportal.company.com\r\n
      Connection: Keep-Alive\r\n
      Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAACkAKQAkAAAABYAFgBIAAAACAAIAF4AAAASABIAZgAAAAAAAAA0AQAABYKIogUBKAoAAAAPUwBUAEEAVABPAEkATAAtAE4ARQBUAEQASgBXAEwAUABDAC0AMwA5ADMANwAxADQAyhO3U1uCz0jn55samc+TUJmnyefvp0tXQN0VMytYEG3YDADHwRicxwEBAAA
          NTLMSSP
              NTLMSSP identifier: NTLMSSP
              NTLM Message Type: NTLMSSP_AUTH (0x00000003)
              Lan Manager Response: CA13B7535B82CF48E7E79B1A99CF935099A7C9E7EFA74B57
              NTLM Response: 40DD15332B58106DD80C00C7C1189CC70101000000000000...
              Domain name: COMPANY-NET
              User name: DAPA
              Host name: PC-393714
              Session Key: Empty
              Flags: 0xa2888205
      \r\n
  I'll be truely impressed if anyone solves this one!

  Hi Dagfinn,
  There are a few things I would check in the Internet explorer settings on the client, namely :
  -The security zones (which addresses are in Intranet, Trusted sites, etc.)
  -Check in the security settings if automatic logon with current username is enabled.
  -Look if "Enable integrated Windows authentication" is enabled in the advanced settings.
  Are you using Kerberos authentication? There's a long article on Microsoft's website about troubleshooting Kerberos errors which might give a few clues :
  http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx

• Web Services and the Portal

  Are there any versions of the portal that have native support for communications to Web Services? Is it going to be eventually possible to dynamically discover channels via a discovery method like UDDI?

  Currently no, in the next release we have preliminary support for web services and there might be web services provider but eventually no time frame yet we do plan to support UDDI ..

• IVR and the Portal

  Hi - has anyone used IVR in conjunction with the Portal (and does it work with Adobe Forms as well)? 
  Thanks!
  Steve

  Hi Stephanie,
  In the portal the system object pointing to the new cluster instance needs to point at the virtual node which will always be available. So instead of an alias you use the virtual name of the clustered instance. Also in the configuration parameters remember to use UNC paths (ex. "
  virtualservernode\sapmnt\SID\SYS\profile" instead of "C:\usr\sap\SID\SYS\profile".) We have a problem due to this in my company at the moment because it wasnt installed using virtual nodes and UNC paths, but using physical hardware nodes/names, and non UNC paths. So if the cluster fails over, it will be alive, but users would not be able to log on anymore because their links (favourites etc) points to the physcal node 1 of the cluster, and the system object in the portal points to the old node 1. Its easy enough to change the portal system object, but parameters are wrong in the profile too, which is a bigger issue. So please be aware about functionality in the cluster operation, and make sure to implement it after best practise methods so that you can avoid these issues.
  Another way of controlling this would be to use a Web Dispatcher in front of your portal so if you should encounter problems you only have 1 place to correct paths etc. So the users would have 1 link to the portal, and you could change whats behind the Web Dispatcher without any user interruption - they still just have the pointer for the Web Dispatcher - as a single point of entrance to the portal. This is a solution I will implement myself Q1 of next year, because I had issues with old saved favourites when I changed our portal environment to run https/ssl. everyone still had the old link for http - and you cant blame the users really, I use favourites a lot myself So I want a single point of entry for the portal environment, nomatter whats behind.
  I hope everything will be ok in your project.
  Kind Regards,
  Soren
  Edited by: Soeren Friis Pedersen on Dec 23, 2010 7:37 AM

• ICSS and the Portal

  Hello Fellow Experts...
  Can someone provide a pros-cons as to running ICSS thru the portal.  I've got a client looking to replace a web based crm system and they are trying to avoid the portal if possible...We'd like them to go with the portal...
  Look forward to your replies

  Hello,
  from my understanding, the customer portal can give access to e-selling (ISA), e-service (ICSS), e-analytics and some user administration tools.
  I don't think you can give access to a PCUI screen over the Internet to your customer. PCUI screens are generated on the CRM WAS which is not accessible from the Internet.
  Hope it will help.
  Regards,
  Maxime

• Treasury capability in ECC6 and the portal

  Is the Treasury and Risk management product delivered as a standard part of ECC6 or is it an add on component. I have been searching and cannot find the answer to this question. Also, is there a portal business package for treasury available.
  Regards,
  Paul Richardson

  In ECC 6 it is delivered as part of mySAP licence. There is no additional charge.

• The User portlet and the Portal User Profile portlet

  Im trying to create a sub administrator home page on version
  309, however the 'create user' portlet has been split into
  a 'create user' and a 'update user profile' portlet (as seen on
  the new default portal30 homepage).
  However the only portlet that seems to be available in the
  portlet list is 'update user profile' portlet.
  So how do I add the create user portlet to my homepage?

  I found the wwsec_api and wwsso_api_user_admin packages. I now know I can build my own user profile screen and use these APIs to add, update, and remove users.
  However, do I need to use the wwsec_person$ table, or can I create my own? Or can I add additional fields to the wwsec_person$ table? I have 7 additional pieces of information that need to be captured. I could just use some of the database fields in the table that we don't currently have use for, but then the name of the field will not accurately represent the contents of the data (i.e. store our "Organization" data in the "Department" field, our "DSN Phone Number" in the "Work Phone Number" field, etc.) and it would make for difficult maintenance.
  Can anyone offer suggestions as to how they implemented a customized User Profile, easily?

• MDM Record Check out and Check in from the Portal

  Hi everybody,
  I'm trying to figure out what is the standard way to trigger the Check out and Check in from the Portal.
  How do I need to configure the MDM workflows and the Portal, so the standard Item Details iView would automatically check out the record when the Edit button is pressed.
  Do I need to configure Guided Procedures or UWL on the Portal or can I avoid that?
  Thanks for your help in advance,
  Boris

  Hi Boris,
  When we connect MDM to a front end system like Portal,the portal will replicate all teh functionalities of the backend sytem from the front end as in this case in EP.
  But when we maintain Master data form the MDM Data Manager we get a lot of options in the context menu ,when we right click a record in the record pane.
  All of these cannot be made available on the portal,but however the feature of Checkout can be made possible if you try to update the record  through a MDM workflow.
  As in MDM workflow you have to option of Checking ou the record at the beginning of the Uddate and then checking in back at the completion of the record update.
  For this you can use the MDM workflows and integrate it through EP using UWL.
  Kindly refer some additional docs which will guide you in the configuration of the same:
  Re: MDM workflow with UWL
  Re: Need to Integrate Universal Worklist in SAP Master Data Management.
  Re: MDM Portal configurations.
  Hope It Helped
  Thanks & Regards
  Simona Pinto

• Guest WLAN Deployment, and the EtherIP Process from Campus to DMZ WLCs

  Hi All,
  In the WLC deployment guide
  http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html
  It has a very nice and easy way to understand how traffic is passed from the wifi device to the LAN device as listed below.
  Now, what happens when there is a controller in the DMZ and the WLC on the campus passes this traffic to that controller via ethernet over IP.
  Is the 802.11 header preseved or is it stripped off at the campus WLC? One would assume it is preserved as the WLC in the DMZ may need to act on information in the 802.11 header?
  Can anyone help me on this please?
  Is there a similar example to the one listed below, but for the full flow from end-user wifi device to the guest controller in the DMZ?
  Many thx
  Ken
  In Figure 3, Host A is a wireless LAN client communicating with the wired device, Host B. When Host A sends a data packet to Host B, the following sequence occurs:
  • The packet is transmitted by Host A over the 802.11 RF interface. This packet is encapsulated in an 802.11 frame with Host A's MAC address as the source address and the access point's radio interface MAC address as the destination address.
  • At the access point, the access point adds an LWAPP Header to the frame with the C-Bit set to zero and then encapsulates the LWAPP Header and 802.11 frame into a UDP packet that is transmitted over IP. The source IP address is the access point's IP address and the destination IP address is the WLC's AP Manager Address. The source UDP port is the ephemeral port based on a hash of the access point MAC address. The destination UDP port is 12222.
  • The IP packet is encapsulated in Ethernet as it leaves the access point and transported by the switching and routed network to the WLC.
  • At the WLC, the Ethernet, IP, UDP, and LWAPP headers are removed from the original 802.11 frame.
  • After processing the 802.11 MAC header, the WLC extracts the payload (the IP packet from Host A), encapsulates it into an Ethernet frame, and then forwards the frame onto the appropriate wired network, typically adding an 802.1Q VLAN tag.
  • The packet is then transmitted by the wired switching and routing infrastructure to Host B.
  When Host B sends an IP packet to Host A, the process is essentially reversed:
  • The packet is delivered by the wired switching and routing network to the WLC, where an Ethernet frame arrives with Host A's MAC address as the destination MAC address.
  • The Ethernet header is removed by the WLC and the payload (the IP packet destined for Host A) extracted.
  • The original IP packet from Host A is encapsulated with an LWAPP Header, with the C-bit set to zero, and then transported in a UDP packet to the access point over the IP network. The packet uses the WLC AP Manager IP address as the source IP address and the access point IP address as the destination address. The source UDP port is 12222 and the destination UDP port is the ephemeral port derived from the access point MAC address hash.
  • This packet is carried over the switching and routing network to the access point.
  • The access point removes the Ethernet, IP, UDP and LWAPP headers, and extracts the payload, which is then encapsulated in an 802.11 frame and delivered to Host A over the RF network.

  Hi There, no worries. Would be good if there was a doco on it.
  From packet captures (see attached) it looks like when the campus WLC gets the original 802.11 packet (which is encap'd in LWAPP), the campus WLC strips off the LWAPP stuff and removes the 802.11 packet header, and just rebuilds original packet with an 802.3 packet header,
  THEN
  The WLC encaps the packet with a new ethernet/IP header and sends it off to the DMZ WLC.
  I hope this is the way it works, and if anyone does have documentation to confirm it, that would be fantastic.
  Many thx and kind regards,
  Ken

• Error while login to the portal

  Hi All,
  When I try to login to the portal as a user who dont have Super administrator role and have only "Everyone" role are getting the following error.
  Error occurred while trying to access desktop: "portal_content/every_user/general/com.sap.portal.defaultDesktop". The object does not exist or you are not authorized to access it. If this problem persists, contact your system administrator.
    Log Off
  I followed the steps which are given in the other threads as a solution but still facing the problem.
  In my main rules we have given condition like If user = * then use the general default desktop and in the default desktop permissions that Everyone role has read permission . Even then the problem is not solving.
  Can anybody help plzzzzz........
  Thanks in advance.

  I'm not sure what you mean by "content admin" vs "system admin". Content admin is used mostly to navigate to the portal content studio where you can work with PCD objects and set permissions. You will not see all PCD objects here, so things like rules etc won't be visible.
  System admin is a role. It has many functions, including the system landscape editor, where you can work with systems, and the portal dispay area, where you can work with display items, such as rules.
  There is also a permission editor where you should be able to set permissions on any object.
  So, what do you mean  by asking if you should use content admin or syetm admin?

• No traffic from Outside1 (Security level 100) attached Networks to DMZ and Viceversa

  I have an ASA5510, i configured an Outside, 1 DMZ and 2 interfaces 100 security level (Outside1 and Inside). I can ping and have fluid traffic between DMZ and Inside interface, but don't have any kind of traffic between DMZ and the Outside1. I wrote the same configuration for both 100 Security Level interfaces. Also I have connected a Cisco 892 router to Outside1. When i have attached a computer instead of 892, traffic between Outside1 and DMZ is fluid. i need to have fluid traffic between networks connected to 892
  Someone can help me? Here are the 2 configs:
  ASA5510:
  : Saved
  ASA Version 8.2(1)
  hostname ASAFCHFW
  domain-name a.b.c
  enable password 6Jfo5anznhoG00fM encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
   nameif Outside
   security-level 0
   ip address x.y.z.162 255.255.255.248
  interface Ethernet0/1
   nameif Outside1
   security-level 100
   ip address 192.168.2.1 255.255.255.0
  interface Ethernet0/2
   nameif DMZ
   security-level 10
   ip address 172.16.31.1 255.255.255.0
  interface Ethernet0/3
   nameif Inside
   security-level 100
   ip address 192.168.0.1 255.255.255.0
  interface Management0/0
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0
   management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  dns server-group DefaultDNS
   domain-name farmaciachavez.com.bo
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list dmz_in extended permit tcp host 172.16.31.2 any eq domain
  access-list dmz_in extended permit tcp host 172.16.31.2 any eq smtp
  access-list dmz_in extended permit tcp host 172.16.31.2 any eq www
  access-list dmz_in extended permit tcp host 172.16.31.2 any eq https
  access-list dmz_in extended permit tcp host 172.16.31.2 any eq 3000
  access-list dmz_in extended permit tcp host 172.16.31.2 any eq 1000
  access-list Inside extended permit ip any any
  access-list Inside extended permit icmp any any
  access-list 100 extended permit tcp any host x.y.z.163 eq smtp
  access-list 100 extended permit udp any host x.y.z.163 eq domain
  access-list 100 extended permit tcp any host x.y.z.163 eq https
  access-list 100 extended permit tcp any host x.y.z.163 eq www
  access-list 100 extended permit tcp any host x.y.z.163 eq 3000
  access-list 100 extended permit tcp any host x.y.z.163 eq 1000
  pager lines 24
  logging enable
  logging buffered debugging
  logging asdm informational
  mtu Outside 1500
  mtu Outside1 1500
  mtu DMZ 1500
  mtu Inside 1500
  mtu management 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit host 192.168.0.22 Outside
  icmp permit 192.168.0.0 255.255.255.0 Outside1
  icmp permit 192.168.2.0 255.255.255.0 Outside1
  icmp permit 172.16.31.0 255.255.255.0 Outside1
  icmp permit 192.168.2.0 255.255.255.0 DMZ
  icmp permit 192.168.2.0 255.255.255.0 Inside
  icmp permit 192.168.0.0 255.255.255.0 Inside
  icmp permit 172.16.31.0 255.255.255.0 Inside
  asdm image disk0:/asdm-647.bin
  asdm history enable
  arp timeout 14400
  global (Outside) 101 interface
  nat (Outside1) 101 0.0.0.0 0.0.0.0
  nat (DMZ) 101 0.0.0.0 0.0.0.0
  nat (Inside) 101 0.0.0.0 0.0.0.0
  static (DMZ,Outside) x.y.z.163 172.16.31.0 netmask 255.255.255.255
  static (DMZ,Inside) 172.16.31.0 172.16.31.0 netmask 255.255.255.0
  static (Outside1,Inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
  static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
  static (Inside,Outside1) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
  static (Outside1,Inside) 172.1.1.0 172.1.1.0 netmask 255.255.255.0
  static (DMZ,Outside1) 172.16.31.0 172.16.31.0 netmask 255.255.255.0
  static (Outside1,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
  static (Outside1,Inside) 172.1.2.0 172.1.2.0 netmask 255.255.255.0
  static (Outside1,Inside) 172.1.3.0 172.1.3.0 netmask 255.255.255.0
  static (Outside1,Inside) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
  static (Outside1,DMZ) 172.1.1.0 172.1.1.0 netmask 255.255.255.0
  access-group dmz_in in interface DMZ
  route Outside 0.0.0.0 0.0.0.0 x.y.z.161 20
  route Outside1 172.1.1.0 255.255.255.0 192.168.2.2 1
  route Outside1 172.1.2.0 255.255.255.0 192.168.2.2 1
  route Outside1 172.1.3.0 255.255.255.0 192.168.2.2 1
  route Outside1 192.1.0.0 255.255.192.0 192.168.2.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.0.0 255.255.255.0 Inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet 192.168.0.0 255.255.255.0 Inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:7441424d1fcf87c3eb837b569e84aa9e
  : end
  Cisco 892:
  Current configuration : 3296 bytes
  ! Last configuration change at 01:15:13 UTC Tue Apr 29 2014 by eguerra
  version 15.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname RouterHQFCH
  boot-start-marker
  boot-end-marker
  enable secret 4 
  no aaa new-model
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  crypto pki trustpoint TP-self-signed-1580540949
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1580540949
   revocation-check none
   rsakeypair TP-self-signed-1580540949
  crypto pki certificate chain TP-self-signed-1580540949
   certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31353830 35343039 3439301E 170D3134 30343134 31393433
    30315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35383035
    34303934 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BC61 7D5F7F47 65203EC9 1207B83F 19EC7AC3 00404F99 A89FD64B 1F0F659F
    E99062C2 3BB1E517 075BAF59 D361FFC9 4F872A14 A7528061 CF936F40 D03F234B
    5641147F D2B4AB7D 9E10F36A 087F511B F68ABC6E 98F96C74 8EF5084B F490D91B
    0EC05671 D8C5B7DD EE8F48C2 CD76F7C9 B8405DD6 42375B3C 8D04FDEF 555D0FA0
    0FDF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 14FCB587 54EE2C1B 2B6DB648 A6FC0ECF 85062C8F 6A301D06
    03551D0E 04160414 FCB58754 EE2C1B2B 6DB648A6 FC0ECF85 062C8F6A 300D0609
    2A864886 F70D0101 05050003 81810033 A196E361 A273E890 146EF605 D7AB9235
    52BA28F8 A526D8AE CD903257 E4E81C76 C85FBCD4 201DFF90 11FB1617 9210037E
    B66299B3 FB2173D2 AFEC9B52 D2221BEA 9B8CC180 BE36F3AB D5811F9F 401043B0
    4BDA8647 897D8FE7 6D753C4F 3C76A493 2C260C22 24E966EB BEE54A2A 51D58F21
    23080B9D 9C5FD690 62C6B0C9 30C3AA
          quit
  license udi pid C892FSP-K9 sn FTX180484TB
  username servicios privilege 15 password 7 
  username eguerra privilege 15 password 7 
  interface GigabitEthernet0
   no ip address
  interface GigabitEthernet1
   switchport access vlan 2
   no ip address
  interface GigabitEthernet2
   no ip address
  interface GigabitEthernet3
   no ip address
  interface GigabitEthernet4
   no ip address
  interface GigabitEthernet5
   no ip address
  interface GigabitEthernet6
   no ip address
  interface GigabitEthernet7
   no ip address
  interface GigabitEthernet8
   ip address 172.1.1.1 255.255.255.0
   duplex auto
   speed auto
  interface GigabitEthernet9
   ip address 172.1.2.1 255.255.255.0
   duplex auto
   speed auto
  interface Vlan1
   ip address 192.168.2.2 255.255.255.0
  interface Vlan2
   ip address 192.168.100.200 255.255.255.0
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip route 172.16.31.0 255.255.255.0 192.168.2.1
  ip route 192.168.0.0 255.255.255.0 192.168.2.1
  control-plane
  line con 0
   password 7 
   login
   no modem enable
  line aux 0
  line vty 0 4
   password 7 
   login local
   transport input all
  scheduler allocate 20000 1000
  end
  Thanks in advance

  Maybe I did not understand what you are trying to accomplish. What I mentioned was to make your ACL configuration better, meaning more secure. Changing the security level just helps understand that you are not coming from a site that does not require ACLs, thus from lower to higher security interfaces you need to place ACLs, then there is a hole other world regarding NAT/PAT that involve same security interfaces that sometimes confuse customers so I also wanted to avoid that for you.
  To enforce security between interfaces you need to know what protocols and ports are being used by servers that reside behind the higher security interface so you only open what is needed then block the rest to that higher security interface.

• Page cannot be displayed message ONLY on the content area of the portal

  Hi All,
  I am using Netweaver Portal 7.0 and the portal works fine if logged in as an end user. But when I'm logged in as Administrator and whenever I try to create a portal object (iview or pages etc), I get a page cannot be displayed message ONLY on the content area of the portal. It is happening quite frequently, any clue what is wrong here?
  Thanks for your help
  -Mike

  Hi
  This could  sometimes happen because of  multiple users working on the same content .
  Edited by: chandana kallu on Mar 11, 2008 1:41 PM

• What is the portal root directory for uploading files

  Hi
  I need to upload js files to my portal server (to the home page)
  Can anyone let me know where is the the folder in the server that I need to put the files and the portal will see it.
  Thanks!!

  Hi,
  Oracle Portal doesn't have a "root" directory - Oracle Portal is a combination of many other products & services.
  You need to put your .js files in a Directory & tell Apache to "look" in tthat directory for the .js files. You need to use a directive offered by Apache - Alias - to achieve this. You need to tweak main the Apache Configuration File - http.conf - & specify the folder where your .js files reside. You need to modify the Configuration File using the Entrerprise Manager only.
  Here's an example :-
  Alias /js C:/OraMidTier/javascript
  <Directory C:/OraMidTier/javascript>
            Order allow,deny
             Allow from all
  </Directory>You can then dump all your javascript files in this folder & access it in your HTL Pages with the Virtual Path - /js - e.g.:-
  <script type="text/javascript" src="/js/mySrc.js">You can get more information from the Oracle HTTP Administrator's Guide ( or, the Apache Documentation ) about the Alias DIrective.
  Regards,
  Sandeep

• How to deconfigure the windows configuration with the portals

  There is already configuration done b/w windows and the portals but now i have to deconfigure it.
  May i know the steps to do that.
  Thanks in advance.

  Hi Shreya
  Did you configure SSO between windows and portal using kerberos authentication?
  If so, Can you share how to achieve that task? Do you have any documents for that?
  I have already opened a thread for this.I have given that link below.
  regarding SSO between windows and portal
  Thanks & Regards,
  Yoga