Dynamic VPN From Juniper SSG5 Uses DefaultRAGroup

Similar Messages

• Dynamic vpn witch juniper

  i would like to setup a ipsec to the juniper firewall.My cisco box is 1841 and have 3g gsm card.I try to initiate traffic from cisco,its ok but juniper phase 1 is not ok. Ä°s there any suggesstion for dynamic vpn issue or anyone try this before ?
  Regards

  i would like to setup a ipsec to the juniper firewall.My cisco box is 1841 and have 3g gsm card.I try to initiate traffic from cisco,its ok but juniper phase 1 is not ok. Ä°s there any suggesstion for dynamic vpn issue or anyone try this before ?
  Regards

• ASA5510 dynamic VPN from RV042

  So far I have a complete phase 1, and an almost complete phase 2, but one thing I can't figure out. I see this in the debug.
  peer is not authenticated by xauth - drop connection.
  I get it right after the proxy is setup.
  Here is my config
  group-policy DefaultRAGroup attributes
  vpn-idle-timeout none
  vpn-tunnel-protocol ikev1 l2tp-ipsec
  password-storage enable
  nem enable
  tunnel-group DefaultRAGroup general-attributes
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  ikev1 pre-shared-key *****
  ikev1 user-authentication none
  I have tried many different configurations on both sides, but they all fail with the same error of peer not authenticated by xauth.

  I have tried it with it on, with it off and always the same thing comes back. 
  Here is aaa common 50 debug
  Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server:
  AAA FSM: In AAA_SendMsg
  User: DefaultRAGroup
  Resp:
  grp_policy_ioctl(0x0a250e40, 114698, 0xa9372788)
  grp_policy_ioctl: Looking up DefaultRAGroup
  callback_aaa_task: status = 1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 114, pAcb = 0xadae6da0
  AAA task: aaa_process_msg(0xa9373220) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Tunnel Group Policy Status: 1 (ACCEPT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
  AAA_NextFunction: New i_fsm_state = IFSM_DONE,
  AAA FSM: In AAA_ProcessFinal
  AAA FSM: In AAA_Callback
  user attributes:
    1     User-Name(1)     14    "DefaultRAGroup"
    2     User-Password(2)      0    0xae048023   ** Unresolved Attribute **
  user policy attributes:
  None
  tunnel policy attributes:
    1     Idle-Timeout(28)      4    0
    2     Tunnelling-Protocol(4107)      4    12
    3     Store-PW(4112)      4    1
    4     Group-Policy(4121)     14    "DefaultRAGroup"
    5     Network-Extension-Mode-Allowed(4160)      4    1
  AAA API: In aaa_close
  AAA API: In aaa_send_acct_start
  AAA task: aaa_process_msg(0xa9373220) received message type 3
  In aaai_close_session (114)
  AAA API: In aaa_open
  AAA session opened: handle = 115
  AAA API: In aaa_process_async
  aaa_process_async: sending AAA_MSG_PROCESS
  AAA task: aaa_process_msg(0xa9373220) received message type 0
  AAA FSM: In AAA_StartAAATransaction
  AAA FSM: In AAA_InitTransaction
  aaai_policy_name_to_server_id(DefaultRAGroup)
  Got server ID 0 for group policy DB
  and isakmp 127 with the relevant information. Up to this point it passes.
  Feb 24 14:27:54 [IKEv1 DECODE]Group = DefaultRAGroup, IP = x.x.x.x, ID_IPV4_ADDR_SUBNET ID received--10.253.20.0--255.255.255.0
  Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x, Received remote IP Proxy Subnet data in ID Payload:   Address 10.253.20.0, Mask 255.255.255.0, Protocol 0, Port 0
  Feb 24 14:27:54 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = x.x.x.x, processing ID payload
  Feb 24 14:27:54 [IKEv1 DECODE]Group = DefaultRAGroup, IP = x.x.x.x, ID_IPV4_ADDR ID received
  66.252.79.16
  Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x., Received local Proxy Host data in ID Payload:  Address x.x.x.x, Protocol 0, Port 0
  Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x, peer is not authenticated by xauth - drop connection.
  Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x, QM FSM error (P2 struct &0xace21cd8, mess id 0xb4d2530a)!
  Feb 24 14:27:54 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = x.x.x.x, IKE QM Responder FSM error history (struct &0xace21cd8)  , :  QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG-->QM_BLD_MSG2, EV_DECRYPT_OK-->QM_BLD_MSG2, NullEvent
  Feb 24 14:27:54 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = x.x.x.x, sending delete/delete with reason message

• Get IDoc-number from flat IDoc using dynamic configuration

  Dear experts
  In an IDoc2File scenario I have added the IDoc-number to dynamic configuration using the folling code in an UDF:
  DynamicConfiguration conf = (DynamicConfiguration)
  container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey FileName = DynamicConfigurationKey.create("http:/"+"/sap.com/xi/XI/System/File","DOCNUM");
  conf.put(FileName, a);
  The information is stored in the SOAP message
  <SAP:DynamicConfiguration SOAP:mustUnderstand="1">
    <SAP:Record namespace="http://sap.com/xi/XI/System/File" name="DOCNUM">0000000000012345</SAP:Record>
  </SAP:DynamicConfiguration>
  Can anybody tell me how I can access this information in the "variable substitution" section of the CC? Perhaps something like "message:docnum"?
  Additional information:
  Taking the IDoc-number from the payload using e.g. "payload:ORDERS05,1,IDOC,1,EDI_DC40,1,DOCNUM,1" does not work, since the XML-IDoc has been converted to an flat-IDoc.
  Thanks in advance for any good ideas
  Markus

  Dear Rodrigo and Sarvesh
  Thanks for your help so far! I applied your hints and now it is working fine.
  But now I have the following additional questions
  1.) My message mapping only maps the input IDoc to an output IDoc of the same type and structure. The MM is only required to process the UDF. Is there another, better solution to achieve my requirement that the IDoc-number shall be part of the filename?
  2.) In the CC you have the possibility to use temporary files (section "Processing", Option "Put File" = "Use Temporary File". I think this will not work with the given solution, will it?
  To possibly help somebody else or clarify the mechanism once again, I wrote down how my solution now looks like.
  My UDF in the message-mapping looks like this
  - Input = DOCNUM of IDoc, e.g. ORDERS05/IDOC/EDIDC/DOCNUM
  - Outpt = DOCNUM of IDoc, e.g. ORDERS05/IDOC/EDIDC/DOCNUM
  - UDF:
  public String putDynamicConfiguration(String docnum, Container container) throws StreamTransformationException{
  try
       DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
       DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/File","FileName");
       String filename = "Prefix_" + docnum + ".txt";
       conf.put(key, filename);
       return docnum;
  catch (Exception e)
       return docnum;
  In the CC the settings are now as follows
  File Name Scheme = . -> only a dot or something else, because this field is obligatory, even if it is not used in this case.
  Variable substitution (...)
      Enable -> unchecked
  Adapter-Specific Message Attributes
      Use Adapter-Specific Message Attributes -> checked
      Fail If Adapter-Specific Message Attributes Missing -> checked
      File Name -> checked
      Directory, File Type, Temporary Name Scheme for Target File Name -> unchecked
  When I send an IDoc to PI and view the Adapte-Engine Version of the message (the SOAP-document, not the payload) I can find the Filename:
  <SAP:DynamicConfiguration SOAP:mustUnderstand="1">
  <SAP:Record namespace="http://sap.com/xi/XI/System/File" name="FileName">Prefix_0000000000012345.txt</SAP:Record>
  </SAP:DynamicConfiguration>

• Using WRT54GS at workplace; unable to VPN from home into office

  We are using a WRT54GS wireless router at our office and I often need to VPN from the road to the office.
  When I attempt to use XP's VPN feature, I receive a dialog stating connection could not be established.  I've confirmed my office IP address.  I have my primary office computer spoofed IP designated as a DMZ-forwarded address.  I can connect to my home office via VPN using a legacy SpeedStream wireless router. 
  Is this a firmware version issue, or are there router configuration requirements I'm missing?
  Thanks,
  M Kalmus

  hi , there are a couple of things that you can try on the linksys.....
  Forward the VPN ports ...1723,500,50,443-447 .....also decrease the value of the MTU to 1492....
  if this does not work...check if you are able to ping the office IP..,if not do a traceroute to the IP and see where the packet is dropping.

• Asa 5505 vpn from internet native vpn client, tcp discarted 1723

  Hello to all,
  I'm configuring this asa for to connect home users to my network using the native microsoft vpn clients with windows xp over internet.
  This asa have on the outside interface one public intenet ip and in the inside inferface have configured in the the network 192.168.0.x and i want to acces to this network from internet users using native vpn clients.
  I tested with one pc connected directly to the outside interface and works well, but when i connect this interface to internet and tried to connect on user to the vpn i can see in the logs this, and can't connect with error 800.
  TCP request discarded from "public_ip_client/61648" to outside:publicip_outside_interface/1723"
  Can help me please?, Very thanks in advance !
  (running configuration)
  : Saved
  ASA Version 8.4(3)
  hostname ciscoasa
  enable password *** encrypted
  passwd *** encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address publicinternetaddress 255.255.255.0
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network gatewayono
  host gatewayofinternetprovideraccess
  description salida gateway ono
  object service remotointerno
  service tcp destination eq 3389
  description remoto
  object network pb_clienteing_2
  host 192.168.0.15
  description Pebble cliente ingesta 2
  object service remotoexternopebble
  service tcp destination eq 5353
  description remotoexterno
  object network actusmon
  host 192.168.0.174
  description Actus monitor web
  object service Web
  service tcp destination eq www
  description 80
  object network irdeto
  host 192.168.0.31
  description Irdeto
  object network nmx_mc_p
  host 192.168.0.60
  description NMX Multicanal Principal
  object network nmx_mc_r
  host 192.168.0.61
  description NMX multicanal reserva
  object network tarsys
  host 192.168.0.10
  description Tarsys
  object network nmx_teuve
  host 192.168.0.30
  description nmx cabecera teuve
  object network tektronix
  host 192.168.0.20
  description tektronix vnc
  object service vnc
  service tcp destination eq 5900
  description Acceso vnc
  object service exvncnmxmcr
  service tcp destination eq 5757
  description Acceso vnc externo nmx mc ppal
  object service exvncirdeto
  service tcp destination eq 6531
  description Acceso vnc externo irdeto
  object service exvncnmxmcp
  service tcp destination eq 5656
  object service exvnctektronix
  service tcp destination eq 6565
  object service exvncnmxteuve
  service tcp destination eq 6530
  object service ssh
  service tcp destination eq ssh
  object service sshtedialexterno
  service tcp destination eq 5454
  object-group service puertosabiertos tcp
  description remotedesktop
  port-object eq 3389
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network DM_INLINE_NETWORK_1
  network-object object irdeto
  network-object object nmx_mc_p
  network-object object nmx_mc_r
  network-object object nmx_teuve
  network-object object tektronix
  object-group service vpn udp
  port-object eq 1723
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq https
  port-object eq pptp
  object-group network DM_INLINE_NETWORK_2
  network-object object actusmon
  network-object object tarsys
  access-list inside_access_in extended permit object remotointerno any any
  access-list inside_access_in extended permit object ssh any any
  access-list inside_access_in extended permit object-group TCPUDP any any eq www
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit object vnc any any
  access-list inside_access_in extended permit ip any any
  access-list outside_access_in extended permit object remotointerno any object pb_clienteing_2
  access-list outside_access_in extended permit object-group TCPUDP any object actusmon eq www
  access-list outside_access_in remark Acceso tedial ssh
  access-list outside_access_in extended permit tcp any object tarsys eq ssh
  access-list outside_access_in extended permit object vnc any object-group DM_INLINE_NETWORK_1
  access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
  access-list outside_access_in extended deny icmp any any
  access-list corporativa standard permit 192.168.0.0 255.255.255.0
  access-list Split-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
  pager lines 24
  logging enable
  logging monitor debugging
  logging asdm debugging
  logging debug-trace
  mtu inside 1500
  mtu outside 1500
  ip local pool clientesvpn 192.168.0.100-192.168.0.110 mask 255.255.255.0
  ip local pool clientesvpn2 192.168.1.120-192.168.1.130 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat (outside,inside) source static any interface destination static interface actusmon service Web Web unidirectional
  nat (outside,inside) source static any interface destination static interface tarsys service sshtedialexterno ssh unidirectional
  nat (outside,inside) source static any interface destination static interface pb_clienteing_2 service remotoexternopebble remotointerno unidirectional
  nat (outside,inside) source static any interface destination static interface irdeto service exvncirdeto vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_mc_p service exvncnmxmcp vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_mc_r service exvncnmxmcr vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_teuve service exvncnmxteuve vnc unidirectional
  nat (outside,inside) source static any interface destination static interface tektronix service exvnctektronix vnc unidirectional
  nat (any,outside) source dynamic DM_INLINE_NETWORK_2 interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside per-user-override
  route outside 0.0.0.0 0.0.0.0 gatewayinternetprovideracces 1
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  eou allow none
  aaa local authentication attempts max-fail 10
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  no sysopt connection permit-vpn
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set clientewindowsxp esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set clientewindowsxp mode transport
  crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set mode transport
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev1 transform-set clientewindowsxp
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto dynamic-map L2TP-MAP 10 set ikev1 transform-set L2TP-IKE1-Transform-Set
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map L2TP-VPN-MAP 20 ipsec-isakmp dynamic L2TP-MAP
  crypto map L2TP-VPN-MAP interface outside
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside client-services port 443
  crypto ikev2 remote-access trustpoint Ingenieria
  crypto ikev1 enable inside
  crypto ikev1 enable outside
  crypto ikev1 policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.0.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd dns 8.8.8.8
  dhcpd auto_config outside
  dhcpd address 192.168.0.5-192.168.0.36 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  no threat-detection basic-threat
  no threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point Ingenieria outside
  webvpn
  tunnel-group-list enable
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  wins-server none
  dns-server value 192.168.0.1
  vpn-tunnel-protocol l2tp-ipsec
  default-domain none
  group-policy DfltGrpPolicy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  group-policy ingenieria internal
  group-policy ingenieria attributes
  vpn-tunnel-protocol l2tp-ipsec
  default-domain none
  group-policy L2TP-Policy internal
  group-policy L2TP-Policy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split-Tunnel-ACL
  intercept-dhcp enable
  username ingenieria password 4fD/5xY/6BwlkjGqMZbnKw== nt-encrypted privilege 0
  username ingenieria attributes
  vpn-group-policy ingenieria
  username rjuve password SjBNOLNgSkUi5KWk/TUsTQ== nt-encrypted
  tunnel-group DefaultRAGroup general-attributes
  address-pool clientesvpn
  address-pool clientesvpn2
  authentication-server-group (outside) LOCAL
  authorization-server-group LOCAL
  default-group-policy L2TP-Policy
  authorization-required
  tunnel-group DefaultRAGroup ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication chap
  authentication ms-chap-v2
  class-map inspection_default
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:59b54f1d10fe829aeb47bafee57ba95e
  : end
  no asdm history enable

  Yes with this command creates this
  policy-map global_policy
      class inspection_default
       inspect pptp
  But don't work. I also tried to add the pptp and gre in the outside access rules but nothing...
  I don't understand why if a connect directly to the outside interface with the same outside network works well.
  ej: the pc have 89.120.145.14 ip and the outside asa have 89.120.145.140 and if I create one vpn in this pc the outside ip 89.120.145.140 with the correct parameters the asa don't discart 1723 and connect ok but if this ip is not of this range discards 1723...

• Problem in Configuring Dynamic VPN in the pix

  Hi All,
  I am having a problem in configuring a dynamic VPN in my pix which has the 7.2 version of ios but i am able to work with same configuration in the pix whch has 6.3 version i just want a user from outside my network using the vpn client access the resource inside my network below is my configuration is it ok are should i need to do anything more? please advice me.
  ip local pool vpnpool1 192.168.170.1-192.168.170.254
  crypto dynamic-map map2 20 set transform-set guatemala1
  crypto map map1 20 ipsec-isakmp dynamic map2
  crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption aes-256
  isakmp policy 20 hash sha
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup Guatemalavpn address-pool vpnpool1
  vpngroup Guatemalavpn split-tunnel inside_nat0_outbound
  vpngroup Guatemalavpn idle-time 36000
  vpngroup Guatemalavpn password xxxxxxx
  access-list outside_acl permit tcp 192.168.170.0 255.255.255.0 172.19.10.0 255.255.255.0
  route outside 192.168.170.0 255.255.255.0 200.30.222.65
  access-list inside_nat0_outbound extended permit ip any 192.168.170.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  access-list 102 permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  nat (inside) 0 access-list inside_nat0_outbound

  Try it and tell me if works:
  ip local pool vpnpool1 192.168.170.1-192.168.170.254
  access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  access-list acl-inside extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  access-group acl-inside in interface inside
  nat (inside) 0 access-list inside_nat0_outbound
  group-policy Guatemalavpn internal
  group-policy Guatemalavpn attributes
  wins-server value xx.xx.xx.xx
  dns-server value xx.xx.xx.xx
  default-domain value mydomain.com
  crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
  crypto dynamic-map map2 20 set transform-set guatemala1
  crypto map map1 20 ipsec-isakmp dynamic map2
  crypto map map1 interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption aes-256
  isakmp policy 20 hash sha
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  tunnel-group Guatemalavpn type ipsec-ra
  tunnel-group Guatemalavpn general-attributes
  address-pool vpnpool1
  default-group-policy Guatemalavpn
  tunnel-group Guatemalavpn ipsec-attributes
  pre-shared-key *
  route outside 192.168.170.0 255.255.255.0 200.30.222.65

• Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

  Hi All,
  I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
  2811 having C2800NM-ADVIPSERVICESK9-M
  2811 router connects to the Internet SW then connects to the Internet router.
  Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
  Below is router config for VPN & NAT
  crypto keyring ISR_Keyring
    pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp keepalive 10
  crypto isakmp profile isa-profile
     keyring ISR_Keyring
     self-identity user-fqdn [email protected]
     match identity user vpn-proxy.websense.net
  crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
  crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
  set peer vpn.websense.net dynamic
  set transform-set ESP-NULL-SHA
  set isakmp-profile isa-profile
  match address 101
  interface FastEthernet0/1
  description connected to Internet
  ip address 216.222.208.101 255.255.255.128
  ip access-group HVAC_Public in
  ip nat outside
  ip virtual-reassembly
  duplex full
  speed 100
  no cdp enable
  crypto map GUEST_WEB_FILTER
  access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
  access-list 103 permit ip 192.168.8.0 0.0.3.255 any
  ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
  ip nat inside source list 103 interface FastEthernet0/1 overload
  ip nat inside source route-map nonat pool mypool overload

  How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
  Check
  show crypto isakmp sa
  show crypto ipsec sa
  show crypto session
  You'd better remove the preshared key from your post.

• Growing out of Juniper SSG5

  Currently we have 1 Central office with a Juniper SSG5 , we are upgrading the building to 100/100 fibre and adding a lot more traffic that will be passing through the network. The SSG5  also only supports 10 tunneled VPNs and we have recently opened our 10th location (all 10 locations also have ssg5s).
  I believe it is time for an upgrade from the SSG5 but i have recently found out that the SSG line from Juniper has been replaced by the SRX line, but i have heard some bad reviews about this so I am exploring other options. 
  Any recommendations? Needs to still be able to create a VPN tunnel to the SSG5s at the store loactions.
  Thanks
  This topic first appeared in the Spiceworks Community

  Mobile printing,and the technology that drives it, is transforming offices everywhere. Even if your office hasn’t caught up to the trend yet, chances are you’re probably at least thinking about implementing a mobile solution. To fully embrace the demand formobile printingamong SMBs while also recognizing the continued growth in the BYOD trend, Samsung has invested in enhanced NFC technology.SamsungNFC printing technologycan take printing capabilitiesfar beyond the simple tag-and-go functionality that made headlines when it first appeared. Now, NFC printing technology becomes a meaningful investment for SMB owners, who constantly seek smarter and more efficient solutions that optimize workflows.NFC can provide advanced features that make users’ printing experience more professional and convenient at the same time. It enables users to...

• VPN connection to WRVS4400N using a Samsung Galaxy tablet

  I have a Samsung Galaxy 10.1 tablet and have bee trying to connect to my WRVS4400N router with VPN through the "on board" software as well as with the Any Connect software from Cisco.  I have no issues at the moment using Quick VPN from my laptop.
  When using the Any Connect software I receive the following messages:
  Security warning: untrusted certificate
  AnyConnect cannot verify the identity of <IP address>.  Would you like to continue anyway?
  - Certificate does not match the server name.
  - Certificate is from an untrusted source.
  - Certificate is not identified for this purpose
  [Accept]  [Details]  [Cancel]
  If I select accept, the following error is received:
  "Error:  Connection attempt has failed due to server communication errors.  Please retry the connection".
  I have tried setting up the on board VPN with the Samsug Galaxy but every attempt has resulted in a time-out of the connection.
  Any assistance would be greatly appreciated.  Thanks.

  Hi Blair,
  The WRVS4400N only works with the QVPN software. The only small business router at this current time works with the Cisco any connect vpn is the SA500 series routers.
  I hope this helps.....
  Thanks,
  Tori Woods
  Cisco Support Engineer
  CCNA, CCNA Wireless

• How to get a parameter from BPC and use it in ABAP program

  Hello gurus!
  I got a problem...
  SAP BPC will send parameters such as year, division, category, company code and so on via script logic to SAP BW.
  I need to get these parameters from BPC and use them in a ABAP program as a filter.
  This ABAP program will do several routines and return new values to BPC. It must be made on ABAP and I need to filter data to avoid performance issues.
  Does anybody knows how to do it? or have a example of it?
  Thank you in advance.
  Regards,
  Rubens Kumori

  Hello, I'm looking for a suggest.
  I need to pass two parameters (users can input them in a data manager package in bpc) to a BAdI.
  In this BAdI I write a code that store those parameters in a InfoObject.
  The problem is:
  - one parameter is for CATEGORY value. CATEGORY is a dimension of the application and I read the value with a code like this:
        READ TABLE it_cv INTO l_s_it_cv
             WITH TABLE KEY dim_upper_case = 'C_CATEGORY'.
  - other parameter is a generic DATE. this parameter is not a dimension of the application and I don't know how I can retrieve this value in BAdI.
        READ TABLE it_cv INTO l_s_it_cv
             WITH TABLE KEY dim_upper_case = '.....'.
  The data manager dynamic script is:
  PROMPT(SELECTINPUT,,,,"%CATEGORY_DIM%")
  PROMPT(TEXT,%SELECTED_DAY%,"Write the date (format YYYYMMDD)",)
  I also have a dynamic constant that assign the name %CATEGORY_DIM% to "C_CATEGORY" value.
  Can anyone help me?
  thanks a lot
  Edited by: Luca Novali on Feb 13, 2012 3:49 PM

• ASA 5505 site to site VPN from a device 7.2 to a device 8.2

  I'm trying to make some test with two ASA 5505; one has software version 7.2(4) the other 8.2.
  I would like to make a sit to site VPN from the two device.
  I followed the VPN site to site wizard on both machine with the correct parameters, but it does'n work.
  Is it possible to make this kind of VPN between devices with different Software version? Or I should upg the older with 7.2 to 8.2 before ?
  Thank for your help.
  Marco

  Tks Soeren for your help, these are some info about my test:
  Cisco 1 (7.2) Ext 192.168.0.1
                     Int  192.168.11.50
  Cisco 2 (8.2) Ext 192.168.0.2
                     Int 192.168.10.254
  Common gateway 192.168.0.254
  Both Ext interface of Cisco 1 & Cisco 2 are on a common switch, like the gateway.
  These are SH run:
  Cisco 1
  ASA Version 7.2(4)
  hostname DigiASA
  domain-name ************
  enable password ************* encrypted
  passwd *************** encrypted
  names
  name 192.168.10.0 REMOTE-LAN
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.11.150 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name *************
  access-list acl_outbound extended permit tcp any host 192.168.0.1 eq ftp-data
  access-list acl_outbound extended permit tcp any host 192.168.0.1 eq ftp
  access-list acl_outbound extended permit tcp any host 192.168.0.1 eq https
  access-list acl_outbound extended permit tcp any host 192.168.0.1 eq pop3
  access-list acl_outbound extended permit tcp any host 192.168.0.1 eq www
  access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq www
  access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq ftp
  access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq ftp-data
  access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq smtp
  access-list acl_inbound extended deny tcp any any eq www
  access-list acl_inbound extended deny tcp any any eq ftp
  access-list acl_inbound extended deny tcp any any eq ftp-data
  access-list acl_inbound extended deny tcp any any eq smtp
  access-list acl_inbound extended deny udp any eq tftp any
  access-list acl_inbound extended deny tcp any eq 135 any
  access-list acl_inbound extended deny udp any eq 135 any
  access-list acl_inbound extended deny tcp any eq 137 any
  access-list acl_inbound extended deny udp any eq netbios-ns any
  access-list acl_inbound extended deny tcp any eq 138 any
  access-list acl_inbound extended deny udp any eq netbios-dgm any
  access-list acl_inbound extended deny tcp any eq netbios-ssn any
  access-list acl_inbound extended deny udp any eq 139 any
  access-list acl_inbound extended deny udp any eq 1080 any
  access-list acl_inbound extended deny tcp any eq 445 any
  access-list acl_inbound extended deny tcp any eq 593 any
  access-list acl_inbound extended deny tcp any eq 3067 any
  access-list acl_inbound extended deny tcp any eq 3127 any
  access-list acl_inbound extended deny tcp any eq 4444 any
  access-list acl_inbound extended deny tcp any eq 5554 any
  access-list acl_inbound extended deny tcp any eq 9996 any
  access-list acl_inbound extended deny tcp any eq 36794 any
  access-list acl_inbound extended permit ip any any
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.230
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.231
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.232
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.233
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.234
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.235
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.236
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.237
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.238
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.239
  access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.240
  access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 REMOTE-LAN 255.255.255.0
  access-list SplitTunnelNets standard permit 192.168.11.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip 192.168.11.0 255.255.255.0 REMOTE-LAN 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool Ext-IP 192.168.11.230-192.168.11.240 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp interface www 192.168.11.11 www netmask 255.255.255.255
  static (inside,outside) tcp interface ftp 192.168.11.11 ftp netmask 255.255.255.255
  static (inside,outside) tcp interface https 192.168.11.10 https netmask 255.255.255.255
  access-group acl_inbound in interface inside
  access-group acl_outbound in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.0.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.11.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs group1
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs group1
  crypto map outside_map 1 set peer 192.168.0.2
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp nat-traversal  20
  telnet 192.168.11.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  group-policy DIGI internal
  group-policy DIGI attributes
  dns-server value 192.168.11.1 213.140.2.21
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SplitTunnelNets
  default-domain value DIGI
  username Marco password ***************** encrypted privilege 15
  username Marco attributes
  vpn-group-policy DIGI
  tunnel-group DIGI type ipsec-ra
  tunnel-group DIGI general-attributes
  address-pool Ext-IP
  default-group-policy DIGI
  tunnel-group DIGI ipsec-attributes
  pre-shared-key *
  tunnel-group DIGIVPN type ipsec-l2l
  tunnel-group DIGIVPN ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cisco 2
  ASA Version 8.2(1)
  hostname XFASA
  domain-name ****************
  enable password ***************** encrypted
  passwd ***************** encrypted
  names
  name 192.168.11.0 REMOTE-LAN
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.10.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 192.168.0.2 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name **************
  access-list acl_outbound extended permit tcp any host 192.168.0.2 eq ftp-data
  access-list acl_outbound extended permit tcp any host 192.168.0.2 eq ftp
  access-list acl_outbound extended permit tcp any host 192.168.0.2 eq https
  access-list acl_outbound extended permit tcp any host 192.168.0.2 eq pop3
  access-list acl_outbound extended permit tcp any host 192.168.0.2 eq www
  access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq www
  access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp
  access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp-data
  access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq smtp
  access-list acl_inbound extended deny tcp any any eq www
  access-list acl_inbound extended deny tcp any any eq ftp
  access-list acl_inbound extended deny tcp any any eq ftp-data
  access-list acl_inbound extended deny tcp any any eq smtp
  access-list acl_inbound extended deny udp any eq tftp any
  access-list acl_inbound extended deny tcp any eq 135 any
  access-list acl_inbound extended deny udp any eq 135 any
  access-list acl_inbound extended deny tcp any eq 137 any
  access-list acl_inbound extended deny udp any eq netbios-ns any
  access-list acl_inbound extended deny tcp any eq 138 any
  access-list acl_inbound extended deny udp any eq netbios-dgm any
  access-list acl_inbound extended deny tcp any eq netbios-ssn any
  access-list acl_inbound extended deny udp any eq 139 any
  access-list acl_inbound extended deny udp any eq 1080 any
  access-list acl_inbound extended deny tcp any eq 445 any
  access-list acl_inbound extended deny tcp any eq 593 any
  access-list acl_inbound extended deny tcp any eq 3067 any
  access-list acl_inbound extended deny tcp any eq 3127 any
  access-list acl_inbound extended deny tcp any eq 4444 any
  access-list acl_inbound extended deny tcp any eq 5554 any
  access-list acl_inbound extended deny tcp any eq 9996 any
  access-list acl_inbound extended deny tcp any eq 36794 any
  access-list acl_inbound extended permit ip any any
  access-list SplitTunnelNets standard permit 192.168.10.0 255.255.255.0
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.230
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.231
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.232
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.233
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.234
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.235
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.236
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.237
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.238
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.239
  access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.240
  access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 REMOTE-LAN 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 REMOTE-LAN 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool Ext-IP 192.168.10.230-192.168.10.240 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-621.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group acl_inbound in interface inside
  access-group acl_outbound in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.0.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.10.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map outside_dyn_map 20 set pfs group1
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs group1
  crypto map outside_map 1 set peer 192.168.0.1
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.10.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.10.50-192.168.10.150 inside
  dhcpd dns 85.18.200.200 89.97.140.140 interface inside
  dhcpd domain XFACTOR interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy XFA internal
  group-policy XFA attributes
  dns-server value 85.18.200.200
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SplitTunnelNets
  default-domain value XFDMN
  username Marco password ************* encrypted privilege 15
  username Marco attributes
  vpn-group-policy XFA
  username xfa password ************* encrypted privilege 0
  username xfa attributes
  vpn-group-policy XFA
  tunnel-group XFA type remote-access
  tunnel-group XFA general-attributes
  address-pool Ext-IP
  default-group-policy XFA
  tunnel-group XFA ipsec-attributes
  pre-shared-key *
  tunnel-group DIGIVPN type ipsec-l2l
  tunnel-group DIGIVPN ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  I hope you can find anything wrong, because I ddidn't find.
  Thanks again
  Marco

• How do i get data from a structure using join?

  hi,
  what is the actual use of a structure.?
  my problem is :
  KUAGV is an existing STRUCTURE. it has got one fields each which links to MARA, AND VBKD tables. i want to fetch all related information from KUAGV, mara, vbkd . which is the better way : using joins or views or anything else? how do i
  get data from a structure using join?

  structure temporarily holds  any data passed to it dynamically throughout the runtime but doesnot store it permanently. so
  a structure cannot be included in a join.so instead of incuding structure KUAGV's field in a join 
  search the transparent table in which same field are present and  use it in join.
  A structure if created in DDIC(Data Dictionary) is a global DATA STRUCTURE which is used to group related information, for example you would group all the details of your bank account into a structure BANK_ACCOUNT that contains fields like account_Id, account_holder_name etc.
  If you create a structure in your program then it is local to your program. So you use this structure to create data holders of this DATA TYPE to hold data in your program.
  Edited by: suja thomas on Feb 11, 2008 6:24 AM
  Edited by: suja thomas on Feb 11, 2008 6:31 AM

• Swap task flow in dynamic region from menuitem in menubar

  Hello,
  I have a dynamic region and two task flows. I have action listeners that swap the task flows into the dynamic regions. When these action listeners are tied to buttons, everything works as expected, but if i attach them to menuitems on a menubar, despite the fact the the listener is executed (based on log file debugging), the task flow in the region does not change.
  Can anyone please give me an idea why, and exactly how someone can swap a task flow in a dynamic region from a menuitem.
  I'm using Jdeveloper 11.1.1.0.1
  Thanks
  Edited by: fakintoy on Apr 22, 2009 3:45 PM
  Edited by: fakintoy on Apr 22, 2009 3:46 PM
  Edited by: fakintoy on Apr 22, 2009 4:06 PM

  Hi,
  My guess is that the region is not added to the list of partial targets. Add a partialTrigger on the region pointing on the menu item.
  p.s. Code snippet would really help to get a more precise answer here
  Regards,
  ~ Simon

• Writing new HTML to a page from an applet using LiveConnect, 1.3.1 Plug-i

  Has anyone been able to successfully replace a page with an applet with the dynamically generated HTML from an applet using LiveConnect and Plugin 1.3.1 in Netscape 6.2 or IE?
  The following works fine without plugin or with 1.4.0 beta3 plugin.
  Here is the code that I use without plugin:
  JSObject windowObject = JSObject.getWindow(this);
  JSObject documentObject = (JSObject) windowObject.getMember("document");
  documentObject.call("close",null);
  documentObject.call("open",null);
  String anArray1[] = {null};
  anArray1[0] ="some HTML here";
  documentObject.call("write", anArray1);
  documentObject.call("close",null);
  Here is the code that I use with 1.4.0 plugin:
  JSObject windowObject = JSObject.getWindow(this);
  JSObject documentObject = (JSObject) windowObject.getMember("document");
  String anArray1[] = {null};
  anArray1[0] ="some HTML here";
  documentObject.call("write", anArray1);
  When I try to use anyone of the above using plugin 1.3.1, the browser either hangs or plugin generates runtime error. What is the correct way of writing to a document object? Or what is the way that works for 1.3.1 plugin?

  Hi,
  I am doing this in my applet to replace the page containing the applet with the new content. I tested that extensively with Netscape 4.7 and IE 5.5+. Definitely works if you are using Java Plug-In 1.3.1_02. Does not work well in Netscape 6.2.
      protected void setPageContent(final String newContent) {
          final JSObject window = JSObject.getWindow(this);
          final JSObject document = (JSObject) window.getMember("document");
          new Thread( new Runnable() {
                          public void run() {
                              document.call("clear", null);
                              document.call("write", new String[]{newContent});
                              try {
                                            document.call("close", null);
                                 } catch (JSException ignored) {
                      } ).start();