Help on Configuring MSS
Hello ESS/MSS Experts,
I am trying to configure MSS in Portal. The backend configuration for Compensation Management has been performed under the node Personnel Management -> Enterprise Compensation Management by the functional consultant. Even after this is done, I am getting an error in the Portal iViews MSS->Planning Page. Can any of you provide me a config document which will guide me to configure MSS from the scratch in the Portal side? I am not aware of any of the settings which needs to be configured for MSS. I am new to MSS config as well.
Any documentation or any help ASAP in this regard is greatly appreciated.
Cheers
Madhu
Hello Siddharth,
Thanks for your quick reply. I am not able to open this doc as its giving Page cannot be found error.
This is the error message I am getting in the Planning -> Service Request iView. com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: ComponentUsage(FPMConfigurationUsage): Active component must exist when getting interface controller. (Hint: Have you forgotten to create it with createComponent()? Should the lifecycle control of the component usage be "createOnDemand"?
For almost all of the other iViews am getting Portal Runtime Error.
I haven't done any configuration w.r.t MSS side from Portal and it will be of great help if you can provide a documentation which explains the step by step approach in configuring MSS from Portal.
Kindly let me know if you have any queries.
Cheers,
Madhu
Similar Messages
-
Help required for MSS configurations on Portal
Hi Experts,
Can someone please send me Portal Configuration guide or some kind of document on how to configure MSS --> Overview and Organisation services. Do I need to pass any parameters or any other configurations required?
Please help me.
Earlier responses would be much appreciated.
Thanks
UdayHi uday,
Please find the below links
MSS Configuration within SAP Portal: Organization Structure
ESS/MSS configuration in Portal as a part of HCM
http://help.sap.com/erp2005_ehp_04/helpdata/EN/14/1a6493d09849448a0537ee6727e799/frameset.htm
Hope it helps...
Thanks,
Rahul. -
Hi,
Can anybody suggest me the steps to configure MSS business package on portal 6.0. R3 server is ECC 5.0.
Thanks
ShirazHi Shiraz
Steps to configure MSS:
1 - Deploy MSS .sca to your J2EE Engine via SDM
2 - Deploy PCUI .sca to your J2EE Engine via SDM
3 - Make sure you have a SLD available, or you can enable the local SLD on your Portal J2EE instance via http://localhost:port/sld and login as Administrator or J2EE_ADMIN and run the auto import.
4 - Define your ECC server in the SLD as a new WAS ABAP instance and define all the settings via the wizard.
5 - Use the WebDynpro explorer to configure the Jco destinations to use the new WAS ABAP instance in your SLD
6 - Import the ESS business package into the Portal.
7 - Define the system definitions as per the MSS documentation for alias SAP_WebDynpro_XSS and others
8 - Assign Employee role from PCD to your Portal user and assign the relevant profile to your backend user in ECC
9 - Use transaction pa30 to add a communications infotype entry to map your username to an employee in the hierarchy.
MSS 60.1 configuration guide.:
https://www2.iviewstudio.com/support_content/_17011/BP_MSS_ERP04_601_EN.pdf
Hope this helps.
Regards
Yoga -
Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
I have a PC and a need help to configure my external hard disk on my network. Thanks
I have a PC and a need help to configure my external hard disk on my network. Thanks
If you mean you wish to plug a USB drive into the Airport Extreme router (or TC not express) that is easy..
The disk must be formatted FAT32.. as if.. stay away from FAT .. or HFS+ ie Mac OS extended Journaled.
Format the disk on a Mac is best.. and even use GUID partition scheme not MBR.
The PC has no issue writing and reading files because this is a network drive.. The PC does not write to the drive.. it writes files to the Airport OS which writes and reads the disk and passes the info using standard windows SMB.. To the windows computer it will be a Windows NT server.. FAT32 setup.
If your setup is different.. to my hugely guessed assumptions.. give details.. always helps to have.. make and model.
Make and model of disk.. make and model of router.. how the setup will be done.. what windows OS you run.. etc etc.
As it stands your question could have nothing to do with apple at all.. other than you posted in a forum so I guess there is something apple in there somewhere. -
Help to Configure Connection Pool For Jdeveloper
Hi ,
I am using Jdeveloper 10.1.2 and Oravle AS 10.1.2.
Language Used : J2EE,Struts and EJB
I am portletizing struts application.
I need help to configure Connection pool. By default it is taking a datasource.xml not the one i had defined. Pls help me out. Affecting the performance due to so many hit to db.
regards,
Jayashree JeganHi John,
Go through this thread of mine. You will get the required information to setup the connection pool.
SOAP adapter: WSDL issue
Also just check in Visual Studio Help .NET Connector for Connection Config class settings. You will see all the relevent parameters related with connection pool.
Regards. -
Help Me Configure New Hard Drive Setup
I'm currently upgrading my 8-Core Mac to Snow Leopard, FCP Studio 3, and CS4. I've also archived all of my editorial projects to external hard drives (leaving me with blank, scratch drives) and I'm now, exclusively using an HVX200/P2 workflow. I'm hoping some forum members can help me configure the best possible hard drive configuration for media back-up and realtime edit.
Here's what I'm working with:
• 1, internal 250GB hard drive (OS drive)
• 3, internal 500GB hard drives
• 1, CalDigit VR 1.3TB external hard drive (eSATA)
• 1, Glyph 1TB external hard drive (eSATA)
• 1, G-Raid 1TB external hard drive (FW800)
I also have several, external, FW800 drives which could get incorporated if need be but I'm leaving those out for now since they would be good for archiving. I'm anxious to hear what configurations people suggest.Int Drive 1- OSX and apps. FCP project backups
Int Drive 2 - project & media
Int Drive 3 - project & media
Int Drive 4 - temp scratch/render files
1 TB G-raid 800 - clone of system drive + disk images of all professional software (perhaps 2 partitions to keep 2 separate back up versions)
1.3 TB Caldigit -back up of Int Drives 2 & 3
1 TB Glyph - used when needed for temp sneekernet, temp project backup, etc.
x -
Welcome.
At the outset, I'm sorry for my English
Please help with configuration Photoshop CS6 appearance.
How to disable the background of the program so you can see the desktop. (same menus and tools)
i wantto be the same effect as CS5.Please try turning off
Window > Application Frame -
Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
keyring ISR_Keyring
self-identity user-fqdn [email protected]
match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overloadHow does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post. -
Hello All,
I've configured ESS BP in my Portal successfully and it's running perfectly fine. Now i've imported MSS also without any problems. Now the issue is when i'm launching the My Staff iViews it gives me a message "Could not connect to the R/3 System" . These iViews using the system object "SAP_R3_HumanResources" which has been used by the ESS iViews also. Now ESS iViews are working fine with the same system object but MSS iviews are giving me the error message.
Any help will be highly appreciated.
Regards
Vaibhav DuaHello Vaibhav,
have you find a solution for your problem yet?
Im having the same problem. I recently installed MSS 6.1.5 into our EP 6.0 SP14 ontop of a already installed 6.1.2 (Web Dynpro, which is working great!). We did this, because the new 6.1.2 Web Dynpro version is lacking of scenarios.
Anyway, the Config Guide of 6.1.5 doesnt say anything about what System-Configurations you have to setup in order to connect to a backend System.
Does anyone know how to setup the Backend-Connection for the 6.1.5 MSS?
regards,
Markus -
COnfiguring MSS Iviews ECC 5.0 and BP 60.1.2
HI All,
I am trying to configure reports on portal with ECC 5.0, BP for manager 60.1.2 and portal 7.0.
I am having trouble in locating the right Iview which I cna modify properties to pull the ABAP reports for SAP query.
Can any one tell me which Iview I need to configure. I know for ECC 6.0 it would be laund pad Iview.
The role in ecc 5.0 is com.sap.pct.mss.roles > <b>MANAGER</b>
DId any one work on this enviroment before does ECC 5.0 support Manager reports? if it does can you please give me which Iview I can set the application properties.
Right now, on my staff>reporting > selection criteria> Here, I see no data found. I am sure here for this iview some properties need to be set so data can be visible from sap query. Just want to know exactly what property to change.
Thanks and highly appreciate your help.
Rajsearch for iview with ID.
com.sap.pct.hcm.rpt_reportselection
open it to edit properties.. open object... select parameter Scenario and enter Scenario name MDT or whatever is applicable.
Hope this helps,
Rgds -
Help me configure Change request management !!!
Dear friends,
I am Going to Configure Change request Management, so just to ensure that the configuration is not erronous, i would need Expert advise..
Just want to know Clear few things before i proceed..
I am also refering SPRO and related notes
Scenario :
I have two SYSTEMS SAP ECC 6.0 with System id R03 and Soluiton manager with SYSTEM id SOL,
R03 has 3 clients, 300 600 700..
In R03 300 is the development client, 600 is quality client, 700 is the production client.
SOL has 2 clients, 100, 200
With 200 as the production client.
Q.1) <b>Do i have to configure CHARM in both the client (100 and 200 of SOLMAN).</b>
Q.2) Initially I had tried to set CHARM in client 100 of solman, but later on realized that it has to be set up in client 200.
When i logon to client 200 and Execute IMG activity Spro-> sap soltion manger->basic settings-> sap solution manager system->activate integration with change request management.
Then by default it take the previous client ( client 100) as the change request management client.
( as we know there are three steps in the above activity ), the other activity are executed properly, only prblem being that the default client is always set to 100, which should not be the case).
I do get the prompt saying ( "The change request clent is set to clent 100, do u want to change to client 200, on clicking yes, still it is always set the same client 100 as charm client ")
<b>Plz let me know what do i do to set the change request client to 200??</b>
Q.3) Regarding TMS, we have local domain controller in solman and local domain in R3.
We are planing to establish domain links between the two systems( ie both the domain controllers) ??
Is this the right strategy ??
<b>Any other method that u can recommend ??</b>
Q.4)One of the IMG activity says, Generate Destinations to client 000 of all the domain controllers..
Whenever i do this these, destinations are created with errors, i am not able to create trusted RFC destinations without errors.
When i logon to satellite domain controler and excecute sm59 there are 2 destinations created Trusted and BACK.
These destinations works well,
but when i logon to Solman, got to sm59 , when i test the TMW and TRUSTED rfc destinations i test these destinations using Remote Logon i get error,
" no authorization to logon as trusted system"
I went thru one note which recomended Kernel upgrades to solve the problem,
I r3 my kernel relaese is 700 with patch level 56, the note recomends to apply patch 80, did u have these problems??
<b>what is your kernel patch levels in sateliite and solman systems.</b>
Q.5) TO be able to raise tickets from R3 to solman we create RFC destinations.
We also create RFC destinations to client 000 of all the sateliite system,
<b>dont u think these RFC destinations might interfere with each other??</b>
Q.6) Is there anyone who has successfully configured CHARM. Can you plz share the configuration documents with me..
Please note :
<b>All the contributors would be handesomely rewarded with points .</b>Hi,
Check this
Note 128447 - Trusted/Trusting Systems
For your Q4.
Q3.)
Establishing Domain link - That's the right way. Go ahead.
These are the steps.
<b>1.Define Transport Routes for System Landscape</b>
assign exactly one development system to a production system, and that these two systems are connected by exactly one unique transport track. If a development system and a production system are connected by more than one transport track, this may lead to inconsistencies within the transport distribution. This type of transport configuration cannot be supported by Change Request Management, and may cause inconsistencies within the tools involved.
<b>2. Activate Extended Transport Control</b>
The CTC parameter should be '1'
<b>3.Configure Transport Strategy</b>
Deactivate the QA Approval.
<b>4. Activate Trusted Services.</b>
5.Activate Domain Links.
You have to activate domain link between systems.
6. Generate RFC Destinations to Client 000
Hope this helps.
feel free to revert back.
--Ragu -
Need help to Configure Cisco ACE 4710 Cluster Deployment
Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
rserver ebsapp2 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
serverfarm ebsppsvrfarm
class class-default
compress default-method deflate
sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
loadbalance vip inservice
loadbalance policy ebsapp-vip-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal- -
Need help to Configure FTPS connection for File Sender Adapter
Hi,
I want to Configure, FTPS connection (Secured Connection) for File Sender Adapter. Could anyone please guide me, what Information I require to configure. I just want to know what Information should I request the team inorder the configure FTPS so that it can be deployed properly.
I have checked with [SAP Help Link|http://help.sap.com/saphelp_nw04/helpdata/EN/e3/94007075cae04f930cc4c034e411e1/content.htm] and while configuring the communication channel found that I need Keystore and the X.509 Certificate and Private Key. which needs to be deployed on the J2EE server by using the Visual Administrator.
Is there anything else, I need to configure.
Any help would be appreciated in this regard.
Thanks & Regards,
Varun.KThe basic things are Certificate/Keys which you already know. Usually it is enough for running a sceanrio.
However, if you have additional requirements, like FTPS for "Connection Security" for encryption, then you may need additional details like commands. Rest all settings are same as FTP.
Regards,
Prateek -
Please help me configure a new 8core for FCP
PLEASE HELP A PC GUY MOVE OVER...
I need to configure a new 8-core for FCP mainly. I need to keep the expense reasonable so dont want to spend extra $$$ if i dont have to.
I edit files from many different camera's these days. Mostly weddings & demos.
I want to go with an 8 core either Two 2.26GHz, OR 2.66GHz? Is the 2.2 fast enough with FCP?
How much ram do i need?
Do I need to stripe 2 sata drives together for the video?
Which video card?
Can you recommend any other software/hardware that will help me?
Here is a link to apples spec page:
http://www.apple.com/macpro/specs.html
THANKSsarecco wrote:
PLEASE HELP A PC GUY MOVE OVER...
Welcome to the family. if you are not familiar with the Macintosh operating system, get yourself a book.
sarecco wrote:
I want to go with an 8 core either Two 2.26GHz, OR 2.66GHz? Is the 2.2 fast enough with FCP?
Either will work fine.
sarecco wrote:
How much ram do i need?
As much as you want but 8G will be adequate. More might not help significantly.
sarecco wrote:
Do I need to stripe 2 sata drives together for the video?
Depends on the video you're trying to use or if you want to do 9 camera multiclips. Maybe.
sarecco wrote:
Which video card?
The stock 4870 is the gold standard for Motion; the current rev of FCP does not care much about the GPU but we are hoping future revs will use the card directly.
sarecco wrote:
Can you recommend any other software/hardware that will help me?
Umm, withotu knowing what you need to do, of course not.
sarecco wrote:
THANKS
No sweat, ignore those other guys. We see this post about once a week around here so you can easily research it on the forum. Strongly urge you to locate your local Macintosh user group.
bogiesan
Maybe you are looking for
-
Satellite Pro A200 - Display Device Hotkey Utility for XP not available
I have just received 6x A200s (PSAE1E-00Q002EN). These were pre-installed with Vista, however, due to the software platform in place at my institution, I rolled-back the OS to Windows XP. All drivers installed fine form the Toshiba support pages and
-
Reinstalling from backup - Windows
My hard drive was replaced, but I had a backup so I copied the adobe files from the following folders: Program files, Program files 86X, Users (desktop). I can see the files there, including the installation instructions and my reciept from adobe wit
-
Hi Can anyone help me with a bit of ScriptUI. I am building a dialog box that contains a tabbed panel containing a single tab. I am filling this window with rows of editText boxes. Is it possible to make the tabed panel scrollable? There will be time
-
I've been recompiling my entire system with the ABS packages, and while almost all packages compiled well under gcc4.3, some packages had trouble with it. So I've discovered the 'bugs' and made some patches. I would like to share them with the commun
-
Hi, Everytime I try to call somebody on skype it freezes my computer and I cant do anything. I have tried un installing skype and reinstalling and still freezes. I am on windows 7 and never had a problem until 7.4. Everytime it freezes I have to re