How to configure AnyConnect ACL's?

Similar Messages

• How to configure AnyConnect/ASA/Certificate/MS CA together

  Hello
  We are looking to apply mobile device management utilizing some third-party cloud solution. Mostly iPad users will connect to our internal network using AnyConnect thru ASA. Third party MDM will be used to control and provision ipads and i need to provide solution for AnyConnect VPN.
  Looking for some guidance, docs, examples, white paper that will provide info how to configure the following:
  users will connect to ASA VPN using AnyConnect; certificate issued by internal Microsoft CA and unique to each user will be used for authenticate the user. ACS will communicate with Microsoft AD to check if the user is valid AD user. Once authentication is done, user will have access to internal network.
  I am struggling to get all those peace of puzzle togehter so i can work on solution.
  I would appreciate if someone will give me some ideas how this whole scenario will work.
  Thank you.

  Anyone from experts out there? I am sure someone heave doen this before.

• MS Access querying SQL Server: How to configure Network ACL?

  I need to set up a highly restrictive ACL for access to a particular SQL server in our network.  This ACL will reside on our core switch at the "front door" of our network and permit access to the SQL server only using the ports that
  are necessary.  The purpose is to A) Try to keep unauthorized users from gaining access to the host server and B) Should someone somehow gain unauthorized access to the host server. keep them from being able to "hop off" to other PC's on
  the network. 
  The server will be accessed by clients using MS Access to query the SQL database and bring back reports.  A few admins are actually able to make minor changes to the database such as updating a user list or location list. In other words, both
  read and write access is needed to the SQL database.
  I know that the default SQL server port is 1433, but according to a Microsoft Support article I read, "client ports are assigned a random value between 1024 and 5000".
  I was really hoping I could just put something like "permit PC1 access to SQL Server on Port 1433" in my ACL, but after reading the MS Support article it sounds like I've got to allow almost 4,000 ports through?
  Could someone help demystify this for me so I can build the right ACL?

  The tool to use is SQL Server Configuration Management.
  But what you can configure is which port SQL Server listens to. Which port the client listens to is not controllable as far as I know. But that can of course be many, since a client can have many connections to SQL Server. (And the range is not
  restricted to 1024-5000. I connected over TCP locally, and I see this with netstat -a
    TCP    127.0.0.1:6621         NATSUMORI:ms-sql-s     ESTABLISHED
  Then again, I don't see why you would have to open any ports for the clients at all. I have never heard of this being a problem.
  Erland Sommarskog, SQL Server MVP, [email protected]

• ASA 5505 8.4. How to configure the switch to the backup channel to the primary with a delay (ex., 5 min) using the SLA?

  I have ASA 5505 8.4.  How to configure the switch to the backup channel to the primary with a delay (for example 5 min.) using the SLA monitor?
  Or as something else to implement it?
  My configuration for SLA monitor:
  sla monitor 123
   type echo protocol ipIcmpEcho IP_GATEWAY_MAIN interface outside_cifra
   num-packets 3
   timeout 3000
   frequency 10
  sla monitor schedule 123 life forever start-time now
  track 1 rtr 123 reachability

  Hey cadet alain,
  thank you for your answer :-)
  I have deleted all such attempts not working, so a packet-trace will be not very useful conent...
  Here is the LogLine when i try to browse port 80 from outside (80.xxx.xxx.180:80) without VPN connection:
  3
  Nov 21 2011
  18:29:56
  77.xxx.xxx.99
  59068
  80.xxx.xxx.180
  80
  TCP access denied by ACL from 77.xxx.xxx.99/59068 to outside:80.xxx.xxx.180/80
  The attached file is only the show running-config
  Now i can with my AnyConnect Clients, too, but after connection is up, my vpnclients can't surf the web any longer because anyconnect serves as default route on 0.0.0.0 ... that's bad, too
  Actually the AnyConnect and Nat/ACL Problem are my last two open Problems until i setup the second ASA on the right ;-)
  Regards.
  Chris

• Don't know which technology to utilize or how to configure ASA5505

  I have an ASA5505.  Currently, it is using static NAT on several ports to forward traffic to several devices inside my network.  It is a pain not only to configure but from the end user side.
  The issue I am having is the applicatoins I am using to access the devices become a mess with dual configurations, one for when I am connected to the internal network and one for when I am away from the office and accessing from the internet.  For example, I have 2 Cisco VC240 IP Cameras behind the ASA5505.  One is set use port 9091 and the other 9092.  When I am inside the office, I access them via http://10.1.2.215:9091 and http://10.1.2.216:9092.  But when I am away from the office, I have to have another configuration in an Android app to use them, http://external_ASA_IP:9091 and 9092 and then NAT 9091 to the object for Camera1 and 9092 for Camera2.  This is only one scenario.  I also have a UC320W that I would like to put an IP phone at home and it sounds like AnyConnect is the only way to do this.
  It sounds like to me that if I use some type of VPN, I can access the same devices using the same IP whether internal or external with the external connection using the VPN to tunnel the IP to the local network.  There seems to be quite a few ways to do this with an ASA 5505.
  AnyConnect seems like the way to go but after reading Cisco documentation, it requires your Android device to be root'd if it is not a particular Samsung model.  If I understand correctly, root'ing your phone voids the warranty.  I know it is common practice but would think Cisco would have a better solution as I am sure Cisco would not want another manufacturer telling their customers to void the warranty on their Cisco equipment in order to get it to work.
  I believe I can just use IPSEC and use the native VPN of the Android OS and also tunnel L2TP as the Android supports IPSEC-PSK/L2TP or IPSEC-CRT/L2TP.  But will either of these will support the IP phone to the UC320W?
  A friend also told me to use NginX to proxy URL's so the URL http://www.fqdn.com/camera1 gets proxy'd to the internal IP of Camera1 and http://www.fqdn.com/camera2 gets proxy'd to Camera2.  He says I should be able to store a cookie on the phone and let the phone authenticate to the camera and if the phone cannot, the proxy can authenticate internally to the IP camera over SSL.
  I don't know anymore, I am so confused and just want to simplify my life as I am just a small business with me and a couple other employees but I have full-time job and it is not IT/Network Technician, it is only CTO/CEO/CIO/CFO.  I don't have hours upon hours to set this up and test and I don't have hours upon hours to manage it.  I just need to simplify this and have so that it is a set-it-and-forget-it for 6 months to 1 year and re-evaluate or update.  So, if someone suggests IPSEC, I would not know how to configure anyway and you should expect another post.  The same for AnyConnect or any of the other suggestions.
  Thanks in advance for any advice.

  Hi!
  1. Set Calculation Mode property of ITEM_5 to Formula.
  Formula property:
  nvl(:Block_Name.ITEM_1, 0) + nvl(:Block_Name.ITEM_2, 0) + nvl(:Block_Name.ITEM_3, 0) + nvl(:Block_Name.ITEM_4, 0)
  OR
  Function_Name(Param_1,... Param_N);
  Have in view of, that the ITEM_5 data will not be saved in DataBase.
  2. When-Validate-Item trigger is usfull when is necessary to store calculated item data in DataBase.
  Rename you Post-Query trigger to When-Validate-Item.
  Modify trigger: Store calculation result in the variable.
  (Don't forget to round variable value!)
  Then compare it with ITEM_5. If they are different - :ITEM_5 := var_name.
  I prefer the first method.

• How to configure OraMTS to allow WCF using MSDTC access  OracleDB  On unix?

  How to configure OraMTS to allow WCF using distributed transactions to access the ORACLE database On Linux/Unix ?
  Env:
  1. DB-tier node , ORACLE database (version: 11.2.0.1.0) on Redhat Linux server ;
  2. middle-tier node ,Both the client, the MS DTC and Oracle MTS run on the same computer , Win7 x64 OS , installed .Netframework 4.0, ODP.net (ODAC112030), and configure the component services in a distributed transaction;
  Has done the configuration:
  1. ORACLE database on a Linux server (version: 11.2.0.1.0) has execute oramtsadmin.sql script;
  2.ORACLE database on a Linux server (version: 11.2.0.1.0) has execute the following script, Creating an Access Control List (ACL);
  BEGIN
  -- Create the new ACL, naming it "OraMTSadmin.xml", with a description.
  -- This provides the OraMTS administrative user e.g. MTSADMIN user FOO
  -- the privilege to connect
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('OraMTSadmin.xml',
  'Allow usage to the UTL network packages',
  'ORAMTS', TRUE, 'connect');
  -- Now grant privilege to resolve DNS names to the OraMTS administrative user
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('OraMTSadmin.xml' ,
  'ORAMTS', TRUE,'resolve');
  -- Specify which hosts this ACL applies to, in this case we are allowing
  -- access to all hosts. if one knew the list of all Windows middle-tier,
  -- these could be added one by one.
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('OraMTSadmin.xml','*');
  END;
  3. ORACLE database on a Linux server has set JOB_QUEUE_PROCESSES = 1000;
  4. restart Oralce;
  5.Test code as follows :
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Text;
  using JetSun.Infrastructure;
  using Microsoft.VisualStudio.TestTools.UnitTesting;
  using JetSun.Infrastructure.ServiceModel;
  using JetSun.DataModel.Cis;
  using JetSun.TestFramework;
  using System.IO;
  using System.Data.EntityClient;
  using System.Data.Objects;
  using ConsoleApplicationTest;
  using System.Transactions;
  namespace Core.Tests
  [TestClass]
  public class EfOracleTest
  public TestContext TestContext { get; set; }
  [TestMethod]
  public void GetEntities()
  //string cn = "DATA SOURCE=HIS30;DBA PRIVILEGE=SYSDBA;PASSWORD=jetsun;PERSIST SECURITY INFO=True;USER ID=SYS;enlist=true";
  string cn = "DATA SOURCE=HIS30;DBA PRIVILEGE=SYSDBA;PASSWORD=mtssys;PERSIST SECURITY INFO=True;USER ID=mtssys;enlist=true";
  DbsSetting s = new DbsSetting(Dbs.IP, DbsProvider.Oracle, cn);
  Runtime.SetDeploymentDir(TestContext.TestDeploymentDir);
  File.Copy("E:\\VSTS\\MedicalHealth\\bin\\Debug\\DataModel.Cis.Oracle.dll", Path.Combine(TestContext.TestDeploymentDir, "DataModel.Cis.Oracle.dll"));
  //File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.csdl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.csdl"));
  //File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.ssdl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.ssdl"));
  //File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.msl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.msl"));
  File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.csdl", Path.Combine(TestContext.TestDeploymentDir, "Model1.csdl"));
  File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.ssdl", Path.Combine(TestContext.TestDeploymentDir, "Model1.ssdl"));
  File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.msl", Path.Combine(TestContext.TestDeploymentDir, "Model1.msl"));
  string connectionString = s.ToEdmConnectionString(typeof(EdmEncounter), false);
  //// Initialize the EntityConnectionStringBuilder.
  //EntityConnectionStringBuilder entityBuilder =
  // new EntityConnectionStringBuilder();
  ////Set the provider name.
  //entityBuilder.Provider = s.Provider.Provider;
  //// Set the provider-specific connection string.
  //entityBuilder.ProviderConnectionString = cn;
  //// Set the Metadata location.
  //entityBuilder.Metadata = string.Format(@"res://{0}/EdmDiagnose.csdl|res://{0}/EdmDiagnose.ssdl|res://{0}/EdmDiagnose.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
  //entityBuilder.Metadata = string.Format(@".\Model1.csdl|.\Model1.ssdl|.\Model1.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
  //connectionString = entityBuilder.ToString();
  ////using (Entities edm = new Entities(connectionString))
  //// foreach (var item in edm.ENCOUNTERs.Take(10))
  //// Console.WriteLine("{0}\t{1}", item.ENCOUNTERID, item.DISPLAYNAME);
  //entityBuilder.Metadata = string.Format(@"res://*/EdmDiagnose.csdl|.\EdmDiagnose.ssdl|.\EdmDiagnose.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
  //entityBuilder.Metadata = string.Format(@"res://{0}/", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
  connectionString = s.ToEdmConnectionString(typeof(EdmFeeInfo), false);
  try
  //using (TransactionScope tx = new TransactionScope())
  using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required, new TimeSpan(0, 0, 30)))
  //using (var dbcn = s.Provider.CreateConnect(connectionString))
  using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
  //edm.Connection.CheckOpen();
  //using (edm.Connection.BeginTransaction())
  foreach (var item in edm.FeeInfos.Take(100))
  TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
  item.Amount = item.Amount * -1;
  edm.SaveChanges();
  // using (EdmFeeInfo edm2 = new EdmFeeInfo(connectionString))
  // edm2.Connection.CheckOpen();
  // edm2.Connection.EnlistTransaction(Transaction.Current);
  // foreach (var item in edm2.FeeInfos.Take(100))
  // item.Amount = item.Amount * -1;
  // edm2.SaveChanges();
  // throw new NotImplementedException();
  TestContext.WriteLine("-----------1---------------");
  using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
  foreach (var item in edm.FeeInfos.Take(100))
  TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
  throw new NotImplementedException();
  catch (Exception ex)
  TestContext.WriteLine((ex.InnerException ?? ex).Message);
  TestContext.WriteLine("-------------2-------------");
  using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
  foreach (var item in edm.FeeInfos.Take(100))
  TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
  6. the test results are as follows:
  4 125
  4 835.45
  4 3458
  4 2350
  4 200
  4 100
  4 300
  4 123
  4 234
  无法列入分布式事务处理 （Could not be included in the Distributed Transaction）
  -------------2-------------
  4 125
  4 835.45
  4 3458
  4 2350
  4 200
  4 100
  4 300
  4 123
  The main error message:无法列入分布式事务处理 （Could not be included in the Distributed Transaction） , not use distributed transaction everything is normal.
  My test environment MS DTC and Oracle MTS Recovery Service run on the same computer, but OracleMTSRecoveryService registry values under£º HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ ORACLE \ OracleMTSRecoveryService ,not under HKEY_LOCAL_MACHINE \ SOFTWARE \ ORACLE,I do not know that there is no relationship.
  Is not configured incorrectly?Who can help me, thank you very much!

  Do you really have a requirement to push data from Oracle to Access rather than pulling data from Oracle to Access? It would be exceptionally unusual to push data from Oracle to Access.
  Pushing from Oracle to Access would means that you want some Oracle process running that is updating Access. But you said that your Access database was on your "local desktop" which implies that it is not running on a server where it is always available. So that means that the Oracle process is going to regularly encounter (and report) errors because the Access database is not available. In turn, that's going to mean that your push process is either going to cause the underlying transaction to fail or it's going to mean that the push process is going to have to implement a fair amount of code to queue data to be pushed at a later date (and track all those changes) which is no small task. None of that seems particularly pleasant.
  On the other hand, Access is designed to pull data from real relational databases like Oracle. That's the far more normal approach architecturally. It doesn't require an Oracle process, it doesn't generate errors on the Oracle database when the local desktop is down, etc.
  And, of course, I'm assuming that introducing Access is even architecturally reasonable. Most organizations would be extremely hesitant to allow data from an Oracle database to get moved into Access because that quickly means that they lose control of the data from a security standpoint, that there are now multiple copies of the data floating around when changes & corrections are made, etc. That causes all sorts of headaches normally above and beyond the headaches that pushing from Oracle to Access would create.
  Justin

• Could you please tell me how to configure NSP as « trusted » system  in the latest trial version of NetWeaver?

  Hi,
  Could you please tell me how to configure NSP as « trusted » system in the latest trial version of NetWeaver?
  Please see the attachment.
  Thanks,
  Marc

  Hi Marc,
  go to transaction STRUSTSSO2, generate a certificate for your system, then add it to certicate list and to ACL for your client.
  There will probabely be  several parameters to set in instance profile if you plan to use SSO.
  Best regards,
  Vincent

• How to configure oracle listener profile for multiple oracle database

  Hi,
  I am going to install solution manager system in the same server of ERP EHP4 on Windows. Both DB are oracle.
  I'd like to know how to configure listener in this kind of envirnmonent.
  a. use two listener and different ports
  b. use same listener but different ports
  c. use same listener and same port
  Which is the correct mothed?
  And, after installation, there seem three set of profiles of listten, one for ERP, one for SLM, and the other for OS?(%windir%system32), which one is functional?
  Please advise.
  Thanks a lot.
  Regards,
  Alex

  Hi,
  standard installation is creating new configs for listener for each instance.
  I would recommend to use one listener per each instance.
  YOU CAN NOT HAVE one port number for two differnet systems!
  If you want to use one listener than you must adapt tnsnames.ora, listener.ora and ensure that both systems will use different port numbers.
  For example PORT= 15<system number>
  Peter

• How to configure one TREX host with multiple index servers ?

  Hi All,
  Does anyone know how to configure TREX on the one host,
  with multiple index servers ?
  Reason for this is to make better use of resources available on the host server(4 Gig, 4 Processor, Windows2003), to improve the search performance of
  our KM content for portal users.
  I am using TREX 7 and have not been able to do this,
  despite reading the Single and Distributed install
  documentation.
  Any help would be appreciated.
  Regards,
  Andres

  Hi Andres,
  To make use of the RAM a Server provides you have to run two indexserver processes (each can then consume 2 GB);
  Proceed like this:
  1. Go to TREXdeamon.ini; check if section [indexserver2] is there (it is already provided, but not active in standard installation)
  2. In TREXdeamon.ini go to
  [daemon]
  references sections below
  programs=nameserver,preprocessor1,indexserver1,queueserver,alertserver
  and add indexserver2 here. Restart TREX; second porcess is then started; can be checked in TREX monitor in Portal as well
  3. To distribute existing indexes to the new process, start TREXadmintool and go to Index: Landscape
  Go to the last two columns and move the indexes (move master here/secondary mouse click)
  If you don't distribute the indexes the new index server process will be regarded when an new index is created.
  Hope this helps!
  cheers
  Bettina

• How to configure request manager service for multiple website in one web application

  I have set up sp 2013 as below:
   web application : wa1
  site collection : sc1
  sp site: site1, site2
  I used 2 WFE, 1 APP, how can I use request manager service to control  site1 to wfe1, site2 to wfe2?
  Awen

  That's not what i'd describe as load balancing.
  A better description would be load-isolation. In your description then if the load on site1 was large (and growing) but site2 was quiet then site1 would struggle and eventually become unable to handle the number of users but site2 would still be ok. That's
  fine from a QOS point of view but it's not the norm for load balancing. It would work in simple scenarios but the out of the box load balancing tools are much better suited than that sort of approach.
  This article shows how to configure the RMS and may help show how your request is difficult to configure:
  http://www.harbar.net/articles/sp2013rm2.aspx

• How to configure 3 different members under a single Month column

  Hi SAP Gurus,
    My client requirement is to show the report in following format, where under a Month column 3 different columns having
  1) Quantity (Number of unit ) of a product,
  2) its rate (Amount per unit), and
  3) Total (amount)    will appear in a single report.
     I have Month as a Time Dim, while Qty, Rate and Total are members of account dim.
  Que: How to configure such scenario in a single report?
  Jan.2011
  Product Category:            Qty (Input)   Rate (Input)   Total (Output)                    
  Product 1                                               
  Product 2                                             
  Product 3                                             
  Product 4                                             
  Group1                                             
       Where: Total = Qty X Rate                                        
  Thanks and Regards,
  SouarbhD

  Hi,
  Use an EVDRE to create your input schedule. You need to have one row with products and 2 columns with time and account. Choose the memberset options as per the requirement. For the accounts, is total calculated with a dimension formula? If yes, then you just need to enter the values for quantity and rate and send the data. The total will be calculated by the system and will be displayed automatically.
  Hope this helps.

• How to configure an Alert message if communicationChannel(JMS) stops

  All,
  Is there a way how to configure an alert when the communication channel stops.
  <b>Scenario:</b>
  In the path Runtime workbench->Component Monitoring->Adapter Engine->Communication Channel monitoring, if we see that a communication channel has stopped(RED traffic light as Status), then can we trigger an alert notification for same.
  Currently we have alrerts configured for any message/s failure in the JMS Adapter Framework. So can we trigger simmilar alerts when a comm channel stops(for whatever reason).
  Thanks in advance
  RK

  Hi Sreeram,
  Thanks for the quick reply.
  We have a scenario where we activate individual channels at a given time. So in this case, Adapter will always be in RED as all queues are never running in our scenario.
  So we need an ALERT to be triggered for individual comm channels. Is theer any way that you can think of ?
  Thanks and regards
  RK

• How to configure multiple IP addresses on one NIC?

  Hi,
  I just installed a OVM Server in version 3.2.1 and the according VMManager. Now i wanted to try to configure the Server/Server Pool. Now i come across a problem, which was already a big problem in OVM 2 while configuring the Networks.
  All our OVM Servers have three NICs in them. One is for VMs and Management, the others are for connection to our SAN (Dell PowerVault MD 3220i). My problem is, that due to the network setup, the two NICs for storage need two IP addresses in two different networks each. This shouldn't be a problem, because usually in linux all you have to do is configure something like eth1:1. I remember having huge trouble configuring it in our OVM 2 cluster up to the point where I had to write a shell script to configure the second IP.
  Anyways, I have configured two of the storage networks on eth1 and eth2 of the VM Server. Now i cannot configure any more IP addresses, because eth1 and eth2 are not available anymore for configuration in a third network. I really hoped that it would be possible in OVM 3 to configure multiple IP addresses. And probably it is only my lack of knowledge of how to configure it.
  So any advice is well appreciated.
  Thanks!
  Regards,
  Marek Hubatka

  You should be able to do this by using "VLAN Groups".
  http://docs.oracle.com/cd/E35328_01/E35332/E35332.pdf
  Check out the VLAN groups section. You must great the VLAN groups before you can assign them to interfaces.

• IAS 10.1.2-how to configure different oc4j listen to different virtualhost?

  Hi
  I have requirement,
  we have oracle portal based web site that can be used by outside users over the internet.
  And then we have are deploying few new apps/webservices/ear files on a oc4j called core_ws. These web services should not be accessed outside.
  I have created a virtaul host in apache on a different port(7799) which was not exposed to public world.
  But, how to configure core_ws to inform Apache to listen on only port 7799 but not on port 80?
  I tried a diffent route to attack the problem(as mentioned below) which managmenet did not like:
  created location directive, worked in dev but not in production as there ISA sitting front of apache.
  We could apply filter on the URLs of these web services in ISA but my director did not like the idea as each time there is additional web service we have mess with it.
  So, he prefers running these web services on a different port that will not have access to public.
  Appreciate your help if have acheived the same earlier.

  By your description, it sounds like you want to do what is in this My Oracle Support document:
  How To Create Virtual Host Specific OC4J Applications (Doc ID 389819.1)
  https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=389819.1
  (requires login)
  You said you were using 10.1.2, so that will work, its a method of creating separate virtualhosts and using rewrites to direct to error pages if an incorrect request is made. For 10.1.3, but there is a dynamic method which is a better approach.
  ...Ken

• How to configure sync with my local ftp server?

  I have used XMarks since now because it hallow me to synchronize my bookmarks with my local server. Now XMarks don't work anymore because it's not more possible to synchronize the passwords.
  Any other alternative imposes to use an external server and I don't want to use an external server. My data must remain on my machine it's absolutely excluded that i use an external unknown server for this.
  The only solution must be a free solution (a real free solution) and the firefox synchronization seems to me the best/only one.
  But I've not found how to configure it to use my own server.
  So how to do it, where are the options to the synchronizer to give my own ftp server or whatever other server it needs?

  iAS 6.0 sp4 officially does only support iPlanet Directory Server 5.0 sp1 and 4.13.
  For more details visit: http://docs.iplanet.com/docs/manuals/ias/60/sp4/ig/prep.htm#42084
  I guess, you can specify the directory server during the time of installation.
  Thanks,
  Rakesh.