How to configure ASA to allow activesync connections ?

To allow Activesync connections (between smartphones and an internal Exchange server) thru an ASA, I think about 3 or 4 potential solutions :
1) do a NAT on the Exchange server and allow activesync TCP connections from any IP to the Exchange server : I tested that and this works, but it is not the most secure solution we can imagine;
2) use a Clienless VPN SSL ASA configuration : I tried it, but got problems certaintly related to the fact that the Activesync client, installed on my Android/Samsung smartphone, does not seem to be able vto pass properly thru the ASA Portal to reach the Exchange server;
3) use an Anyconnect VPN ASA configuration : I tried it , but did not manage to install or use any of the Samsung Anyconnect client available on Android Market; by the way, I saw, in the Anyconnect VPN Client Admin Guide 2.4, that an ActiveSync MSI is available from CISCO (
anyconnect-wince-ARMv4I-activesync-AnyConnectRelease_Number-k9.msi), but I don't see any details about how it is supposed to be used except that it is for Windows environment only, so, not for an Android phone, but I have Windows Mobile smartphones to integrate too, so, maybe it can help me in this case ;
4) if Clientless nor Anyconnect solutions can't work, it might be better to use the ASA Cut-Through proxy function to get a more secure solution than the first one listed above; but I was not successful either with this cut-through proxy function
Any ideas or examples about how to allow activesync connections thru ASA would be welcomed
thanks in advance

Hi,
Generally ASA with CSC will support HTTP,FTP,SMTP,POP3 Scaning and Filtering.
From version ASA IOS 8.4.2 and CSC 6.6.1125.0, it will support HTTPS filtering also.
But here one limitation is that Https filtering will not support earlier versions of internet explorer 9, i.e if you want HTTPS filtering you must use Internet explorer 9 or after versions( As you know that Windows XP machines won't support internet explorer 9). But with firefox HTTPS filtering will support from versions 4.
For your reference use below 8.4.2 release guide
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html
Release notes for CSC version 6.6.1125
http://www.cisco.com/en/US/docs/security/csc/csc66/release/notes/cscrn66.pdf
Basic configuration of the CSC
http://www.cisco.com/en/US/docs/security/csc/csc6.1.1569.0/administration/guide/cscappa.pdf
Sending traffic to the CSC module (using ASDM and CLI)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808dea62.shtml
The troubleshooting guide:
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/csc8.html#wp1147829
Hope this will help you...
Do rate help ful posts..
Regards,
Janardhan

Similar Messages

How to configure OraMTS to allow WCF using MSDTC access OracleDB On unix?

How to configure OraMTS to allow WCF using distributed transactions to access the ORACLE database On Linux/Unix ?
Env:
1. DB-tier node , ORACLE database (version: 11.2.0.1.0) on Redhat Linux server ;
2. middle-tier node ,Both the client, the MS DTC and Oracle MTS run on the same computer , Win7 x64 OS , installed .Netframework 4.0, ODP.net (ODAC112030), and configure the component services in a distributed transaction;
Has done the configuration:
1. ORACLE database on a Linux server (version: 11.2.0.1.0) has execute oramtsadmin.sql script;
2.ORACLE database on a Linux server (version: 11.2.0.1.0) has execute the following script, Creating an Access Control List (ACL);
BEGIN
-- Create the new ACL, naming it "OraMTSadmin.xml", with a description.
-- This provides the OraMTS administrative user e.g. MTSADMIN user FOO
-- the privilege to connect
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('OraMTSadmin.xml',
'Allow usage to the UTL network packages',
'ORAMTS', TRUE, 'connect');
-- Now grant privilege to resolve DNS names to the OraMTS administrative user
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('OraMTSadmin.xml' ,
'ORAMTS', TRUE,'resolve');
-- Specify which hosts this ACL applies to, in this case we are allowing
-- access to all hosts. if one knew the list of all Windows middle-tier,
-- these could be added one by one.
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('OraMTSadmin.xml','*');
END;
3. ORACLE database on a Linux server has set JOB_QUEUE_PROCESSES = 1000;
4. restart Oralce;
5.Test code as follows :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using JetSun.Infrastructure;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using JetSun.Infrastructure.ServiceModel;
using JetSun.DataModel.Cis;
using JetSun.TestFramework;
using System.IO;
using System.Data.EntityClient;
using System.Data.Objects;
using ConsoleApplicationTest;
using System.Transactions;
namespace Core.Tests
[TestClass]
public class EfOracleTest
public TestContext TestContext { get; set; }
[TestMethod]
public void GetEntities()
//string cn = "DATA SOURCE=HIS30;DBA PRIVILEGE=SYSDBA;PASSWORD=jetsun;PERSIST SECURITY INFO=True;USER ID=SYS;enlist=true";
string cn = "DATA SOURCE=HIS30;DBA PRIVILEGE=SYSDBA;PASSWORD=mtssys;PERSIST SECURITY INFO=True;USER ID=mtssys;enlist=true";
DbsSetting s = new DbsSetting(Dbs.IP, DbsProvider.Oracle, cn);
Runtime.SetDeploymentDir(TestContext.TestDeploymentDir);
File.Copy("E:\\VSTS\\MedicalHealth\\bin\\Debug\\DataModel.Cis.Oracle.dll", Path.Combine(TestContext.TestDeploymentDir, "DataModel.Cis.Oracle.dll"));
//File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.csdl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.csdl"));
//File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.ssdl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.ssdl"));
//File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.msl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.msl"));
File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.csdl", Path.Combine(TestContext.TestDeploymentDir, "Model1.csdl"));
File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.ssdl", Path.Combine(TestContext.TestDeploymentDir, "Model1.ssdl"));
File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.msl", Path.Combine(TestContext.TestDeploymentDir, "Model1.msl"));
string connectionString = s.ToEdmConnectionString(typeof(EdmEncounter), false);
//// Initialize the EntityConnectionStringBuilder.
//EntityConnectionStringBuilder entityBuilder =
// new EntityConnectionStringBuilder();
////Set the provider name.
//entityBuilder.Provider = s.Provider.Provider;
//// Set the provider-specific connection string.
//entityBuilder.ProviderConnectionString = cn;
//// Set the Metadata location.
//entityBuilder.Metadata = string.Format(@"res://{0}/EdmDiagnose.csdl|res://{0}/EdmDiagnose.ssdl|res://{0}/EdmDiagnose.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
//entityBuilder.Metadata = string.Format(@".\Model1.csdl|.\Model1.ssdl|.\Model1.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
//connectionString = entityBuilder.ToString();
////using (Entities edm = new Entities(connectionString))
//// foreach (var item in edm.ENCOUNTERs.Take(10))
//// Console.WriteLine("{0}\t{1}", item.ENCOUNTERID, item.DISPLAYNAME);
//entityBuilder.Metadata = string.Format(@"res://*/EdmDiagnose.csdl|.\EdmDiagnose.ssdl|.\EdmDiagnose.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
//entityBuilder.Metadata = string.Format(@"res://{0}/", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
connectionString = s.ToEdmConnectionString(typeof(EdmFeeInfo), false);
try
//using (TransactionScope tx = new TransactionScope())
using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required, new TimeSpan(0, 0, 30)))
//using (var dbcn = s.Provider.CreateConnect(connectionString))
using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
//edm.Connection.CheckOpen();
//using (edm.Connection.BeginTransaction())
foreach (var item in edm.FeeInfos.Take(100))
TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
item.Amount = item.Amount * -1;
edm.SaveChanges();
// using (EdmFeeInfo edm2 = new EdmFeeInfo(connectionString))
// edm2.Connection.CheckOpen();
// edm2.Connection.EnlistTransaction(Transaction.Current);
// foreach (var item in edm2.FeeInfos.Take(100))
// item.Amount = item.Amount * -1;
// edm2.SaveChanges();
// throw new NotImplementedException();
TestContext.WriteLine("-----------1---------------");
using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
foreach (var item in edm.FeeInfos.Take(100))
TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
throw new NotImplementedException();
catch (Exception ex)
TestContext.WriteLine((ex.InnerException ?? ex).Message);
TestContext.WriteLine("-------------2-------------");
using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
foreach (var item in edm.FeeInfos.Take(100))
TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
6. the test results are as follows:
4 125
4 835.45
4 3458
4 2350
4 200
4 100
4 300
4 123
4 234
无法列入分布式事务处理（Could not be included in the Distributed Transaction）
-------------2-------------
4 125
4 835.45
4 3458
4 2350
4 200
4 100
4 300
4 123
The main error message:无法列入分布式事务处理（Could not be included in the Distributed Transaction） , not use distributed transaction everything is normal.
My test environment MS DTC and Oracle MTS Recovery Service run on the same computer, but OracleMTSRecoveryService registry values under£º HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ ORACLE \ OracleMTSRecoveryService ,not under HKEY_LOCAL_MACHINE \ SOFTWARE \ ORACLE,I do not know that there is no relationship.
Is not configured incorrectly?Who can help me, thank you very much!

Do you really have a requirement to push data from Oracle to Access rather than pulling data from Oracle to Access? It would be exceptionally unusual to push data from Oracle to Access.
Pushing from Oracle to Access would means that you want some Oracle process running that is updating Access. But you said that your Access database was on your "local desktop" which implies that it is not running on a server where it is always available. So that means that the Oracle process is going to regularly encounter (and report) errors because the Access database is not available. In turn, that's going to mean that your push process is either going to cause the underlying transaction to fail or it's going to mean that the push process is going to have to implement a fair amount of code to queue data to be pushed at a later date (and track all those changes) which is no small task. None of that seems particularly pleasant.
On the other hand, Access is designed to pull data from real relational databases like Oracle. That's the far more normal approach architecturally. It doesn't require an Oracle process, it doesn't generate errors on the Oracle database when the local desktop is down, etc.
And, of course, I'm assuming that introducing Access is even architecturally reasonable. Most organizations would be extremely hesitant to allow data from an Oracle database to get moved into Access because that quickly means that they lose control of the data from a security standpoint, that there are now multiple copies of the data floating around when changes & corrections are made, etc. That causes all sorts of headaches normally above and beyond the headaches that pushing from Oracle to Access would create.
Justin

How to configure Rails database.ympl to connect to Oracle XE DB on Windows

How to configure database.yml file in a Rails application to be able to connect to Oracle XE DB?
I'm on Windows XP, Ruby 1.86, Rails 2.3.2. with oracle adapter.
When I tried
development:
adapter: oracle
encoding: utf8
database: localhost:1521/incentives,
host: localhost
pool: 5
username: SYSTEM
password: adminI got the below error (sorry for the stack trace traduction from French):
rake aborted!
ORA-12514: TNS : listening process doesn't know the required service in the connection description
rake aborted!
Invalid escape character syntax: /C:\Documents and Settings\myusername\My Documents\rails projects\myrailsproject\Rakefile/
c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/lib/rake.rb:2058:in `standard_exception_handling': Invalid escape character syntax: /C:\Documents and Settings\myusername\My Documents\rails projects\myrailsproject\Rakefile/ (RegexpError)
        from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/lib/rake.rb:2058:in `find'
        from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/lib/rake.rb:2058:in `each'
        from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/lib/rake.rb:2058:in `find'
        from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/lib/rake.rb:2058:in `standard_exception_handling'
        from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/lib/rake.rb:1974:in `run'
        from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.4/bin/rake:31
        from C:/ruby/bin/rake:19:in `load'
        from C:/ruby/bin/rake:19

database: localhost:1521/incentives,I don't know your environment, but the error seems quite clear... should that trailing comma be there ?

Move CA from Win2K3 to Win2012R2 - how to configure ASA

Hi Guys,
i've a littel problem with a ASA in combination with a Microsoft CA.
First, i will describe you the enviroment we have which works
CERTSRV => A Windows Server 2003 Server, with CA in Standanlone, activated NDES / SCEP Service and a RADIUS / IAS Service to let the ASA authenticate VPN User against the local Window User. The CA Root Cert has a key lenght of 512bit
Our goal is the move the CA and the RADIUS to a Windows 2012 R2 Server. Due the restriction of the windows 2012 ca to reject ca certs which less the 1024 bit we cannot simply import the current ca cert-pair into the new ca.
Also we wont upgrade the ca key-pair on our current win2k3 ca, because we cannot estimate the side-effects and the ASA VPNs must work.
So we came to fabulos idea to clone the win2k3 CERTSRV into VM. there we generate a new key-pair with 1024bit length. Then export this key, export the database from live system and import both successfully into the new 2012 R2 CA. SCEP and NAP Services are installed and tested succesfully. We are able to create a new client cert with SCEP.
Our actual problem is that we dont know how to handle the new, upgraded CA in the ASA Configuration.
I added the new CA in the CA Certificates Menu
Here is the relevant part of the ASA log (debug level)
7|Feb 27 2014|11:56:58|713236|||||IP = [CLIENT_IP], IKE_DECODE SENDING Message (msgid=6b028bd2) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
7|Feb 27 2014|11:56:58|715046|||||Group = DefaultRAGroup, IP = [CLIENT_IP], constructing qm hash payload
7|Feb 27 2014|11:56:58|715046|||||Group = DefaultRAGroup, IP = [CLIENT_IP], constructing IKE delete payload
7|Feb 27 2014|11:56:58|715046|||||Group = DefaultRAGroup, IP = [CLIENT_IP], constructing blank hash payload
7|Feb 27 2014|11:56:58|713906|||||Group = DefaultRAGroup, IP = [CLIENT_IP], sending delete/delete with reason message
7|Feb 27 2014|11:56:58|713906|||||Group = DefaultRAGroup, IP = [CLIENT_IP], IKE SA MM:49765104 terminating: flags 0x0105c002, refcnt 0, tuncnt 0
7|Feb 27 2014|11:56:58|715065|||||Group = DefaultRAGroup, IP = [CLIENT_IP], IKE MM Responder FSM error history (struct &0xadcda9c0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG6, EV_CERT_FAIL-->MM_BLD_MSG6, NullEvent-->MM_BLD_MSG6, EV_ACTIVATE_NEW_SA-->MM_BLD_MSG6, NullEvent-->MM_BLD_MSG6, EV_VALIDATE_CERT-->MM_BLD_MSG6, EV_UPDATE_CERT-->MM_BLD_MSG6, EV_TEST_CERT
5|Feb 27 2014|11:56:58|713904|||||Group = DefaultRAGroup, IP = [CLIENT_IP], Certificate Validation Failed
3|Feb 27 2014|11:56:58|717027|||||Certificate chain failed validation. Certificate chain is either invalid or not authorized.
7|Feb 27 2014|11:56:58|717030|||||Found a suitable trustpoint ASDM_TrustPoint1 to validate certificate.
7|Feb 27 2014|11:56:58|717030|||||Found a suitable trustpoint ASDM_TrustPoint1 to validate certificate.
7|Feb 27 2014|11:56:58|717030|||||Found a suitable trustpoint ASDM_TrustPoint0 to validate certificate.
7|Feb 27 2014|11:56:58|717029|||||Identified client certificate within certificate chain. serial number: 1F00000951EB42CE6BD7157E2E000400000951, subject name: [CERT ATTRIBUTES].
7|Feb 27 2014|11:56:58|717025|||||Validating certificate chain containing 1 certificate(s).
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], Connection landed on tunnel_group DefaultRAGroup
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], Trying to find group via default group...
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], Trying to find group via IP ADDR...
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], Trying to find group via IKE ID...
3|Feb 27 2014|11:56:58|713020|||||IP = [CLIENT_IP], No Group found by matching OU(s) from ID payload:
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], Trying to find group via OU...
4|Feb 27 2014|11:56:58|717037|||||Tunnel group search using certificate maps failed for peer certificate: serial number: 1F00000951EB42CE6BD7157E2E000400000951, [CERT_ATTRIBUTES]
7|Feb 27 2014|11:56:58|717036|||||Looking for a tunnel group match based on certificate maps for peer certificate with serial number: 1F00000951EB42CE6BD7157E2E000400000951, [CERT_ATTRIBUTES]
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], Trying to find group via cert rules...
6|Feb 27 2014|11:56:58|713172|||||IP = [CLIENT_IP], Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
7|Feb 27 2014|11:56:58|715047|||||IP = [CLIENT_IP], processing notify payload
7|Feb 27 2014|11:56:58|713906|||||Dump of received Signature, len 256:
7|Feb 27 2014|11:56:58|715076|||||IP = [CLIENT_IP], Computing hash for ISAKMP
7|Feb 27 2014|11:56:58|715001|||||IP = [CLIENT_IP], processing RSA signature
7|Feb 27 2014|11:56:58|715047|||||IP = [CLIENT_IP], processing cert request payload
7|Feb 27 2014|11:56:58|715047|||||IP = [CLIENT_IP], processing cert payload
7|Feb 27 2014|11:56:58|713906|||||IP = [CLIENT_IP], DER_ASN1_DN ID received, len 145
7|Feb 27 2014|11:56:58|715047|||||IP = [CLIENT_IP], processing ID payload
7|Feb 27 2014|11:56:58|713236|||||IP = [CLIENT_IP], IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + CERT (6) + CERT_REQ (7) + SIG (9) + NOTIFY (11) + NONE (0) total length : 3111
7|Feb 27 2014|11:56:58|715063|||||IP = [CLIENT_IP], Successfully assembled an encrypted pkt from rcv'd fragments!
Do you know which is the best practise for us ?
best regards from germany
Edit: I see. I missed some more informationen. Old VPN Client, with certs created on the old Win2k3 CertSrv are working
6|Feb 27 2014|13:27:52|717028|||||Certificate chain was successfully validated with revocation status check.
6|Feb 27 2014|13:27:52|717022|||||Certificate was successfully validated. serial number: 5D974DBD00010000084D, subject name: [CERT_ATTRB] .
7|Feb 27 2014|13:27:52|717030|||||Found a suitable trustpoint ASDM_TrustPoint0 to validate certificate.
7|Feb 27 2014|13:27:52|717029|||||Identified client certificate within certificate chain. serial number: 5D974DBD00010000084D, subject name: [CERT_ATTR].
7|Feb 27 2014|13:27:52|717025|||||Validating certificate chain containing 1 certificate(s).
7|Feb 27 2014|13:27:52|713906|||||IP = [CLIENT_ID], Connection landed on tunnel_group DefaultRAGroup
7|Feb 27 2014|13:27:52|713906|||||IP = [CLIENT_ID], Trying to find group via default group...
7|Feb 27 2014|13:27:52|713906|||||IP = [CLIENT_ID], Trying to find group via IP ADDR...
7|Feb 27 2014|13:27:52|713906|||||IP = [CLIENT_ID], Trying to find group via IKE ID...
Here are the configuration of the trustpoints
crypto ca trustpoint ASDM_TrustPoint0
revocation-check crl
enrollment url http://U.X.Y.Z:80/certsrv/mscep/mscep.dll
fqdn xxxxx
subject-name [CERT_ATTRB]
keypair asa01.key
crl configure
no protocol ldap
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint2
revocation-check crl none
enrollment url http://W.X.Y.Z:80/certsrv/mscep/mscep.dll
no client-types
crl configure
no protocol ldap
crypto ca trustpoint ASDM_TrustPoint3
crl configure
crypto ca trustpoint ASDM_TrustPoint4
revocation-check crl none
enrollment url http://W.X.Y.Z:80/certsrv/mscep/mscep.dll
no client-types
crl configure
no protocol ldap
crypto ca trustpoint ASDM_TrustPoint5
enrollment terminal
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 2a5a90e900010000083c
quit
certificate ca 1e185567c7bc7e91473edd472e033d78
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate ca 10acffbf9fb6429947e0cdea136cf8eb
quit
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 10acffbf9fb6429947e0cdea136cf8eb
quit
crypto ca certificate chain ASDM_TrustPoint4
certificate ca 10acffbf9fb6429947e0cdea136cf8eb
quit
crypto ca certificate chain ASDM_TrustPoint5
certificate ca 3ae8ce8cf1619498418f9982315e6ad9
quit

This seems to be very useful answer but can you provide me with some code of some link where I can find some help. actually I am new to SSIS
Here are some good examples for filling variables with an Execute SQL Task:
http://dataqueen.unlimitedviz.com/2012/08/how-to-set-and-use-variables-in-ssis-execute-sql-task/
http://dwbi1.wordpress.com/2011/06/06/ssis-updating-a-variable-based-on-database/
And here is how you set the value of a property of the foreach loop with an expression:
Please mark the post as answered if it answers your question | My SSIS Blog:
http://microsoft-ssis.blogspot.com |
Twitter

How to configure ASA 5510 V9.1(5) to send Netflow packets to Netflow Analyser 8.0

Hi guys,
I've configured my ASA 5510 Version 9.1(5) to send flow to Netflow Analyser. I think I've done it correctly but what happened is that I can see the ASA in netflow and netflow packets are receiving and increasing every time I refresh the page but there are no traffic as you can see in the attachment file. Also how can I figure out which ifindex is which interface to rename it?
BTW, my netflow version is 8.0 and below is the netflow config:
access-list NETFLOWMONITOREDTRAFFIC extended permit ip any any
flow-export destination INSIDE A.B.C.D 9996
flow-export template timeout-rate 1
flow-export delay flow-create 60
flow-export active refresh-interval 2
class-map NETFLOW
match access-list NETFLOWMONITOREDTRAFFIC
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect icmp error
class NETFLOW
flow-export event-type all destination A.B.C.D
class class-default
flow-export event-type all destination A.B.C.D
Hope someone can help me here.
Cheers,
Joe

I did find a workaround by keeping a connection open for communication between the client and server. However, I wish I did not have to do this. Ideally, I would like to be able to establish connections to the server only when needed and have the client JRE remember what certificate the user selected.
Browsers have this feature based on a user session. (i.e. once a user offers up a certificate to a server, the browser will not ask the user which certificate to send for the duration of the session to a given server).

How to configure an always on pppoe connection

Hi all..This is my first post here...I had a pppoe internet connection that was working with "sudo pppoe-start " command flawlessly. Later I have entered my username and password (pppoe) in my modem , so that I can use it as an "always on" type connection. Now how can I remove my earlier pppoe-setup files and configure my system to connect with internet ? ( mine is a usb-modem).. I have tried "Beginner's Guide section" of Arch Linux and entered static ip ,dns and default gateway. Nothing happens so I tried to make "network.service" file and start network service via systemctl method. Sadly none of these methods are not connecting with my internet. Ping also shown as unknown host.. I don't know how to fix this as I'm newbie in Arch Linux ! Could you please help me to connect my Arch system to internet ........ ( Pardon with my bad English )
Last edited by Jayasankar (2013-07-10 18:47:39)

Still working on it.
Created a translation pattern to call 9.
-> Create a new partition "9accessPT
-> Create a new CSS "9accessCSS"
-> Add the 9accessPT to 9accessCSS
-> Create a translation pattern, with a blank translation translation pattern and a called party transform mask "the number you want dialed" **********If i enter 9and a number, it automatically calls out, if i put only a 9 in the called party transform mask it does not.********
Urgent priority is checked.
-> Add the calling search space to the phone.
I'm thinking its not hitting a valid route pattern, since the 9 has already been dialed.
Still working on it.
Any ideas?
If you get it working, let me know.

How to configure RZ12 and SM59 ABAP connection settings when we have work with Load Balancing servers rather than a specific server .

Hi ,
If we have a specific server say 10.10.10.10 (abc.co.in) on which we are working, Then under RZ12 we make the following entry as :
LOGON GROUP          INSTANCE
parallel_generators        abc.co.in_10         ( Lets assume : The instance number is 10 )
Now in SM59 under ABAP Connections , I am giving the following technical settings:
TARGET HOST          abc.co.in
IP address                  10.10.10.10
Instance number          10
Now if we have a scenario of load balancing servers with following server details (with all servers on different instance numbers ) :
10.10.10.11
10.10.10.13
10.1010.10
10.10.10.15
In this case how can we make the RZ12 settings and SM59 settings such that we don't have to hardcode any IP Address.
If the request is redirected to 10.10.10.11 and not to 10.10.10.10 , in that case how will the settings be.
Regards,
SHUBHAM

Hi,
No one using FMS behind a load balancer? No one using RTMPT?

How to configure sap maxdb client to connect to SAP ERP system (SAP HR)

Hello all,
I am currently installing live cache for SAP ERP HR application(Idoc), can anybody tell me the sequence to proceed to configure SAP livecache with SAP ERP system. i am doing following steps
1. Install SAP DB using installation MAXDB CDs
2. Install SAP Livecache and standalone server SCM 5.0 using SAP ERP master and Livecache dvds.
3. install Livecache client fromSAP ERP master and livecache dvds between SAP ERP and livecache server.
4. configure in LC10, tcode.
but when i press on livecache monitoring in LC10 it gives me following error.
Command: DBMRFC
Parameter: -gsapfive -xsapgw00
SY-SUBRC: 8
Return Code
sap maxdb client

i tried the said things and after that i am getting following error in DB59, first three steps are successful but 4 one is failing.
Test Scope
1. Execute an external operating system command (DBMCLI)
2. Determine status using TCP/IP connection SAPDB_DBM (DBMRFC command mode)
3. Determine status using TCP/IP connection SAPDB_DBM_DAEMON (DBMRFC session mode)
4. Test the SQL connection (Native SQL at CON_NAME)
Application Server: <hostname>_<SID>_00                           ( Windows NT )
1. Connect. test with "dbmcli db_state"                         Successful
2. Connect. test with command mode "dbmrfc db_state"            Successful
3. Connect. test with session mode "dbmrfc db_state"            Successful
4. Connect. test with "native SQL" ( LCA )                     No connection
   SQL Code: 4008
    POS(1) Unknown user name/password combination
   For detailed information, see the developer trace for work process:            1
please see trace from file dev_rfc and dev_w0 below
log for dev_rfc
**** Trace file opened at 20110107 174356 Eastern Standard Time, SAP-REL 701,0,14 RFC-VER U 3 1016574 MT-SL
======> CPIC-CALL: 'ThSAPOCMINIT' : cmRc=2 thRc=679
Transaction program not registered
ABAP Programm: SAPLARFC (Transaction: )
User: MKUMAR (Client: 800)
Destination: IDOCTEST (handle: 2, , )
SERVER> RFC Server Session (handle: 1, 45030386, {9BAF1AE0-E29B-F1A3-9406-0019B9E204CC})
SERVER> Caller host:
SERVER> Caller transaction code: (Caller Program: SAPLQOWK)
SERVER> Called function module: ARFC_RUN_NOWAIT
Error RFCIO_ERROR_SYSERROR in abrfcpic.c : 1501
CPIC-CALL: 'ThSAPOCMINIT' : cmRc=2 thRc=679
Transaction program not registered
DEST =IDOCTEST
HOST =%%RFCSERVER%%
PROG =IDOCTEST
Log from dev_w0
A RFC 1485 CONVID 47150684i tried the said things and after that i am getting following error in DB59, first three steps are successfuk but 4 one is failing
trace from file dev_rfc is below
**** Trace file opened at 20110107 174356 Eastern Standard Time, SAP-REL 701,0,14 RFC-VER U 3 1016574 MT-SL
======> CPIC-CALL: 'ThSAPOCMINIT' : cmRc=2 thRc=679
Transaction program not registered
ABAP Programm: SAPLARFC (Transaction: )
User: ABC (Client: 800)
Destination: IDOCTEST (handle: 2, , )
SERVER> RFC Server Session (handle: 1, 45030386, {9BAF1AE0-E29B-F1A3-9406-0019B9E204CC})
SERVER> Caller host:
SERVER> Caller transaction code: (Caller Program: SAPLQOWK)
SERVER> Called function module: ARFC_RUN_NOWAIT
Error RFCIO_ERROR_SYSERROR in abrfcpic.c : 1501
CPIC-CALL: 'ThSAPOCMINIT' : cmRc=2 thRc=679
Transaction program not registered
DEST =IDOCTEST
HOST =%%RFCSERVER%%
PROG =IDOCTEST
A RFC 1485 CONVID 47150684
A   * CMRC=2 DATA=0 STATUS=0 SAPRC=679 ThSAPOCMINIT
A RFC> ABAP Programm: SAPLARFC (Transaction: )
A RFC> User: abc (Client: 800)
A RFC> Destination: IDOCTEST (handle: 2, , )
A RFC SERVER> RFC Server Session (handle: 1, 47149684, {FDB31AE0-D203-F1C0-9406-0019B9E204CC})
A RFC SERVER> Caller host:
A RFC SERVER> Caller transaction code: (Caller Program: SAPLQOWK)
A RFC SERVER> Called function module: ARFC_RUN_NOWAIT
A TH VERBOSE LEVEL FULL
A ** RABAX: end RX_GET_MESSAGE
M
M *****************************************************************************
M *
M * LOCATION    SAP-Gateway on host <HOSTNAME> / sapgw00
M * ERROR       program IDOCTEST not registered
M *
M * TIME        Fri Jan 07 18:15:25 2011
M * RELEASE     701
M * COMPONENT   SAP-Gateway
M * VERSION     2
M * RC          679
M * MODULE      gwr3cpic.c
M * LINE        1778
M * DETAIL      TP IDOCTEST not registered
M * COUNTER     715
M *
M *****************************************************************************
M
A RFC 1485 CONVID 47152747
A   * CMRC=2 DATA=0 STATUS=0 SAPRC=679 ThSAPOCMINIT
A RFC> ABAP Programm: SAPLARFC (Transaction: )
A RFC> User: ABC (Client: 800)
A RFC> Destination: IDOCTEST (handle: 2, , )
A RFC SERVER> RFC Server Session (handle: 1, 47151731, {FDB31AE0-D203-F1C1-9406-0019B9E204CC})
A RFC SERVER> Caller host:
A RFC SERVER> Caller transaction code: (Caller Program: SAPLQOWK)
A RFC SERVER> Called function module: ARFC_RUN_NOWAIT
A TH VERBOSE LEVEL FULL
A ** RABAX: end RX_GET_MESSAGE
Mani

How to configure HFM to allow loading of EOM and AVG rates?

I am new to HFM and would appreciate some assistance with loading of Exchange rates. I have created the currency members in the Value and Account Dimensions, and have also created two additional accounts (in the Accounts dimension) to capture the EOM and AVG rates, and tagged these as "currencyrate" in account type. How do I get the rates to appear in C1 and C2 so that I can load EOM and AVG rates? Firstly, the TO and FROM rates do not appear in C1 & C2 for me to select (via a Grid). And when I tried to load the data via a flat file, the system highlights that the intersection is invalid..
Scenario;Year;Period;View;Entity;Value;Account;ICP;C1;C2;C3;C4;Amount
Actual;2013;Jul;YTD;[None];<Entity Currency>;EOMRate;[ICP None];AUD;USD;[None];[None];X.XXXX
When I tried creating the currencies in C1 & C2, the system rejected the members due to duplication (ie in the Value dimension)
Assistance appreciated.
Thanks
JC

Hi JC,
To view/load the rates in a grid you'll want to select [Currencies] from View option in your Member Selection. View is the first of the three icons at the top of the screen (View, Filters, and Options). Once you select [Currencies] you'll see a list comprised of all members you've previously added to the Value dimension.
Your flat file looks good, however, you might try loading to [None] in the Value dimension rather than <Entity Currency>. Also, confirm the members to which you're loading in C1 and C2 exist in the Value dimension.
Note: you can also view/load rates using HsSetValue formulas.
Thanks,
Erich

How to configure the combobox while using connecting throught the remote URL.

I am using the combobox in the server for the selection of process stages and is working fine.
Now I want to connect the combobox through the remote URL connection of my client system. So that it will be updated simultaneously in client and server.
While connecting through the remote URL it is giving the message the to enter the value property.
I am not able to understand what value is to be entered in this option.
Please advise the solution at the earliest.
Best Regards,
Naresh Saini

Dear Poster,
As no response has been provided to the thread in some time I must assume the issue is resolved, if the question is still valid please create a new thread rephrasing the query and providing as much data as possible to promote response from the community.
Best Regards,
SDN SRM Moderation Team

How to configure MDS9148 for 8Gig SAN Connection ?

Hi All,
I am very new to MDS switches (MDS9148 )-
DS-C9148D-8G16P-K9
And need help in configuring this switch in my DC environment. Any kind of help will be really appreciated. Attached is the topology diagram.
I am intending to get the 8Gig HBAs up and be able to talk to NetApp via the FC switch.

Hello Manas,
This is a major setup. I would recommend to contact support to assist you.

How to configure AnyConnect/ASA/Certificate/MS CA together

Hello
We are looking to apply mobile device management utilizing some third-party cloud solution. Mostly iPad users will connect to our internal network using AnyConnect thru ASA. Third party MDM will be used to control and provision ipads and i need to provide solution for AnyConnect VPN.
Looking for some guidance, docs, examples, white paper that will provide info how to configure the following:
users will connect to ASA VPN using AnyConnect; certificate issued by internal Microsoft CA and unique to each user will be used for authenticate the user. ACS will communicate with Microsoft AD to check if the user is valid AD user. Once authentication is done, user will have access to internal network.
I am struggling to get all those peace of puzzle togehter so i can work on solution.
I would appreciate if someone will give me some ideas how this whole scenario will work.
Thank you.

Anyone from experts out there? I am sure someone heave doen this before.

How to configure modem and connect internet and play mp3

Hello friends
I am using sun solaris 8 intel edition .
I am using windowsXP,RedHat Linux and Sun Solaris 8 Intel Editon. I am using Internet on windows and linux platform but i cannot find any device configure tool in solaris 8 , So Please tell me how to configure modem and commands for connection internet and It is possible to play mp3 songs on solaris
Thaking in Advance
Piyush Patel
PI Solution

Look at the manual for pppd. Also take a look at OSS for sound card support (http://www.opensound.com) and xmms for your MP3 audio (http://www.xmms.org)

How to configure link between 2921 and SM-D-ES3G-48-P EtherSwitch Service Module

hi,
I can't do that like the procedure given by Cisco.
http://www.cisco.com/en/US/partner/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1942894
Cisco Procedure :
interface gi10/0
ip address x.x.x.x x.x.x.x
service-module gigabitethernet 1/0 session
My result :
R2921-8CPITR-1(config)#int gi 1/1
R2921-8CPITR-1(config-if)#ip address 2.2.2.2 255.255.255.192
% IP addresses may not be configured on L2 links.
R2921-8CPITR-1(config-if)
R2921-8CPITR-1(config)#interface gigabitEthernet 1/1.1 ?
% Unrecognized command
R2921-8CPITR-1(config)#interface gigabitEthernet 1/1 ?
<cr>
R2921-8CPITR-1(config)#
the session is not possible also ?
R2921-8CPITR-1#service-module gigabitEthernet 1/1 sess
                                                  ^
% Invalid input detected at '^' marker.
R2921-8CPITR-1#
The routeur said that it's not a L3 port, so how to configure it to allow communication between the 2921 and the card ?
Is there a bug with that version I'm in 15.1(4)M4 ????
R2921-8CPITR-1#sh ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
R2921-8CPITR-1 uptime is 19 hours, 21 minutes
System returned to ROM by power-on
System restarted at 16:00:45 GAB Fri Sep 14 2012
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FGL1618119E
6 Gigabit Ethernet interfaces
2 terminal lines
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device#   PID                   SN
*0        CISCO2921/K9          FGL1618119E
Technology Package License Information for Module:'c2900'
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      None          None           None
uc            None          None           None
data          None          None           None
Configuration register is 0x2102
R2921-8CPITR-1#

Same issue here.
I just waited a few minutes and the interface went down and back up, this time it was a L3 interface.
My guess is that it was booting the switch module IOS, and it detected it until it was fully booted:
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
Apr 11 05:26:52.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
Apr 11 05:27:46.947: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
Apr 11 05:27:47.031: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
Apr 11 05:27:47.083: %LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to administratively down
Apr 11 05:27:47.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
Apr 11 05:27:48.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to down
Apr 11 05:27:49.283: %IP-5-WEBINST_KILL: Terminating DNS process
Apr 11 05:27:52.499: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up
Apr 11 05:27:53.087: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 04-Sep-12 16:50 by prod_rel_team
Apr 11 05:27:53.255: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
Apr 11 05:27:53.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
Apr 11 05:28:21.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Apr 11 05:29:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
Apr 11 05:29:22.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Router>en
Router#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet1/0 unassigned YES unset administratively down down
GigabitEthernet1/1 unassigned YES unset up down
Vlan1 unassigned YES unset down down
Router#
Apr 11 05:29:46.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to upconf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g1/0
Router(config-if)#ip add 1.1.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
Apr 11 05:30:09.046: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
Apr 11 05:30:10.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Router(config-if)#end

How to configure Beehive after successful installed in Oracle 10gR2

I have successfully installed Beehive in Oracle 10gR2 with RHEL4, how to configure the email, calendar, content, rtc and other OCS services available in Beehive?

How to configure the actual services can be found in: http://download.oracle.com/docs/cd/E10534_01/bh.100/e10477/toc.htm
How to configure end user clients to connect to Beehive can be found in: http://download.oracle.com/docs/cd/E10534_01/bh.100/e12034/toc.htm
You might also want to take a look at the Concepts Guide (http://download.oracle.com/docs/cd/E10534_01/bh.100/e05393/toc.htm) to read about the new architecture and features in Beehive.

How to configure ASA to allow activesync connections ?

Similar Messages

Maybe you are looking for