How to configure firewall access for ASA 5510

Similar Messages

• How to configure simultanous access for 11i application

  Hi All
  We have one existing 11i application instance on node grid1.In which we start the servicess from apps user.
  In our same we want another node for the same application in which we will start the servicess from another user(merge)
  For that we perfrom the following steps
  1.Copy the APPL_TOP,COMMON_TOP,ORA_TOP(8.0.6,iAS) from node "GRID1" to diffrent node "GRID2"
  2 configure the GRID2 node using adcfgclone.pl utility(we have configure new node for WEB and FORM Server)
  3 We perfrom the modification in the following files ON GRID2 .
  i Identify 'FNDNAM=apps' statement in $FND_TOP/secure/<context>.dbc
  and replace with 'FNDNAME=merge' to connect to MERGE schema instaed of APPS.
  ii. Go to the last line of $APACHE_TOP/jserv/etc/zone.properties file
  and identify 'schema=APPS' statement and change it to 'schema=MERGE'
  iii. Identify below lines in $APACHE_TOP/modplsql/cfg/wdbsvr.app file
  password = apps
       username = apps
       document_table = APPS.fnd_lobs_document
  and replace with modified below lines
  password = merge
       username = merge
       document_table = MERGE.fnd_lobs_document
  6. For redirecting user's request to new Application Server server, we
  changed the following 4 system profile options with proper URL and port
  at responsibility level only for the responsibilities,
  which we use for Merge views.
  Profile Options
       Application Framework Agent
       Applications JSP Agent
       Applications Web Agent
       Apps Servlet Agent
  When we are able to start the services on GRID2 node,but at the time of login we are getting invalid user name/ passwd error
  Please let us know is there any way to access application other than apps user
  Regards
  Sohail

  well thank you very much .I know how to define a DataSource inside Weblogic Server.
  But i am confused over one issue
  When We are going to use Container Managed EntityManager inside the SessionBean the persistence.xml file looks like this
  *<persistence>*
  *     <persistence-unit name="RamsEJBPU" transaction-type="JTA">*
  *          <jta-data-source>myJtaDataSource</jta-data-source>*
  *     </persistence-unit>*
  *</persistence>*
  But in some cases it looks like as shown below :     <persistence-unit name="RamsEJBPU" transaction-type="resource-local">
       <provider>org.hibernate.ejb.HibernatePersistence</provider>
                      <properties>
                 <property name = "hibernate.connection.driver_class" value = "oracle.jdbc.driver.OracleDriver"/>
                 <property name = "hibernate.connection.url" value = "jdbc:oracle:thin:@localhost:1521:orcl"/>
                 <property name = "hibernate.connection.username" value = "CHENNAISPAT"/>
                 <property name = "hibernate.connection.password" value = "CHENNAISPAT"/>
              </properties>
       </persistence-unit>
  </persistence>Can you please tell me why is it so ??

• How to configure DMZ access for ftp/https without NAT

                   I have a closed network that is not connnected to the internet, just other sites that we want to communicate with.  We have a cisco router connected to the outside interface on an ASA5505 and a cisco router connected to the inside interface on the same ASA5505.  I have an inside interface that connects our management LAN, five separate DMZ interfaces with a separate LAN (VLAN) on each DMZ interface and the outside interface that connects to the other sites.  Data is not allowed to mingle between the five DMZ's. 
  Alll connections to the other separate nodes are handled with the router on the external interface.  IPSEC GRE tunnels have been established between all sites and BGP routing has been verified.  Pings are good between inside, dmz and external interfaces and between the DMZ's and the other sites, to include hosts on our local networks and hosts at the remote sites.  Inter and intra traffic is enabled.
  When a remote site attempts an https connection, the initial ACK handshake makes it through the ASA5505, but the return SYN/ACK is being knocked down and I don't understand why (it is not because of ACL's, they are any any at this point).
  Looking for some ideas on why the return SYN/ACK to the remote site isn't getting through the ASA5505 outbound.  Will probably have the same issue with FTP, but right now, just trying to solve one problem at a time.
  ASA5505 is in routed mode, not looking to NAT since the IP addresses in the DMZ need to be reached by their real IP address.
  Thanks,

  When I use the packet-trace in both directions with the endpoint IP's, it works, all phases show allowed.   I see the hits against the ACL's that show the packet entry in to the outside interface of the ASA, the build up of the connection so the initial step of the external host ACK is reaching the webserver in the DMZ.  I see the hits against the incoming DMZ interface from the web server and then the log shows that the SYN,ACK is not in the state table and drops the outgoing packet.  Since no outgoing SYN/ACK, no three way handshake, not login prompt, no web page to the endpoint.
  I even changed the security settings on the outside interface to match the DMZ, enabled the inter and intra connections and that didn't work.  ACL's on the incoming and outgoing outside and DMZ interfaces have any any tcp and any any ip but still the same result.
  DMZ hosts point to the ASA.  ASA points to external router on the outside interface.  Pings all work fine.  Tried ACL's at the top with port 443, but no hits on that.  Even tried bypass with the same result.  The initial packet from the external host doesn't seem to enter the state table so that when the host sends the reply (SYN/ACK) the ASA knocks it down.
  Also tried twice NAT with static source/destination/port so that what comes in should be what is sent to the DMZ.
  If I understand this device, I should have a rule that lets traffic in the outside interface from the external networks, a rule that allows DMZ traffic out the outside interface, a rule that allows external traffic in the DMZ and a rule that allows DMZ internal traffic back out to the external interface.
  Still fuzzy on exactly how the data goes between the outside and the DMZ interfaces. 
  Is there something else I need to do or define to use HTTPS?  I see that HTTP is defined and also has inspection rules.
  I can try the captures tomorrow at work.
  Thanks, for any pointers you can provide me.
  Peyton
  This is my first, painful experience with the ASA. 

• How to configure MS-Access 2010 DB details on weblogc using DBAdapter

  Hi Experts,
  Can any one help me how to configure MS-Access 2010 DB details on weblogic 11g using DBAdapters.
  If you provide step by step instuction, it is very usful to me.
  If you have any screen shots you can any one please send a file to my mail ID:[email protected]
  My Requirement:
  I need to fetch 3 columns data (product code/ serial numer and serial status) from MS-Access 2010 and store it on oracle 11g, for that I have wrote a web service code and I need to make it automation. I don't have any IDEA, how to make this web serevice as automation (automation means, when ever new record stored in MS-Access data I need to fetch newly created record from MS-Access 2010 and send it to Oracle 11g)
  Note: MS- Access 2010 present at vision system and Oracle 11g installed in linux server.
  Thanks,
  Phani

  Hi,
  I am also facing the same issue, not sure about what url to use. And also the login webservice doesn't work while I am testing using http://localhost:81/RTC/RTCService.asmx. It always throwing the following error
  " Unable to cast COM object of type 'RTCLib.RTCClientClass' to interface type 'RTCLib.IRTCClient'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{07829E45-9A34-408E-A011-BDDF13487CD1}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE))."
  Is the current owc_lcs.zip support MS Office Communication Server 2007?
  Please share the configuration step if anyone already integrated OCS 2007.
  Thanks,
  -Mukesh.
  Edited by: user9127933 on Feb 19, 2010 4:05 AM

• How to configure Broadcast messaging for IC Webclient profile

  Dear all,
  How to configure Broadcast messaging for IC Webclient profile. what are the prerequisites for it?
  We are not using EP interface for IC Webclient, then where can I find broadcast messaging URL in SAP CRM system.
  I have checked for the relevant BSP application, but could not find.
  Please help me to configure the scenario successfully, your help will be highly appreciated.
  Best regards,
  Raghu ram

  Hi raghu
  In CRM Broad cast messaging application is CRM _BM,
  Go to easy access u2013 go to favourites u2013 select add other objects - select BSP Applications- then select CRM_BM Application.
  Select that BSP application and test it u2026
  `
  Regards,
  Narsimha

• How to configure release procedure for rate contracts release

  Dear all,
  How to configure release procedure for rate  contract following are the requirements
  they are two release codes c1 & c2 <=100000,>=100000
                  if  c1 is not there c2 has to be approved
       Change in the value of the rate contract contract
       Change in the validity of the rate contract
       Addition of deletion of line items
  While using a non u2013 released rate contract in the PO an error message should shoot out.
  Also the logic should be changed while using the rate contract in the PO.
  The usage of the rate contract should be till the validity of the rate contract. i.e. the measurement should be end date of the rate contract and the PO creation date and not the delivery date of the PO. &
  It should be possible to refer existing valid rate contracts in purchase orders.
  Regards,
  bhaskar

  Hi,
  In SAP rate contract is known as value contract denoted with wk. The release procedure for rate contract is same as that of other contracts and scheduling agreements. The tables  for contracts will vary with SA (Scheduling agreement) .You may try and maintain condition records based on the customer combination and maintian the validity date of condition records as per your requirement.For contract and PO will have the same header/item table as EKKO/EKPO, and the release
  class in standard is the same FRG_EKKO, you can use the same for contract.
  To distinguish if it's a contract or PO, EKKO-BSART can be used.
  For contract EKKO-BSART will be MK or WK, while PO will have NB/UB etc..
  You can restrict the document type to set up the release strategy for only contract.
  Of cause, you can also create your own release class Z* for contract copying standard
  one FRG_EKKO via CL01/Class type 032, and then assign the class Z* to customizing:
  OLME:
  -> contract
  ->Release Procedure for Contracts
  ->Define Release Procedure for Contracts
  ->Release Groups
  If you have already created the PO release class.
  Assign a new chracteristic of Document Category -BSTYP
  Please check below link for detailed release procedure. I hope this wil help you out .Thanking you.
  http://wiki.sdn.sap.com/wiki/display/ERPSCM/RELEASE+PROCEDURE#RELEASEPROCEDURE-TABLESUSEDFORRELEASEPROCEDURES

• How to configure to access internet on Solaris 10 SPARC

  Dear All,
  how to configure to access internet on Solaris 10 SPARC.
  Thanks and regards,
  Heng

  What you need is just an IP address on your network interface and configure dns in /etc/nsswitch.conf and /etc/resolv.conf.
  More details here : http://docs.oracle.com/cd/E23823_01/html/816-4554/index.html

• How to configure Email notification for User login's in Exchange Infrastructure?

  How to configure Email notification for User login's in Client Machines?

  Hi ,
  Based on the description , you need to assign logon scripts to the end users via group policy and also use your exchange server as the smtp server in that logon script to relay emails to the internal recipients.
  Thanks & Regards S.Nithyanandham

• How to configure SMTP server for osb 10.3.1

  Hi All,
  Can anyone share information on how to configure SMTP server for osb 10.3.1
  and then how to send an email from osb 10.3.1
  Thanks in Advance!!

  Thanks a lot!!
  I configured the same way. When I am sending email to an account on the same domain as my SMTP server is the sending of email is successful. But its giving error when I am trying to send an emain to an account which is on different domain. It giving error as "Operation has been cancelled"
  Please suggest something.

• How to configure internet proxy for portlet builder

  Hi All,
  We have downloaded the portlet builder from developer.bea.com. But while trying
  to access xmethods for adding web service, it can't access as the internet connection
  is thru proxy.
  Can anybody pls tell me how to configure the internet proxy with this portlet
  builder ?
  TIA,
  Sudarson

  Hi, I got the same problem...I try to configure a web service with Portal Builder
  7.0 in Bea E-Business Control Center... But I can not proceed cause there is no
  hint for a proxy... Have you found a solution?
  "sudarson" <[email protected]> wrote:
  >
  Hi All,
  We have downloaded the portlet builder from developer.bea.com. But while
  trying
  to access xmethods for adding web service, it can't access as the internet
  connection
  is thru proxy.
  Can anybody pls tell me how to configure the internet proxy with this
  portlet
  builder ?
  TIA,
  Sudarson

• Don't know how to configure wireless card for internet

  hi i just move to a new place, and i do not know how to set up my mac for wireless connection. i was given the basic information for the internet to work, and it works for my pc but not on mac. i was given
  Network Name (ESS-ID or SSID)
  WEP Key Type (Encryption type)
  WEP Key Format
  WEP Key
  where do i go to fill in these info for internet?
  please teach me what i m missing for i m not familiar with network. thank u.

  Airport is what Apple's trade name is for 802.11 wireless. If you have wireless in the computer, you have Airport. To see if you have Airport, on your menu bar, go under the  and choose "About This Mac." Click on "More Info." About midway down the list on the left, you'll see "Airport." Click on it. That will tell you whether you are wireless-capable or not.
  If you do not have Airport, you will need to tether up to the router directly using an ethernet cable if you want internet access or else upgrade the computer with an Airport Extreme card.
  If you do have Airport, on your menu bar, go under the  and choose System Preferences > Network >Show: > Airport>. Click on Network. If "locked," click on the padlock (lower left corner) to authenticate. Once authenticated, click on Show: and choose Airport. Click on Advanced (lower right corner). Click on "+" below "Preferred Networks" window. Answer the questions that you are asked, which will cover those four items (SSID and WEP info).
  (Texas Mac Man: that link points to a guide for the Airport Express stand-alone wireless access point using /Applications/Utilities/Airport Utility, not for how to configure your Mac's built-in Airport Extreme card via System Preferences > Network. I could be wrong but I think annie.ryu is wanting information to configure the computer's Airport/Airport Extreme card via Sys Prefs' Network panel)

• How to configure the Access Server?

  Hi All
  I am in the process of migrating from 11.0.1 to 12.0.
  I have some real-time jobs.
  For this I need to configure the Access Server.
  I can understand I should do this from Server Manager>Edit Access Server Config>Add
  Here what info we need to give? Does it mean we need to give the server name on which current version is installed? How to choose the port?
  My old version DI 11.0.1 is using port 4000. Also in the DS Mgmt Console, I am defaultly getting the Old Job Server in the Adapter Config node. How to remove this?
  Someone plz help me on this.
  Thank You
  Ganesh Sampath

  You have to explicitly share directories on external/secondary volumes.
  Use the Server admin app to configure file sharing, and select which directory/directories on the second drive you want to share, then they'll be available to clients.

• How to block internet access for RDS and RemoteApp users?

  Hi everyone,
  This question might partially belong to security forum but I think anyone using RDS services comes across this. I would like to TOTALLY block all internet access including "updates" to any software, windows updates, anti-virus updates, TCP, UDP,
  or ANY other protocol out of the server. I would like to only allow traffic both ways for established traffic (e.g. accessing the remote apps).
  How can I achieve this without involving a third party firewall software?
  Thanks

  In our visitor center, we setup a computer with fake proxy server and add our website to the exception so that the visitors access our website only and no other website. If this RDS is for internal use only, you may disable default gateway. This link may
  give you more options.
  how to
  restrict internet access
  How to restrict Internet Access. You may have many options to disable a user or
    computer to access the Internet. Some options can be adopted for many users
  www.chicagotech.net/Internet/restrictie0.htm
  Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on
  http://www.ChicagoTech.net
  How to Setup Windows, Network, VPN & Remote Access on
  http://www.howtonetworking.com

• How to Configuring external certificate for MEP

  Hi,
  I want to configuring external certificate to my mep gateway tier , can any one tell me procedure how to configure the certificate.
  I am configuring behind the firewall I cannot run default port no 8181 for https , so where can I change https port no for MEP after installation and I need to import external certificates in to keystore.

  Hi Jayanth,
  Both issues you raise are GlassFish issues rather than MEP issues per se.
  To change the port, after doing 'asadmin stop-domain mep' you just edit the
  domain.xml file in the .../domains/mep/config directory manually. Search for
  8181 and change it to whatever you want, then restart GlassFish (asadmin start-domain mep).
  In the MEP Installation Guide, there is a section on establishing trust between
  tier1 and tier2 in a two-tier configuration. See http://docs.sun.com/app/docs/doc/820-7203/ggxmb?a=view
  Hopefully, you can generalize that procedure to your situation.

• OBIEE 11g - How to configure Virtual IP for servers hosting OBIEE 11g

  Hi,
  I have 2 Linux servers.
  I have installed OBIEE 11.1.1.6 on first server and did a scale out on second server.
  I don't have a Load Balancer.
  I want to configure Virtual IP for these hosts.
  Please advise how to do it.
  Thanks
  Nitin Aggarwal

  Refer to below lhks.
  http://www.rittmanmead.com/2008/12/obiee-high-availability-the-bi-server/
  http://www.rittmanmead.com/2009/02/obiee-high-availability-presentation-services-and-scheduler/
  Thanks
  Jay.