How to determine an initiator and responder in L2L - IPSEC VPN

Similar Messages

• How to determine server host and server port

  Dear Experts.
  How to determine server host and server port where Webdynpro application is working.
  If the url is following
  http://sapr3dm:50500/webdynpro/dispatcher/local/ForecastingPowerProject2/NewObjectConnection?SAPtestId=6
  How to receive sapr3dm and 50500

  Hi,
  May be of use
  WDProtocolAdapter.getProtocolAdapter().getRequestObject().getServerName();
         WDProtocolAdapter.getProtocolAdapter().getRequestObject().getServerPort();
  Regards
  Ayyapparaj

• How to nat subnets before establishing site to site ipsec vpn tunnel?

  Hello,
  Coming across requirement which is new to me as I have not done this setup. Details as follows. Hope some1 can help.
  Requirement: nat existing subnets to 192.168.50.0/24 subnet which is allowed at another firewall.
  Existing device: Cisco 5510 where I need to do this NAT.
  Existing scenario in short: I have created vlans on asa by creating sub interfaces.
  Changes done: added new sub int for 192.168.50.0. Added new object as 192.168.50.0 . Now done with creation of acl where traffic from 192.168.50.0 to remote subnets allowed. In NAT object sections done nating 1 to 1 I.e. existing subnet to 192.168.50.0
  Done ipsec vpn setup inc phase 1 & 2.
  Now tried to ping remote hosts but not reachable.
  Pls advice how to make it work.
  I dont any router next to asa 5510. Asa is in routed mode. Next hop to asa is isp's mux.

  Hello. Pls find my answers inline
  I first got the picture that the NAT network is 192.168.50.0/24 and some other networks should be NATed to this.
  Answer: Thats correct.
  Later on it seems that you have configured this to some interface on the ASA?
  Answer: Yes as I have defined vlan's on ASA itself. i.e. other subnets too i.e. 10.x series & 192.168.222.x series. I used Ethernet 0/0 as main interface for all LAN networks and have created sub interfaces i.e. vlan's on it. Using 3COM switch down to ASA to terminate those vlan's & distribute to unmanaged switches. Due to port limitations on ASA I have configured vlans on ASA itself. Ethernet 0/2 is my WAN interfacei.e. ISP link terminates on Eth 0/2 port.
  So  are you attempting to NAT some other LAN networks to this single NAT  network before the traffic heads to the L2L VPN connection on your ASA?
  Answer: Yes thats right. Attempting to NAT multiple networks to single NAT before traffic head to L2L VPN connecting from my ASA 5510 to remote Citrix firewall.
  Can  you then mention what are the source networks and source interfaces for  these networks? What is the destination network at the remote end of  the L2L VPN connection?
  Answer:    Source networks =  10.100.x series & 192.168.222.x series / Destination networks are from 192.168.228.x , 192.168.229.x series.  Remote admin wants us to NAT our multiple subnets to single subnet i.e. 192.168.50.0 and then traffic from this subnet is allowed at remote end.
  Do  you want to just do a NAT Pool of the 192.168.50.0/24 network for all  your Internet users OR does the remote end also have to be able to  connect to some of your sites hosts/servers?
  Answer:  Yes just want to NAT LAN subnets to 192.168.50.0/24 for all LAN users. 1 way access. I am going to access remote servers.
  The new thing for me is how to NAT multiple subnets. I have existing ipsec vpn's where I have added multiple subnets which is traditional set up for me. This requirement is new to me.

• How to determine the Country and Organization from IP

  Hi,
  I would like to determine the Country and Organization from a given IP. I have to write a JSP, which when given the IP address gives the country and the organization to which the IP belongs. The organization may be the ISP, or a MNC or any other corporate/government body, or it may be of an individual. I have to do it progamitically from inside a JSP?
  Any suggestions anybody
  Thanks in Advance for your reply

  even when tracking IP's, if it is static you can narrow it down pretty far - if it's dynamic, you can only narrow it down to a specific part of the country.

• How to determine SMTP hostname, and port?

  I need create e-mail configure option in my application. And I have to determine what settings of e-mail is installed.
  Regards Kostya!

  Hi Kostyal,
  check out the interesting posting done by Jornica at http://jornica.blogspot.com/2007/01/apex-system-preferences.html
  Patrick
  Check out my APEX-blog: http://inside-apex.blogspot.com

• How to determine OS version and patch level?

  I have oracle linux, and uname -a as following:
  # uname -r
  2.6.39-200.29.2.el6uek.x86_64
  Exadata node:
  # imageinfo
  Kernel version: 2.6.18-274.18.1.0.1.el5 #1 SMP Thu Feb 9 19:07:16 EST 2012 x86_64
  Image version: 11.2.3.1.1.120607
  Image activated: 2012-08-07 11:51:55 -0400
  Image status: success
  System partition on device: /dev/mapper/VGExaDb-LVDbSys1
  Thanks!
  Edited by: 943714 on Feb 28, 2013 12:28 PM
  Edited by: 943714 on Feb 28, 2013 12:45 PM

  You might want to check http://www.oracle.com/us/technologies/027626.pdf
  And also:
  <pre>
  # yum info oraclelinux-release enterprise-release
  Loaded plugins: security
  This system is not registered with ULN.
  ULN support will be disabled.
  Installed Packages
  Name : enterprise-release
  Arch : x86_64
  Epoch : 6
  Version : 5
  Release : 8.0.3
  Size : 57 k
  Repo : installed
  Summary : Enterprise Linux release file
  License : GPL
  Description: System release and information files
  Name : oraclelinux-release
  Arch : x86_64
  Version : 5
  Release : 8.0.2
  Size : 32
  Repo : installed
  Summary : Oracle Linux release file
  License : GPL
  Description: System release file
  </pre>

• In RV 042 How to determine Source IP and Destination IP?

  Good day,
       Sir is my configuration correct? for Source IP? for Destination IP? 192.168.0.1 is my router
  im binding:
  http
  http secondary
  https
  to Wan1
  Thank YOU..
  -newbie

  Hi Ian, thank you for using our forum, my name is Luis and I am part of the Small Business Support Community.
  I will be more tan glad to assist you with your configuration, I found an article where you could get specific steps in order to configure the Protocol Binding. Please check the Link below.
  Manage Protocol Binding
  Please search Manage Protocol Binding in the article.
  I hope you find this answer useful,
  “Please rate useful posts so other users can benefit from it”
  Greetings,
  Luis Arias.
  Cisco Network Support Engineer.

• How can I improve performance over a Branch Office IPsec vpn tunnel between and SA540 and an SA520

  Hello,
  I just deployed one Cisco SA540 and three SA520s.
  The SA540 is at the Main Site.
  The three SA520s are the the spoke sites.
  Main Site:
  Downstream Speed: 32 Mbps
  Upstream Speed: 9.4 Mbps
  Spoke Site#1:
  Downstream Speed: 3.6 Mbps
  Upstream Speed: 7.2 Mbps (yes, the US is faster than the DS at the time the speed test was taken).
  The SA tunnels are "Established"
  I see packets being tranmsitted and received.
  Pinging across the tunnel has an average speed of 32 ms (which is good).
  DNS resolves names to ip addresses flawlessly and quickly across the Inter-network.
  But it takes from 10 to 15 minutes to log on to the domain from the Spoke Site#1 to the Main Site across the vpn tunnel.
  It takes about 15 minutes to print across the vpn tunnel.
  The remedy this, we have implemented Terminal Services across the Internet.
  Printing takes about 1 minute over the Terminal Service Connection, while it takes about 15 minutes over the VPN.
  Logging on to the network takes about 10 minutes over the vpn tunnel.
  Using an LOB application takes about 2 minutes per transaction across the vpn tunnel; it takes seconds using Terminal Services.
  I have used ASAs before in other implementation without any issues at all.
  I am wondering if I replaced the SAs with ASAs, that they may fix my problem.
  I wanted to go Small Business Pro, to take advantage of the promotions and because I am a Select Certified Partner, but from my experience, these SA vpn tunnels are unuseable.
  I opened a case with Small Business Support on Friday evening, but they couldnt even figure out how to rename an IKE Policy Name (I figured out that you had to delete the IKE Policy; you cannot rename them once they are created).
  Maybe the night weekend shift has a skeleton crew, and the best engineers are available at that time or something....i dont know.
  I just know that my experience with the Cisco TAC has been great for the last 10 years.
  My short experience with the Cisco Small Business Support Center has not been as great at all.
  Bottom Line:
  I am going to open another case with the Day Shift tomorrow and see if they can find a way to speed things up.
  Now this is not just happening between the Main Site and Spoke Site #1 above. It is also happeninng between the Main Site and Spoke #2 (I think Spoke#2 has a Download Speed of about 3Mbps and and Upload Speed of about 0.5 Mbps.
  Please help.
  I would hate to dismiss SA5xx series without making sure it is not just a simple configuration setting.

  Hi Anthony,
  I agree!.  My partner wants to just replace the SA5xxs with ASAs, as we have never had problems with ASA vpn performance.
  But I want to know WHY this is happening too.
  I will definitely run a sniffer trace to see what is happening.
  Here are some other things I have learned from the Cisco Small Business Support Center (except for Item 1 which I learned from you!)
  1.  Upgrade the SA540 at the Main Site to 2.1.45.
  2a. For cable connections, use the standard MTU of 1500 bytes.
  2.b For DSL, use the following command to determine the largets MTU that will be sent without packet fragmentation:
  ping -f -l packetsize
  Perform the items below to see if this increases performance:
  I was told by the Cisco Small Business Support Center that setting up a Manual Policy is not recommended; I am not sure why they stated this.
  3a. Lower the IKE encryption algorithm from "AES-128" to DES.
  3b. Lower the IKE authentication algorithm to MD5
  3c. Also do the above for the VPN Policy
  Any input is welcome!

• IKE initiator and respnder

                  hi everyone,
  If IPSEC  VPN is running between two sites how can we tell which site was IKE initiator and  responder?
  If both sites are big sites.
  Thanks
  Mahesh  

  Hello Mahesh,
  First answer was how to check who is initiator on ASA.
  In case of router
  You can do "sh cry isa sa"
  R2#sh cry isa sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  10.10.10.2      10.10.10.1      QM_IDLE           7018 ACTIVE
  10.10.10.1      10.10.10.2      MM_NO_STATE       7017 ACTIVE (deleted)
  Owner of ip address in the column src is initiator
  Best Regards,
  Eugene

• How to determine the field size

  I am going to make a multiplatform application that hopefully
  will run on linux and windows 2000.If the os is 2000, then I will use
  vb.net/aspx else I'll use java servlets. I make the connection
  to the web server ( through HTTP) not directly to database server.
  So, the resultset will be stored in the String object. The columns
  will be separated by delimeter. Our problem is how to determine
  the size and type of the fields of mssql,oracle and postgres database
  so that we can include it in the String object.
  Ex.
  String sResultSet=new String();
  ResultSet rs=statement.executeQuery(sSQL);
  while(rs.next()){
  sResultset=sResultSet + rs.getString(field1) + "||" + rs.getString(field2) + "||";
  vertical bars acts as delimeter
  supposedly this is the code:
  sResultset=sResultSet + rs.getString(field1) +"_" + rs.getFieldType() + "_"+
  rs.getFieldSize() + "||" + rs.getString(field2) +"_" + rs.getFieldType() + "_"+
  rs.getFieldSize() + "||";
  supposedly this is the code if rs.getFieldType() and rs.getFieldSize() methods are existing
  Anyone can give me an idea how to get the field type and field size of the database?
  thanks in advance

  Yes, but I dont know how to do it.
  Can you give me an example of using it.
  Thanks in advance

• Determination the Direction and Borders problem

  hi all
  I Have Problem in How to determination the Direction And the neighbor For polygon As in the picture.
  picture in (http://www.4shared.com/photo/CQhYa1LV/1_online.html?)
  I Want determination :
  From north : polygon with object Id=.....
  From south : streets with object Id=.....
  From east :streets with object Id=.....
  From west : polygon with object Id=.....
  I have Started and I Identified the Directions I get line of land with line 29 meters is the North
  and line with 25.4 is south ......
  Now how I can Determination the border of land ?
  manes :
  north ... land with number 2
  south ... street with 15 meters width
  Can eny one Help Or have Good idea ?

  Some real data (ie the sdo_geometry of the polygon in the image) would be useful.
  The main issue here is not so much the writing of the bearings and distances against the line segments,
  but determining which segments should be so labelled.
  I have dealt with the basics of extracting and marking polygon segments in in articles like this http://www.spatialdbadvisor.com/oracle_spatial_tips_tricks/74/spatial-pipelining before.
  But this is roughly how I would go about removing those shared boundary segments so that I only had those segments that front a street:
  select T_Vector(va.vector_id, va.element_id, va.subelement_id, va.startCoord, va.endCoord).AsSdoGeometry(null) as geom,
         codesys.Cogo.DD2DMS(
               codesys.Cogo.Bearing (va.startCoord.x,va.startCoord.y,va.endCoord.x,va.endCoord.y) * (180/codesys.Constants.PI) ) AS bearing,
         ROUND(codesys.Cogo.Distance(va.startCoord.x,va.startCoord.y,va.endCoord.x,va.endCoord.y),2) AS distance
    from source_table a,
         table(ST_Vectorize(a.geom)) va,
         source_table b
  where a.<primary key> = <value>
     and sdo_covers(c.geom,
                    T_Vector(va.vector_id, va.element_id, va.subelement_id, va.startCoord, va.endCoord).AsSdoGeometry(null)) = 'TRUE'
     and c.<primary key> <> a.<primary key>;The COGO and GEOM package and the T_Vector object are available for download from my website.
  In short you:
  1. Take the base polygon;
  2. Break it into 2 vertex segments;
  3. Use each segment to find a polygon in the original table it lies on;
  4. Ensure that the found polygon is not the same as the source of the segments;
  5. Generate the bearing and distance.
  regards
  Simon

• Receiving and responding to xml post

  Hi there,
  I have a project where I have to receive certain parameters in a Post using an XML document, and then respond with a XML response document.
  My application is a standalone java app.
  I have created the sockets, and can receive and send on them, I just don't quite understand yet how to receive the document and respond.
  any help will really be appreciated.
  Thanks
  Brenda

  Brenda,
  Tomcat is a J2EE container (well a Java web container without EJB support) it does supply javax.servlet classes.
  In answer to you other question, I have a web application that uses xerces within a servelet and it's fine. A web container like Tomcat will support just about any code as long as it can load the classes.
  You need to look into War (web archive) files for production use, but to get started, just consider the file locations:
  C:\tomcat\webapps\ROOT\WEB-INF\classes
  This is where the root context loads its class files from
  C:\tomcat\webapps\ROOT\WEB-INF\lib
  This is where it loads jarred class files (e.g. xerces.jar)
  Also you'll need to create a servelet entry in your
  C:\tomcat\webapps\acuo\WEB-INF\web.xml
  file:
  <servlet id="Servlet_2">
  <servlet-name>name</servlet-name>
  <description>Your description</description>
  <servlet-class>com.package.Classname</servlet-class>
  </servlet>
  So, it's all straightforward enough once you know where to put everything. There are also tools around that make the war file creation easier.
  So, best of luck,
  Dom.

• Inbuilt cisco IPSEC vpn client and KeyLife Timeout setting...

  Hi Guys
  I am having issues with the in built cisco vpn client on the mac, I am currrently using Mac OSx 10.7.4
  I have a Fortigate 200B device and have setup the IPSec VPN settings to have a keylife of 86400 seconds.
  However the expereince I am having with the mac clients is that after about 50 minutes the users are being asked to re-authencate to the VPN...
  When checkin the debug logs I can see that the peer (mac client) is setting the phase 2 tunnel key lifetime to 3600 seconds which is 1 Hour...
  Usually in IPSec a re-negeotiation process takes place about 10 minutes or so before the key expires..
  My question is where are the VPN settings kept in the Mac... I know it uses Racoon for the IPSec exchange of key and so I would like to tweak the VPN profiles so that the mac sets the lifetime of the key to 86400 instead of 3600 by default...
  Also want to be able to set logging to debug mode for the Racoon application on mac clients.
  Your help is much appreciated
  Kind Regards
  Mohamed

  Hi Tony,
  to the best of my knowledge this is currently not possible, but will be once this enhancement is implemented:
  CSCsw31922    Radius upstream VSAs (Tunnel Group,Client type) for VPN policy decisions
  You may want to try and ask in the AAA forum if there is anything you can do on ACS...
  hth
  Herbert

• In app store some applications are of very small size like 15-20 Mb and after installing them they become more than 100 mb. how to determine their actual size???

  in app store some applications are of very small size like 15-20 Mb and after installing them they become more than 100 mb. how to determine their actual size???

  The app store size is probably just the software, while the size on your iPhone includes data.
  You can determine the size on your iPhone by looking at Settings > General > Usage.

• How to determine height and width of a JScrollPane client

  Hi,
  I wish to display a webpage in a JScrollPane and wish to determine the height and width of the HTML content so that I can use the information to generate PDF and control the content on each page. Can anybody let me know how I can do this?
  Thanks in advance
  Prashant Baj

  JEditorPane and getSize()?