How to set switch 2900, c3550 or ASA to send traps to monitoring server
how to set switch 2900, c3550 or ASA to send traps to BB monitoring server?
is it just snmp-server enable etc?
You're on the right track.
Please refer to the following Cisco document for a detailed explanation:
Cisco IOS SNMP Traps Supported and How to Configure Them
Similar Messages
-
How to set up Split Tunneling on ASA 5505
Good Morning,
I have an ASA 5505 with security plus licensing. I need to set up split tunneling on the ASA and not sure how. I am very new to Cisco but am learning quickly. What I want to accomplish, if possible is to send all traffic to our corporate web site (static ip address) straight out to the internet and all other traffic to go though the tunnel as normal. Basically we have a remote office that is using a local ISP to provide internet service. IF our connection at the main office goes down, we want the branch office to still be able to get to our corporate website without having to unplug cables and connect their computer directly to the local ISP modem. Any help with be greatly appriciated. Thanks in advance. Below is a copy of our current config.
ASA Version 7.2(4)
hostname TESTvpn
enable password rBtWtkaB8W1R3ub8 encrypted
passwd rBtWtkaB8W1R3ub8 encrypted
names
name 10.0.0.0 Corp_LAN
name 192.168.64.0 Corp_Voice
name 172.31.155.0 TESTvpn
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan3
nameif Corp_Voice
security-level 100
ip address 172.30.155.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
object-group network SunVoyager
network-object host 64.70.8.160
network-object host 64.70.8.242
object-group network Corp_Networks
network-object Corp_LAN 255.0.0.0
network-object Corp_Voice 255.255.255.0
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list inside_access_in extended permit ip TESTvpn 255.255.255.0 any
access-list inside_access_in extended permit icmp TESTvpn 255.255.255.0 any
access-list Corp_Voice_access_in extended permit ip 172.30.155.0 255.255.255.0 any
access-list Corp_Voice_access_in extended permit icmp 172.30.155.0 255.255.255.0 any
access-list VPN extended deny ip TESTvpn 255.255.255.0 object-group SunVoyager
access-list VPN extended permit ip TESTvpn 255.255.255.0 any
access-list VPN extended permit ip 172.30.155.0 255.255.255.0 any
access-list data-vpn extended permit ip TESTvpn 255.255.255.0 any
access-list voice-vpn extended permit ip 172.30.155.0 255.255.255.0 any
access-list all-vpn extended permit ip TESTvpn 255.255.255.0 any
access-list all-vpn extended permit ip 172.30.155.0 255.255.255.0 any
pager lines 24
logging enable
logging buffer-size 10000
logging monitor debugging
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu Corp_Voice 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list data-vpn
nat (inside) 1 TESTvpn 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Corp_Voice) 0 access-list voice-vpn
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group Corp_Voice_access_in in interface Corp_Voice
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
http TESTvpn 255.255.255.0 inside
http Corp_LAN 255.0.0.0 inside
http 65.170.136.64 255.255.255.224 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set VPN esp-3des esp-md5-hmac
crypto map outside_map 1 match address VPN
crypto map outside_map 1 set peer 66.170.136.65
crypto map outside_map 1 set transform-set VPN
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
telnet timeout 5
ssh Corp_LAN 255.0.0.0 inside
ssh TESTvpn 255.255.255.0 inside
ssh 65.170.136.64 255.255.255.224 outside
ssh timeout 20
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd option 150 ip 192.168.64.4 192.168.64.3
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 10.10.10.7 10.10.10.44 interface inside
dhcpd domain sun.ins interface inside
dhcpd enable inside
dhcpd address 172.30.155.10-172.30.155.30 Corp_Voice
dhcpd dns 10.10.10.7 10.10.10.44 interface Corp_Voice
dhcpd domain sun.ins interface Corp_Voice
dhcpd enable Corp_Voice
username admin password kM12Q.ZBqkvh2p03 encrypted privilege 15
tunnel-group 66.170.136.65 type ipsec-l2l
tunnel-group 66.170.136.65 ipsec-attributes
pre-shared-key *
prompt hostname context
Cryptochecksum:953e50e9cbc02e1b264830dab4a3f2bd
: endSo I tried to use the exclude way that you suggested. Here is my new config. It is still not working. The address I put in for the excluded list was 4.2.2.2 and when I do a trace route to it from the computer, it still goes though the vpn to the main office and out the switch at the main office and not from the local isp. Any other suggestions?
hostname TESTvpn
domain-name default.domain.invalid
enable password rBtWtkaB8W1R3ub8 encrypted
passwd rBtWtkaB8W1R3ub8 encrypted
names
name 10.0.0.0 Corp_LAN
name 192.168.64.0 Corp_Voice
name 172.31.155.0 TESTvpn
interface Vlan1
nameif inside
security-level 100
ip address 172.31.155.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan3
nameif Corp_Voice
security-level 100
ip address 172.30.155.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network SunVoyager
network-object host 64.70.8.160
network-object host 64.70.8.242
object-group network Corp_Networks
network-object Corp_LAN 255.0.0.0
network-object Corp_Voice 255.255.255.0
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list inside_access_in extended permit ip TESTvpn 255.255.255.0 any
access-list inside_access_in extended permit icmp TESTvpn 255.255.255.0 any
access-list Corp_Voice_access_in extended permit ip 172.30.155.0 255.255.255.0 a
ny
access-list Corp_Voice_access_in extended permit icmp 172.30.155.0 255.255.255.0
any
access-list VPN extended deny ip TESTvpn 255.255.255.0 object-group SunVoyager
access-list VPN extended permit ip TESTvpn 255.255.255.0 any
access-list VPN extended permit ip 172.30.155.0 255.255.255.0 any
access-list data-vpn extended permit ip TESTvpn 255.255.255.0 any
access-list voice-vpn extended permit ip 172.30.155.0 255.255.255.0 any
access-list all-vpn extended permit ip TESTvpn 255.255.255.0 any
access-list all-vpn extended permit ip 172.30.155.0 255.255.255.0 any
access-list TEST standard permit host 4.2.2.2
pager lines 24
logging enable
logging buffer-size 10000
logging monitor debugging
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu Corp_Voice 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list data-vpn
nat (inside) 1 TESTvpn 255.255.255.0
nat (Corp_Voice) 0 access-list voice-vpn
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group Corp_Voice_access_in in interface Corp_Voice
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http TESTvpn 255.255.255.0 inside
http Corp_LAN 255.0.0.0 inside
http 65.170.136.64 255.255.255.224 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set VPN esp-3des esp-md5-hmac
crypto map outside_map 1 match address VPN
crypto map outside_map 1 set peer 66.170.136.65
crypto map outside_map 1 set transform-set VPN
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh Corp_LAN 255.0.0.0 inside
ssh TESTvpn 255.255.255.0 inside
ssh 65.170.136.64 255.255.255.224 outside
ssh timeout 20
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd option 150 ip 192.168.64.4 192.168.64.3
dhcpd address 172.31.155.10-172.31.155.30 inside
dhcpd dns 10.10.10.7 10.10.10.44 interface inside
dhcpd domain sun.ins interface inside
dhcpd enable inside
dhcpd address 172.30.155.10-172.30.155.30 Corp_Voice
dhcpd dns 10.10.10.7 10.10.10.44 interface Corp_Voice
dhcpd domain sun.ins interface Corp_Voice
dhcpd enable Corp_Voice
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy excludespecified
split-tunnel-network-list value TEST
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not
been met or due to some specific group policy, you do not have permission to us
e any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
username admin password kM12Q.ZBqkvh2p03 encrypted privilege 15
tunnel-group 66.170.136.65 type ipsec-l2l
tunnel-group 66.170.136.65 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b3caaecf2a0dec7334633888081c367
: end -
I'm installing from a 10.6.3 server install disc onto a Mac Mini. However, the battery on this Mac Mini is pretty much dead, forcing the system time back to 1/1/2001. Through some research, this has created a problem in that I cannot move beyond the Welcome screen during setup of OS X server. It looks like the binary has issues with the system time being older.
But I'm stuck in that I don't know how to adjust the system time from the Terminal Utility on the boot CD. Can anyone help?Hey, i just run in to something similar, tonight while trying to fix a computer.
The user set the time and date on his computer to 1998 and computer locked everything including time and date in system preferences, and his user account basicly making him from administrator to guest. he could not almost any program properly that required administrator privilages.
to fix this we used this comand in terminal " sudo date 201703162014 " todays time and date
20:17 03/16 2014
we tryed everything and this fixed in 2 seconds
ps: when you type sudo in terminal it whil give you a warning the improper use of this command is bad.... click continue.otherwhise you will not be able to execute the command.
thanks again for this post and have a great day -
How to set Query SQL Statement parameter dynamically in Sender JDBCAdpter
Hi All,
I have one scenario in which we are using JDBC Sender Adapter.
Now in this case,we need to set Query SQL Statement with a SELECT statement based on some fields.
This SQL statement is not constant, it would need to be changed.
Means sometimes receiver will want to execute SQL statement with these fields and sometimes they will want to execute it with different fields.
We can create separate channels for each SQL statement but again that is not an optimum solution.
So ,I am looking out for a way to set these parameters dynamically or set SQL statement at Runtime.
Can you all please help me to get this?Shweta ,
<i>Sometimes receiver will want to execute SQL statement dynamically</i>....
How you will get the query dynamically? Ok Let me assume, consider they are sending the query through file, then its definitely possible. But u need BPM and also not sender JDBC receiver adapter instead, receiver JDBC adapter.
SQL Query File ->BPM>Synchronous send [Fetch data from DB]--->Response -
>...............
Do u think the above design will suit's ur case!!!!
Best regards,
raj. -
How to set Report Location by RAS SDK without configurating CCM in CR Serve
Dear all
When I use the RAS SDK with CR Server Embedded 2008, I found that when I use the Java code to open a report like below:
String localRptPath = "rassdk://C:
oem.rpt";
reportClientDoc.open(localRptPath,OpenReportOptions._openAsReadOnly);
But I must set the Report Directory from the default value(a specified location after CRSE installation)to " * " in CCM of the RAS Server like below:
Right click the RAS Server -> Choose "Propertites" -> Choose "Parameter" -> Change "Option Type" to "Server" -> set the Report Directory from the default value to " * "
Then I can open the report, otherwise I must put the report under the Default Location of the Report Directory.
So customer need a way which can set the report location directly in RAS SDK and without configurating the Report Direcroty in CCM?
Thanks in advance.
DavidDear all
I encounter some strange situation when editing the "Report Directory":
In my Vmware, there are 2 "ReportDirectoryPath" under:
HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Report Application Server\Instances\bouser.RAS\Server\LocalConnectionMgr
and
HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Report Application Server\Server\LocalConnectionMgr
I can only edit the "ReportDirectoryPath" in the former location and then take effectively in the CCM. And if I modify the "ReportDirectoryPath" in the latter location, it can not take effect.
But in customer machine, customer install CR2008 and CRASE2008, and customer can edit the value in the registry, but after customer uninstall the CR2008 and CRSE2008 then reinstall CRSE2008 only, the registry structure is different, there is not HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Report Application Server\Instances\bouser.RAS\, so customer can only edit the "ReportDirectoryPath" under:
HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Report Application Server\Server\LocalConnectionMgr
And it can work effectively.
And I can not rebuild this.
So I found that when there are 2 location of the "ReportDirectoryPath", I can only modify it under:
HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Report Application Server\Instances\bouser.RAS\Server\LocalConnectionMgr
So my question is:
Why the registry structure is different after reinstall the CRSE2008?
Because customer need the firm registry location to modify it. -
How to set a shared calendar 'read only' for SOME users in ML server
I am setting up Mountain Lion Server and wish to set up a series of calendars to be used by a studio of approx 20 people - two calendars will show the kind of thing I'm trying to achieve.
Calendar A shows appointments and meetings - it can be viewd and edited by all
Calendar B shows who is taking leave and when - it can be viewed by all, but edited by only a small group of people
What is the best way to set this up? On The earlier version of the server we had set up calendars on the server and delegated - this is not possible on Mountain Lion Server.I don't think you can do this strictly by personalization since you need to use SPEL, unless the attribute you will be using for the display to control readonly is already present in the VO. Basically you need to check a value, say Supplier, and have another attribute say readOnly, tthat is set to TRUE if the supplier equals your desired supplier and FALSE for all other suppliers.
Regards,
LC -
How to set the number of packets to be send per second to the serial port in labview
hi.
i have to send data to serial port such that each packet of data should be send at a rate of 4 packets per second?? how can it be done??
thanks and regards
Solved!
Go to Solution.What defines a packet?
You just need to have a while loop that has a wait timer in it of 250 milliseconds surrounding your VISA write function. -
How to set a profile to a system profile in Profile Manager on Server Mavericks
We're trying to create a profile to allow wifi connection to allow AD logins. We have 802.1x PEAP network and we are able to set the profile up but it does not connect until after an user signs in. I know that there used to be a setting in Profile Manager to set the type (User, System or Login Window) but I can't seem to find it now. I know I could edit the profile code but I'd rather not get mucking around in there unless absolutely necessary.
You posted in the iPad forum instead of the OSX Server forum. To get answers to your question, next time post in the proper forum. See https://discussions.apple.com/index.jspa I'll request that Apple relocate your post.
Cheers, Tom -
How to set up email notifier in xp and mypostoffice.co.uk mail server
I have tried to input info into settings box indifferent forms but still fails test
Hi,
Please see [https://account.mypostoffice.co.uk/postoffice/onlineHelp.do;jsessionid=5hJYJQrhsCgV1hcK1jltdtRbQj6yt1LGYK7nv1ZTr9m2CSkGgFwb!-797520170?method=faq this]. You can also [https://account.mypostoffice.co.uk/postoffice/contactUs.do;jsessionid=dYX0PXyLvthfg75117MGJjLng1vR5H2XSdvpBPQVlsjGQdPB1Wp2!652755654 contact them]. -
TS3276 How can I escape a frame block with "Cannot send message using the server Gmail"?
The Mail send window blocked with the additional message The server "smtp.gmail.com" did not recognise the following recipients:" and appears constantly. It does not prevent me using Mail but I want to get it off my desktop.
Any ideas?Are there any unsent messages in the Outbox?
-
Set time restriction for specific user to send email via exchange server
Is it possible with Exchange server to limit certain users to sending their mail (Outlook/Exchange) only between designated
times? Thanks.
BabuHi Babu,
Based on my knowledge, Exchange has no built-in function to restrict some users sending their messages in a period of time. Your understanding will be appreciated.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support -
RMI Server behind Router: How to set the right IP?
Hi, I am having trouble with the Server of an RMI application, the set up is this:
1. The server is not always running on the same host: it may be a computer with a publicly visible and unique IP, or it may be under a computer behind a router.
2 . The user that runs the server may not know how to get his IP in the router environment.
3. The user that runs the server knows sh*t about rmiregistry or how to set a Property to the java interpreter (for example: -Djava.rmi.server.hostname=<host>).
4. The Server code is this:
* Represents the Server to the Domination app (including the chat plugin).
public class Server {
private static final int PORT_NUM = 1099;
private static final String CHAT = "chat";
private static final String DOMINATION_FACTORY = "Domination";
* Sets the Chat and Application Servers.
* @param args
* Never used.
public static void main(String[] args) {
try {
Registry registry = LocateRegistry.createRegistry(PORT_NUM);
Chat chatObject = new ChatImpl();
UnicastRemoteObject.unexportObject(chatObject, true);
UnicastRemoteObject.exportObject(chatObject, PORT_NUM);
registry.rebind(CHAT, chatObject);
System.out.println("Chat ready...");
Fabrica fabricaObject = new FabricaImpl();
UnicastRemoteObject.unexportObject(fabricaObject, true);
UnicastRemoteObject.exportObject(fabricaObject, PORT_NUM);
registry.rebind(DOMINATION_FACTORY, fabricaObject);
System.out.println("Domination Factory ready...");
System.out.println("All systems up and running");
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}I wrote the code that way (and not using Naming.rebing("//" + host_name + "/Service", serviceObject)) so the server user won't need to run the rmiregistry (In fact, the Server is deployed via a jar file, so just a happy double-click to the jar will do the work)...
OK, then the problem is this: The client is always having "connection refused" Exceptions while the server is behind a router and not in the same network of the client.
The IP that is shown in the exception is always the inner IP of the host (or 10.x.x.x or 192.168.x.x or whatever it may be). So it seems that the registry is always choosing that IP and not the router's.
I need to know if there is a way to rewrite the Server code so the user just should do the same 'double-click' to run the server and not mess around "investigating" the outer IP. I read some of the RMI specs and it suggest to do IP Tunneling and some other techniques that I don't think may be appropiate to the nature of this "roaming server" application.Thanks, but that still doesn't do the work. As I stated in the post, not every user will know how to set java.rmi.server.hostname or even look for an outer IP... I was asking for an "automagical" way to code my server class so it could do some job to do the guessing.
Even though... I tried both ways at home with the help of a friend as the client, and it seemed to work. The client connected to the server but it was kicked out in less than 30 seconds. Being specific, every client, the ones inside and the ones outside my network. As if the only right way was to let the JVM set the IP (but again, in that way the server is invisible to the clients outside the network). -
How to set up read receipts?
how to set up read receipts?
Mail can send a read receipt request:
http://forums.macrumors.com/showthread.php?t=1183650
However, note that read receipts are extremely unpopular, because of privacy issues as well as abuse by spammers (verifying addresses by using read receipts). Most savvy users have this feature turned off, if their e-mail client even supports it, which many don't. So not receiving a read receipt tells you absolutely nothing. That makes the entire read receipt system pretty much useless.
Mail will not, ever, respond to a read receipt request. -
How to set waveform time duration in labview
please can anyone help me with how to set the waveform time duration in labview (for real time monitoring and measurement). i need to monitor the system in waveform chart with the time duration 10:00AM TO 4:00PM with the appropriate date. i urgently need any useful information. thanks
If you are trying to manipulate the waveform data itself, look in to the Get Waveform Subset VI.
If you are trying to alter the chart to show a specific section of the data, look in to the Chart's properties using a property node. Specific properties you want are XScale and YScale values.
And like Dennis said, please provide what you've been trying to do. This makes it easier to help. -
How to set up NAT for two servers using same port with ASDM ASA 5505
Hi there,
We have a new installation of a ASA 5505 and are trying to get some NAT issues straightened out. Here is the scenario: On our internal network, we have two servers running Filemaker Server, a relational database server that clients connect with using port 5003. Our goal is to be able to allow users from the outside to access either of these servers as needed. I know how to set up a simple static NAT rule and matching Access rule in ASDM which would be fine for a case in which only one server using a given port is running on a network, but for simple static rules I seem to be blocked from entering a different translated port number from the orginal port number, which becomes a problem when two servers we need to access from the outside are running software using the same port number.
What is the simplest way to address this need? I am guessing that I need to set up a scenario like this, where port 5004 (or any arbitrarily choosen unused port, can be used to access the second server:
Outside user enters FQDN:5004 and this translates to Database server # 1 as 192.168.1.40:5003
and
Outside user enters FQDN:5003 and this translates to Database server # 1 as 192.168.1.38:5003
If so, what is the easist way to get this done? Or is there a better what to handle this scenario?
Thanks in advance,
JamesI would create two objects and use object NAT
object network Obj_5004
host 192.168.1.40
object network Obj_5004
nat (inside,outside) static service tcp 5003 5004
object network Obj_5003
host 192.168.1.38
object network Obj_5003
nat (inside,outside) static service tcp 5003 5003
Of course you will need to open your outside interface for tcp ports 5003 and 5004 to make this happen
Maybe you are looking for
-
How to find leap year in sql query
How to find leap year in sql query
-
How do I sync my contacts, etc to my macbook?
When I set up my macbook air it is using my daughter's info instead of mine. How do I switch it?
-
Help with ios 4.2 update!
Cannot also update with message "the iPad software update server could not be contacted" This happens after downloading ios 4.2 and trying to install it. Thanks
-
Is thee any way to use java to process Windows command line commands, such as running ftp?
-
OWA_PATTERN regular expressions CHANGE function
Hello, I'm trying to use the CHANGE function to match an expression and then change the matched part of the string. The twist is that I would like to pass the matched part of the string through a function before it is replaced in the original string.