Installing a Wildcard Certificate in STRUST

Hi,
I am trying to install a wildcard SSL certificate using STRUST on our ABAP system.
If I try to import it using the "Import Cert. Response" button, I get an error message saying the certificate cannot be installed. I presume this is because my private key does not match the public key of the certificate.
How can I get a wildcard certificate working with my ABAP system? Do I need to somehow change the private key of my system?
Thanks in advance

Hi Stuart,
Please check below thread it may help in your case.
Problem importing a certificate using Strust
https://scn.sap.com/thread/1587251
BR
Atul

Similar Messages

  • Install digicert wildcard certificate on 2012 RDSH Servers

    Hi Everyone
    I would like to find out is it possible to install a digicert wildcard certificate on 2012 RDSH Server
    My current RDSH deployment has 2 connection broker and SQL backend, bunch of RDSH 2012 servers in a collection. wildcard certificate is configured in the deployment properties. All servers are part of the domain.
    We already have a RASS servers. So we didn't install RDSH Gateway. External users RDP to the RDSH servers via RASS
    When users connect via RDP it prompt an certificate warning message.
    Please advice
    Thanks

    Hi,
    Thank you for posting in Windows Server Forum.
    Can you please provide the error\warning\event ID you are facing?
    Basic requirements for Remote Desktop certificates:
    1. The certificate is installed into computer’s “Personal” certificate store. 
    2. The certificate has a corresponding private key. 
    3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
    The certificates you deploy need to have a subject name or subject alternate name that matches the name of the server that the user is connecting to.  So for example, for Publishing, the certificate needs to contain the names of all of the RDSH servers
    in the collection.
    More information.
    Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
    http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • Sun One Web Server 6.1 | Install wildcard certificate

    Hello everyone. I am new to this forum. I'll start off by saying that I am very "green" with the Sun One Web Server as well.
    My question/problem pertains to installing a wildcard certificate on our server. I am not able to find good documentation on this, so I am hoping that some of you could provide some guidance or, better yet, a link to documentation specifically for the Sun One Web Server 6.1.

    There is no difference with installing a wildcard or any other certificate. You simply create a CSR and specify an asterix instead of the hostname followed by a . and your domainname for the subject, send it to a CA and get back a certificate that you import.

  • Installing wildcard certificate - error

    Hello guys,
    I'm not quite sure do I post within the right thread so please correct me if I'm wrong.
    Anyway, the problem is as subject says - Problem with installation of wildcard certificate on Cisco ASA 5520 (VPN Plus license). Software version is  8.2(2).
    I noticed two issues. We've bought a wildcard certificate for our domains example.com, example.org. Certificate provider is Geo Trust.
    The first problem is that I'm unable to install the complete certificate chain. If I install the Root CA of GeoTrust, I'm unable to install the sub-ordinate CA, which has actually signed my cert, within the same trustpoint. The warning message says that "WARNING: Trustpoint GeoTrustRA is already authenticated." (this happens when I try to install the sub-ordinate CA, which stays in between Root CA and my certificate, within the same trustpoint as RootCA certificate.
    The second problem is the actuall problem however. When I try to install the wildcard certificate, using ASDM, i got the following error: (actually I did intentionally type the wrong password and I receive absolutely the same error)
    Here is the setup of CA. As you can see, both certificates which must relay on the same trustpoint as chain, are divided in two trustpoint configurations:
    I tried to debug crypto ca 255 but there is nothing interesting within the log file.
    If I try to add the Sub-ordinate certificate within the trustpoint where Root CA is installed, I got the following error:
    When I try to manually install the wildcard certificate from CLI (It's in BASE-64 format), I do receive the following error:
    CLI Issue
    vpngw2(config)# crypto ca import GeoTrust pkcs12 password_here
    Enter the base 64 encoded pkcs12.
    End with the word "quit" on a line by itself:
    -----BEGIN CERTIFICATE-----
    MIIEhjCCA26gAwIBAgICekswDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
    [cut]
    RPg4gnOGlySGVA==
    -----END CERTIFICATE-----
    quit
    ERROR: Import PKCS12 operation failed
    Any thoughts, ideas, questions or whetever are more than welcome!

    Hi there,
    I just wanted to tell you that I have found the solution for this case. It appears that the wildcard certificate had been enrolled without State ("ST") attribute of x509.3 certificate. The issuer (GeoTrust) refused to enroll it again evethough we have supplied that information and it was completely their fault. Anyway, we changed the issuer and now everything is just fine.
    Sent from Cisco Technical Support iPad App

  • Installation of wildcard certificate on Cisco ASA 5525-X (9.1(3))

    Hello
    I would very much appreciate your help in regards to installation of a wildcard certificate on our Cisco ASA 5525-X.
    Setup:
    We have two Cisco ASA 5525-X in a active/passive failover setup. The ASA is to be used for AnyConnect SSL VPN. I am trying to install our wildcard certificate on the firewall, but unfortunately with no luck so far. As a bonus information, I previously had a test setup (Stand alone ASA 5510 - 8.2(5)), where I did manage to install the certificate. I do believe I am performing the same steps, but still no luck. Could it be due to that I am running a failover setup now and didn't previously or maybe that I am running different software versions? Before you ask, I've tried to do an export on the test firewall (crypto ca export vpn.trustpoint pkcs12 mysecretpassword) but this actually also failed (ERROR:  A required certificate or keypair was not found) even though the cert was imported successfully and is working as it should in the lab.
    Configuration in regards to certificate:
    crypto key generate rsa label vpn.company.dk modulus 2048
    crypto ca trustpoint vpn.trustpoint
    keypair vpn.company.dk
    fqdn none
    subject-name CN=*.company.dk,C=DK
    !id-usage ssl-ipsec
    enrollment terminal
    crl configure
    crypto ca authenticate vpn.trustpoint
    ! <import intermediate certificate>
    crypto ca enroll vpn.trustpoint
    ! <send CSR to CA>
    crypto ca import vpn.trustpoint certificate
    ! <import SSL cert received back from CA>
    ssl trust-point vpn.trustpoint outside
    Problem:
    When I try to import the certificate I receive the following error:
    crypto ca import vpn.trustpoint certificate
    WARNING: The certificate enrollment is configured with an fqdn
    that differs from the system fqdn. If this certificate will be
    used for VPN authentication this may cause connection problems.
    Would you like to continue with this enrollment? [yes/no]: yes
    % The fully-qualified domain name will not be included in the certificate
    Enter the base 64 encoded certificate.
    End with the word "quit" on a line by itself
    -----BEGIN CERTIFICATE-----
    <certificate>
    -----END CERTIFICATE-----
    quit
    ERROR: Failed to parse or verify imported certificate
    Question:
    - Does any one of you have any pointers in regards to what is going wrong?
    - Especially in regards to fqdn and CN, I also have a question. My config
    fqdn none
    subject-name CN=*.company.dk,C=DK
    would that be correct? I've read online, that fqdn has to be none, and CN should be *.company.dk when using a wildcard certificate. However when I generate the CSR and also when I try to import the certificate, I receive the following warning: "The certificate enrollment is configured with an fqdn that differs from the system fqdn. If this certificate will be used for VPN authentication this may cause connection problems".
    So do you have insight or pointers which might help me?
    Thank you in advance

    I also have a wildcard cert for my SSL VPN ASAs.
    When i import the cert I use ASDM instead of CLI...
    I import the wildcard as a *.pfx file and type in the password. works fine...
    Perhaps the format is incorrect?
    Also, my "hostname.domain.lan" does not match my "company.domain.com" fqdn domain but it still works. I only apply this wildcard cert to the outside interface not inside.
    Not sure if this helps but give ASDM a try?

  • Problem: Mixed Exchange 2007 / 2013 CAS Servers with wildcard certificates in Europe and non-wildcard Certficate in China

    Hi,
    we have following problem. We have a mixed multi-domain one-forest AD environment. We also have still a mixed exchange 2007 / 2013 environment. We also have different CAS Servers for 2007 SP3 (RU15) and 2013 (CU8) in europe and one 2007 SP3 (RU15) CAS Server
    in China, because of bad connection to Europe. For the Migration to 2013 in Europe we installed a wildcard-certificate *.xyz.com and used the Set-OutlookProvider EXPR -CertPrincipalName msstd:*.xyz.com, so the wildcard certificate is accepted. Everything in
    Europe works fine, inside and outside also between exchange 2007 and 2013 (both CAS Server 2013 and 2007 use the same wildcard certificate). But since the change of the Set-OutlookProvider EXPR we are facing problems with our CAS Server in China, because this
    server has a different non-wildcard certificate and a different domain name (cas-server.xyz-china.com instead xyz.com). Now we have the problem that this Chinese CAS server the Outlook Anywhere does not work anymore and prompts always for the username. As
    I see it is because of the EXPR change. Is it possible to set the the Outlook-Provider EXPR per Cas-Server ? (They also have their own Autodiscover on this front-end server). Because I see that the Outlook-Provider can only be stored forest-wide.
    If not the other solution would be to register the chinese cas server in our xyz.com domain and use the same wildcard certificate on this system right ?
    Any help would be appreciate….

    Yes setting the EXPR value is most likely the cause of your issue.  When you set this value you are telling Outlook to only accept connections from connections that have the cert with the subject name you specify here.
    Unfortunately, based on my experience I believe this is an organization wide setting and cannot be configured on a CAS by CAS basis (If I'm wrong someone please keep me honest :)).  
    So the only option would you have is to change all the URLs to be on *.xyz.com domain.  There's no need to change the domain the server actually resides on.  The other option would be to purchase a UCC Cert with all the names you need and apply
    to all your CAS servers and reset the EXPR value. 
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

  • Several SSL-Certificates in STRUST

    Hello,
    I'm not sure, if this is right place for my question, but I will try it.
    On one SAP WAS 7.0 we have two BSP-Applications.
    Each application uses an seperate URL, for example
    shopa.test.com
    shopb.test.com
    Access should be realized over two SAP webdispatchers.
    Both applications should run with SSL.
    Is it possible to install two SSL-Certificates in the STRUST?
    Installing a SSL-Certificate in STRUST is not the problem, I did several times.
    What happens, if there is an existing certificate, and the server-pse will be changed to create
    an new CR for the second URL.
    Can anybody help me or did this before?
    Thank you
    Frank

    Hi,
    >If we want an end to end encryption, the certificates in strust are necessary.
    You did not say that you wanted end to end encryption...
    I don't know if what you want to do is possible.
    I would experiment with virtual hosts creation at the SICF level and create 2 SSL servers entries in STRUST
    Menu --> Environment --> SSL Server Identities
    It adds your created entry to the main tree of STRUST and you can then create a new SSL server certificate.
    Hope this helps,
    Olivier

  • Installing wildcard certificate in a WLC (ver 7.0.240 and 7.5.102)

    Is it possible to install a widcard certificate for web auth in those versions?
    Is there any difference between this two versions.
    Are both of them versions supporting wildcards certificates?
    Here you have the log file resulting of installing the wildcart certificate in the wlc with v 7.0.240.
    *TransferTask: Nov 28 11:20:51.117: Memory overcommit policy changed from 0 to 1
    *TransferTask: Nov 28 11:20:51.319: Delete ramdisk for ap bunble
    *TransferTask: Nov 28 11:20:51.432: RESULT_STRING: TFTP Webauth cert transfer starting.
    *TransferTask: Nov 28 11:20:51.432: RESULT_CODE:1
    *TransferTask: Nov 28 11:20:55.434: Locking tftp semaphore, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
    *TransferTask: Nov 28 11:20:55.516: Semaphore locked, now unlocking, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
    *TransferTask: Nov 28 11:20:55.516: Semaphore successfully unlocked, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
    *TransferTask: Nov 28 11:20:55.517: TFTP: Binding to local=0.0.0.0 remote=10.16.50.63
    *TransferTask: Nov 28 11:20:55.588: TFP End: 1666 bytes transferred (0 retransmitted packets)
    *TransferTask: Nov 28 11:20:55.589: tftp rc=0, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
         pLocalFilename=cert.p12
    *TransferTask: Nov 28 11:20:55.589: RESULT_STRING: TFTP receive complete... Installing Certificate.
    *TransferTask: Nov 28 11:20:55.589: RESULT_CODE:13
    *TransferTask: Nov 28 11:20:59.590: Adding cert (5 bytes) with certificate key password.
    *TransferTask: Nov 28 11:20:59.590: RESULT_STRING: Error installing certificate.
    *TransferTask: Nov 28 11:20:59.591: RESULT_CODE:12
    *TransferTask: Nov 28 11:20:59.591: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application
    *TransferTask: Nov 28 11:20:59.624: finished umounting
    *TransferTask: Nov 28 11:20:59.903: Create ramdisk for ap bunble
    *TransferTask: Nov 28 11:20:59.904: start to create c1240 primary image
    *TransferTask: Nov 28 11:21:01.322: start to create c1240 backup image
    *TransferTask: Nov 28 11:21:02.750: Success to create the c1240 image
    *TransferTask: Nov 28 11:21:02.933: Memory overcommit policy restored from 1 to 0
    (Cisco Controller) >
    Would I have the same results in wlc with  v 7.5.102?
    Thank you.

    Hi Pdero,
    Please check out these docs:
    https://supportforums.cisco.com/thread/2052662
    http://netboyers.wordpress.com/2012/03/06/wildcard-certs-for-wlc/
    https://supportforums.cisco.com/thread/2067781
    https://supportforums.cisco.com/thread/2024363
    https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/11/26/generate-csr-for-third-party-cert-and-download-unchained-cert-on-wireless-lan-controller-wlc
    Regards
    Dont forget to rate helpful posts.

  • Error while installing certificate in STRUST

    Hi All,
    when i try to install the Web Ui Certificates in STRUST i am getting the message mentioned below.
    Cannot analyze certificate
    Message no. TRUST009
    Diagnosis
    The certificate cannot be analyzed in the specified file format.
    Thanks in Advance,
    Regards,
    Satish

    Hi,
    The error clearly indicates the problem of incompatible formats of certificate being imported.
    In addition to Nico's reply,
    Pls check the format format of the certificates to be compatible in base 64 or binary formats.
    If you are not sure, pls get your system admin to get the file converted in above formats.
    Cheers Sam

  • ACS Wildcard Certificate Install for PEAP

    Does ACS support Wildcard certificate authentication, such as *.domain.com?  We installed the certificate through ACS using CA, but when using wireless devices, the certificate is still not verified.  Any information would be helpful before we go and purchase another certificate.  Thank you.

    Can someone validate whether wildcard certs are supported with ACS and PEAP, please.  I'm running into the same issue that Jason outlines above.  It seems that Windows clients specifically don't like the wildcard cert. I have tried with Mac and iPhone and they seem to work if you accept the cert into the keychain on first connect.

  • Unable to install WildCard Certificate for ASA 5512-x

    Have a customer who we manage an ASA 5512-X for.  I am configuring a Wildcard Certificate for AnyConnect. They have a wildcard certificate purchased through Godaddy.com.  I am utilizing ASDM 7.3 for the installation of the certificate.  I added the Identity Certificate ASDM_TrustPoint0.  Checked the radio button "Add a new identity certificate:"  Named the Key Pair WildCard, and set the size to 2048.  I also changed the "Certificate Subject DN: to CN=cityvpn.wirapids.org.  There were no other attributes to add.  I also changed the FQDN under the advanced tab to the same cityvpn.wirapids.org.  Then clicked Add Certificate.  Successful
    Under CA Certificates I added the certificate from file.  Which I added the bundle.crt from Godaddy.  Certificate was added successfully.
    Going back to Identity Certificates.  I click on install.  Install from a file.  Which I tried the other crt file and the bundle file from Godaddy.  I get an Error: Failed to parse or verify imported certificate.  With the other .crt file from Godaddy I get the same error, but "Certificate does not contain device's General Purpose Public Key."
    Not sure what to think.  Any suggestions or help would be great.  Thanks
    Paul

    You should never ever get a wildcard certificate. Because if that certificates private key gets stolen, the thief can impersonate all ssl-protected services. The clients view them as valid resources, because the certificate is correct. The only thing to do then, is to revocate the certificate, which will cause you to get a new certificate installed on ALL services that you had protected with the wildcard one.
    Even worse, most broswers (besides IE) ignore certificate revocation lists in various cases!

  • Using same Wildcard certificate on multiple SAP systems with same domain name.

    Hello All,
    Need urgent help.
    I have a WILDCARD SSL certificate in pfx format. I also have individual root certificate , primary certificate in text form.
    The certificate mentioned above is already active in one of our portal.
    We want the same certificate on ECC Production.
    What are the steps to import this certificate in STRUST?
    I believe no certificate response needs to be imported.
    I have a certificate response provided by Verisign. But STRUST says- cannot import certificate response'
    Please help.

    Hi,
    This is what i did for installing wildcard certificates:
    On the OS of the sap server, log in with the sapadm account.
    Open a command prompt:
    make a backup of your sec directory in drive:\usr\sap\<SID>DVEBMGS00\  (just to be sure)
    cd to drive:\usr\sap\<SID>DVEBMGS00\exe
    >sapgenpse.exe import_p12 =p SAPSSLS.PSE location\to\the\certfile.pfx
    It will ask you for the pin, and to overwrite the file, answer yes.
    Now copy the new SAPSSLS.PSE to a desktop that has sapgui
    Login with the sapgui and run transaction strust
    Select import from the PSE menu and open the SAPSSLS.PSE
    Then again goto PSE menu  and select Save As
    I saved it twice, once in System PSE  and then again in SSL Server
    For me SSL is now working without problems on a couple of servers.
    -small update-
    You can check internal servers using the certificate utility from digicert https://www.digicert.com/util/
    It has the option to specify port numbers, usefull for internal web services.
    Regards,
    Rolf

  • Wildcard Certificate and Wireless Lan Controller

    Hello,
    I'm working with wlc 5508 version 7.2.111.3 and I'm looking to use a wildcard certificate, I've just checked on the forum that there was a bug-id and it seems it's been closed with a workaround of not using wildcard certs, is it resolved now?
    If yes, could you indicate to me how can I proceed to install it quickly?
    Regards

    Hello,
    The bug was about bad behavior when the wildcard certificate is used. The status of the bug now is "Terminated". That means it was found that the root cause for this bug is not really a bug (bad description, normal behavior...etc).
    So, I think you can go with the wildcard certificat you have. The bug was opened on 5.2 version which is very old comparing to 7.2.
    Let us know how it goes.
    Regards,
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • Wildcard Certificate use in Sun Java System Messaging Server (IMAPs/POPs)

    I'm trying to use a wildcard certificate acquired from GlobalSign and am having problems getting
    it (properly) into the cert database.
    I tried using certutil, and that didn't seem to work at all, it would list without user cert status:
    rmorneau+root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
    GlobalSign-Ext-CA CT,c,
    *.xxxxxxxxxxx.edu ,,
    I had some success using msgcert and pk12util, but after importing it in, then seeing that it did
    have user cert status, after a quick restart of Messaging (IMAP/POP), SSL quit for IMAP and kicked all
    my IMAPs users out temporarily (until I put the original cert8.db and key3.db back).
    -------- ImapProxy_20101115.log----
    20101115 135531 ImapProxyAService.cfg (id 2590) SSL negotiation failed for IP XXX.XXX.X.XXX: Cannot connect: SSL is disabled. (-12268)
    pop.xxxxxxxxx.edu u,u,u
    GlobalSign-Ext-CA CT,c,
    *.xxxxxxxxxxx.edu u,u,u
    I truly appreciate any help on this matter.
    -Bob

    2. Does the certificate nickname in NSS match the configured certificate nickname in the product?I'm not sure, but I'll try that the next time I try this... will probably be late at night were I won't be interrupting IMAPs and POPs
    Makes sense. Prior to release 7 update 4, the servers have to be shut down before modifying certificate databases. As of 7 update 4 you can do a one-time migration to the cert9.db/key4.db format that >should allow certificates to be updated without taking the servers offline.
    This was in the log just before the other log entry that I showed before.
    20101115 135440 ImapProxyAService.cfg ASockSSL_Init: couldn't find cert imap.xxxxxxxxx.edu (-8174)
    This is the key line from the log. The server is looking for a certificate with the NSS certificate nickname of 'imap.xxxxxxxxx.edu' and is not finding that certificate so issue 2 is likely the problem.Yes, this was it. Oversite on my part, forgot they had to match and could not be a form of just domainname.edu or *domainname.edu.
    You either need to modify the default:SSLCertNicknames setting to match the nickname of the new certificate, or install the new certificate using the existing certificate nickname of 'imap.xxxxxxxxx.edu'I modified the default:SSLCertNicknames setting.
    Thank you CNewman very much for all your help.
    And, for those trolling for an answer with more detail via an Internet search (that is, if Oracle doesn't screw up these forums for anon searches)::::
    With the private key in hand (not password protected), I used 'openssl' to get it into a pkcs12 type file:
    (It is best to do this as root and not as sudo root as you might run into problems if your host
    does not have root power to write to your home dir on the/a NFS share.... you will get "unable to write 'random state'".)
    root@mmp1:/var/opt/SUNWmsgsr/config/GlobalSign-certs-new# /usr/sfw/bin/openssl pkcs12 -export \
    -in ket-wildcard-cert.pem -inkey private.key -out cert.pkcs12 -name xxxxxxxxx.edu
    Enter Export Password:
    Verifying - Enter Export Password:
    Where "private.key" is the key file, and "ket-wildcard-cert.pem" is the (pem format) cert from our cert provider,
    and cert.pkcs12 is our cert file that will be imported into the database, and xxxxxxxxx.edu is whatever you (nick)name your cert
    in the database
    (I think you could use a password protected private key if you have that password.. I don't.)
    Next, I used 'msgcert' to import the pkcs12 cert file into the database (I'm sure there is a way
    to use certutil or even pk12util to do the same, but I'm on Sun Messenger 6.3 at this time, so that's what I used.
    If someone would like to elaborate for those....?):
    (It is best, when using 'msgcert', to do it where your mailsrv user has some privs.. I took my pkcs12 cert and moved into /tmp.)
    root@mmp1:/tmp# /opt/SUNWmsgsr/sbin/msgcert import-cert cert.pkcs12
    Enter the PKCS#12 file password: (blank)
    Enter the certificate database password: (token password in sslpassword.conf)
    Make sure your (wildcard) cert nickname matches what you have in
    ImapProxyAService.cfg and PopProxyAService.cfg at the "default:SSLCertNicknames" field.
    Edit if need be.
    root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
    GlobalSign-Ext-CA CT,c,
    xxxxxxxxx.edu u,u,u
    root@mmp1:/var/opt/SUNWmsgsr/config# grep default:SSLCertNicknames *AService.cfg
    ImapProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
    PopProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
    Then, of course, restart the msg service(s).
    /opt/SUNWmsgsr/sbin/stop-msg
    /opt/SUNWmsgsr/sbin/start-msg
    Edited by: 810750 on Nov 18, 2010 8:08 AM
    Edited by: 810750 on Nov 18, 2010 8:11 AM

  • WLC 5508 - 7.5.102.0 - Wildcard Certificates

    Does this controller/firmware support the use of a wildcard certificate? I'm using GoDaddy as our public CA.

    Yes, it does support.
    You may visit the below listed URL while generating the CSR or installing the certificates.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

Maybe you are looking for