Internet Consolidation architecture
We have a Network on MPLS backbone with dual service provider.
There are 50 spoke location.
DC and DR location
Topology is hub and spoke with all sites accessing data hosted at primary DC.
ALso in case of disaster all the spoke sites will connect to DR site.
Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.
Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.
As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.
Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.
At CE router we will segreggate the traffic meant for datacentre and internet cloud.
We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.
Is this a good design.
Pls suggest with configuration on how are we going to achiecve this
Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites
Pls find the existing architecute attahced.
Any inputs on the same will be appreciated.
Rgds
I think the design is fine. Following links may help you
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a0080226103.html
http://www.cisco.com/en/US/netsol/ns587/networking_solutions_white_paper09186a008009d67f.shtml
Similar Messages
-
Crm isa 2007 implementation required steps?
Hi All,
We are working on a new implementation of crm 2007 isa and are at blue printing stage.
Can any one please let me know how to proceed on a new implementation and what are the things to be taken care?
What are all the things to be taken care by an isa technical consultant ..like shop admin, xcm...etc
I would really appreciate the response.
Thanks,
NarendraHi Narendra,
I think what you're looking for is C14 - Internet Sales. This is the right place to start off when configuring your web shop for Sales.
http://help.sap.com/bp_crmv340/crm_de/BBLibrary/Documentation/C14_BB_ConfigGuide_EN_US.doc
Further, as per your earlier concern, the Internet Sales Architecture (ISA) Technical Consultant is someone who is involved in hands on coding on the ISA API built on Struts. It is SAP's API built on Java Struts framework. So you need to be coding in Java in case you intend to be Technical consultant for ISA.
Apart from these you must also be familiar with tools such as Config Tool, SAP J2EE Visual Administrator, SAP NetWeaver Administrator and the SAP NetWeaver Developer Infrastructure (NWDI), which includes the development environment (IDE) for ISA, the SAP NetWeaver Developer Studio (NWDS).
The functional consultant involves himself in the activities of XCM Configurations and Base Customizing for the Internet Sales Scenario.
In simpler terms, an Internet Sales implementation would involve:
SAP CRM Base + ABAP Developments + Java Base + Java Developments + R3 integration + R3 base
The Basis team looks at administration of SAP ABAP and Java layers, ABAP & JAVA technical developments are handled by technical consultants in the respective areas, Middleware consultant is required in case you have an integration with SAP ERP (ECC). Whatever is left is the functional consultants role, which is Base Customizing for CRM (Business Partner, Transaction type etc.,), Java Base (XCM, Shopadmin etc.,) and R3 base (SD, MM, FI/CO etc.). Depending on the organizations size, project constraints etc., you may have specialized consultants for each or simply an all-rounder.
Further, considering the project involves the Internet, you have other areas which are external to SAP such as Network Architecture - Load Balancer, Dispatcher, Application Accelerator, Server Hosting etc., Security - SSL Certification, Antivirus etc., and Payment Gateway integration. These are generally not given much importance, but are crucial in the end to end execution of an Internet Sales project.
I hope I have answered most of your doubts.
Thanks & Regards,
Nelson S Raj -
I am having difficulty running forms
I will like to know if the forms can run in applets and if so how can i do it?
Secondly do i have to be connect to the web to run forms through
the default setting i.e running forms through a web browser.
what are other options of running forms?May I suggest you read a little about the Forms Internet deployment architecture at:
http://otn.oracle.com/products/forms/pdf/forms9iarchitecture.pdf
Forms are using applet when you run on the web. You don't have to be on the World Wide Web to run them but you need a connection to your web server (Oracle9iAS). So it is just like C/S in that you connect from your client machine (Browser) to a server machine (Oracle9iAS).
You can find more info at:
http://otn.oracle.com/products/forms/ -
Solution Architecture Diagram for an Internet, Intranet Scenario
Can someone point me to a link which has a typical solution architecture diagram (logical, deployment, anything) for a SharePoint 2013 Internet/Intranet scenario.
Hi SP Dev101,
For Internet and Intranet, There is no functional difference between them. They represent different logical paths to gain access to the same sites in a web application.
To understand the connection between them,
the article A guide to Alternate Access Mappings Basics in SharePoint 2013 is
very useful.
An eBook for
how to create a test lab containing intranet and team sites in a SharePoint Server 2013 three-tier farm you can have a look.
Also a good book named
Microsoft SharePoint 2013: Designing and Architecting Solutions you can refer to.
Finally I recommend you watch the video
Real world SharePoint 2013 architecture decisions which is based on real world implementation experience.
Best Regards,
Eric
Eric Tao
TechNet Community Support -
Internet sites server architecture
Can anyone guide me with server architecture for SP internet sites.
We are planning for 15000 users. Using FBA authentication with minimum service applications.Convincing them is relatively straight forward. You just need to point them at a sufficiently definitive source to change the question from 'I don't believe that SharePoint requires AD' to 'That's awkward, why didn't they make it work without AD, that's
a pain'*
The permissions needed for SharePoint installation are listed here and AD is heavily implied, even if they didn't state anything that basic explicitly:
http://technet.microsoft.com/en-us/library/cc678863.aspx
Another thread with the same answer:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/d6924577-e95b-4751-93fb-870741ce2426/active-directory-required-for-sharepoint-2013?forum=sharepointadmin
A thread stating the same from an MVP (Trevor Seward):
http://social.technet.microsoft.com/Forums/sharepoint/en-US/3999d546-946d-47ff-8f8d-8860c84a43b8/sharepoint-2013-and-authentication?forum=sharepointadmin
*It is a pain that AD is required, on the other hand removing that is like taking a card out of the bottom layer of a very large and elaborate house of cards. Or perhaps just taking out the table that the entire stack sits on. -
"Internet Connect not supported on this architecture"
I recently installed 10.5.4 and there were 2 apps that had the circle with a slash mark through the icon (like the "no smoking" sign with the slash through the cigarette). Apple support said they never heard of such a thing and helped me download one of the apps, Airport Utility. I read on this forum where maybe the install disc tried to load the Windows version by mistake.
I just noticed that the Internet Connect app is the same way. Does anyone know where I can download the most recent version, or can it somehow be extracted from the install disc?
thanks!Hi Lu-Maze,
I believe that Internet Connect Application was used in Tiger and was found in the Utilities Folder. I don't think it was carried over with Leopard, as I can't find it. Move it to the trash but don't empty and see if it causes any issues. I don't know how you managed to get it if you installed Leopard unless it was a hold over from Tiger if you just did the upgrade and not the erase and install. -
Sharpoint 2010 architecture for internet sites..
Hi,
we are trying to build a new fresh sharepoint 2010 farm for internet sites(not intranet). Can some one please help me know what needs to be considered when creating a fresh sharepoint 2010 farm for internet based sites.
Cheers,
Kotamarthi VeeraRefer to this post on design recommendations to create a internet facing SharePoint site
http://technet.microsoft.com/en-us/magazine/gg457886.aspx
http://designshare.wordpress.com/2012/11/14/internet-facing-sites-with-sharepoint-2010-tips-tricks-gotchas/
--Cheers -
Need help with silent install of Peoplesoft Internet Architecture
I have PT8.49.15 and need to do a silent installation of the web tier on linux. I am supposed to run the $PS_HOME/setup/PsMpPIAInstall/setup.linux which is a Microfocus Installshiled wizard. Any ideas how I can make this a silent installation? I need to automate all of my deployments and have not figured out how to create or pass in a response file to use as input. Is this possible?
thanksLooking in the deployment script installpia.sh of PSOVM, here's the way of silent PIA install :
PT_HOME=/opt/oracle/psft/pt
TOOLS_HOME=$PT_HOME/tools
BEA_HOME=$PT_HOME/bea
SILENT_INSTALL_FILE=install.properties
echo "Doing PIA silent install"
if [ ! -d $TOOLS_HOME/tmp ]; then
mkdir $TOOLS_HOME/tmp
fi
cd $TOOLS_HOME/tmp
# If there is a pre-existing silent response file we
# remove it
if [ -f $SILENT_INSTALL_FILE ]; then
rm -f $SILENT_INSTALL_FILE
fi
echo PS_HOME=$TOOLS_HOME >> $SILENT_INSTALL_FILE
echo DOMAIN_NAME=peoplesoft >> $SILENT_INSTALL_FILE
echo SERVER_TYPE=weblogic >> $SILENT_INSTALL_FILE
echo BEA_HOME=$BEA_HOME >> $SILENT_INSTALL_FILE
echo USER_ID=system >> $SILENT_INSTALL_FILE
echo USER_PWD=password >> $SILENT_INSTALL_FILE
echo INSTALL_ACTION=CREATE_NEW_DOMAIN >> $SILENT_INSTALL_FILE
echo DOMAIN_TYPE=NEW_DOMAIN >> $SILENT_INSTALL_FILE
echo INSTALL_TYPE=SINGLE_SERVER_INSTALLATION >> $SILENT_INSTALL_FILE
echo WEBSITE_NAME=$PIA_SITENAME >> $SILENT_INSTALL_FILE
echo APPSERVER_NAME=localhost >> $SILENT_INSTALL_FILE
echo JSL_PORT=$JOLT_PORT >> $SILENT_INSTALL_FILE
echo HTTP_PORT=$PIA_HTTP_PORT >> $SILENT_INSTALL_FILE
echo HTTPS_PORT=$PIA_HTTPS_PORT >> $SILENT_INSTALL_FILE
echo AUTH_DOMAIN= >> $SILENT_INSTALL_FILE
echo WEB_PROF_NAME=DEV >> $SILENT_INSTALL_FILE
echo WEB_PROF_USERID=PTWEBSERVER >> $SILENT_INSTALL_FILE
echo WEB_PROF_PWD=PTWEBSERVER >> $SILENT_INSTALL_FILE
echo REPORTS_DIR=/var/tmp/psreports >> $SILENT_INSTALL_FILE
cd $TOOLS_HOME/setup/PsMpPIAInstall
sh setup.sh -javahome $TOOLS_HOME/jre -i silent -DRES_FILE_PATH=$TOOLS_HOME/tmp/$SILENT_INSTALL_FILE -tempdir $TOOLS_HOME/tmpMake the necessary changes in the echoing according to your own configuration.
Nicolas. -
Issue with Internet facing site and Intranet sites
Hello All,
I have migrated the SP2013 environment using database attach method for our intranet site. We also working on the
SP2013 Internet facing site using the same content database as Internet site.
When I extended the web application for Internet facing site, zone to
Internet and these are the URLs: The Intranet website URL is
https://intranet.contoso.com/SitePages/home.aspx (Root Site) and
SP2013 Internet facing site http://contoso.com (not a root site and publishing site template)
However, I found on the http://contoso.com users can still access the
http://contoso.com/SitePages/home with same content as Intranet.
After done some Google search, bloggers mentioned to have move https://intranet.contoso.com/SitePages/home.aspx to another site collection so that Internet facing site can exist root site.
Can 2 we have to two root sites in same web application? I need the content database to be same so that managers can check
Internet facing site and after signing into SP2013, redirects to
Internet site.
Which is the best option to achieve this with same content database.
Please advice.
Regards,
Aroh
Aroh ShuklaBusiness Requirement:
Content Managers want to control internal Internet site (https://intranet.contoso.com) (with default zone, port 443, Root site) and also want to have SP2013 Internet site (with Internet zone
http://www.contoso.com (not a root site and publishing site template)), Anonymous access at Web Application level. I configured the site architecture
to have intranet zone as default zone and extended Web Application for Internet facing site with Anonymous site. This the current site architecture
Because content managers do not want to duplicate public site (Internet facing site) with will be shared with some lists that are stored in intranet site.
For e.g. a sub site named “News and Events” will be shared with Public site as well as Internet users. Therefore, if a manger wants to update a list in the public site, it should reflect in intranet site as well. Thus, managers
don’t want to have separate database but same content database.
Problem:
I have extended web application to have different Internet zone, the site URL looks this: http://www.contoso.com/sites/public with publishing template and Anonymous access. Managers want to have public site URL to be just
http://www.contoso.com and not http://www.contoso.com/SitePages/Home.aspx. As I am using path based site collection for extending site collection, I am
getting this URL http://www.contoso.com/SitePages/Home.aspx
We also tried host named site collection, but it does not provide anonymous access and keep on asking for user credentials.
Q1: We want to have Intranet and Public site with same content database as per business requirements, Shall I following link http://sharepoint.stackexchange.com/questions/81172/moving-content-db-for-a-site-collection-to-another-db-server?
Q2: Because I am constrained that I don’t want to have separate web application, (I know, its not regular requirement), how could achieve this requirements?
Q3: Do have to completely re-design web site architecture, with
www.contoso.com as main web application, then copy Intranet site collection and move this to
www.contoso.com/intranet using
Move-SPSite command
Any kind of pointer and help will be highly appreciated as I am struggling for 2 weeks to solve this.
Regards,
Aroh
Aroh Shukla -
Wireless Internet Access (Cisco IP NGN or Cisco Wireless Mesh Networkin)??
Dear Cisco Wireless Team
Please educate us on where to start, or the CISCO product we might need to purchase
We are trying to branch out a new Internet wireless access and wireless phone service business in our company, and presently looking for the right Cisco product solution to purchase to enable us offer this service in LAGOS, NIGERIA.
The service will be rendered in Africa, the country NIGERIA, and the city LAGOS.
We would like to mount or install the product in Lagos, Nigeria.
As we are new to this kind of service. We would appreciate if the Cisco wireless team can work with us in pointing or directing on the right product to purchase and what are required. We understand the Cisco Wireless Mesh Networking Solution, Cisco IP Generation Network, Cisco 12416 or 7600 Series Router might be the right products to purchase, but we are not sure on what needed or what are required to meet our service need.
Possibly we would like to offer Wireless Internet Access to unlimited subscribers, and also Wireless or Mobile Phone service to unlimited subscribers in Nigeria.
Anticipating your replyI suppose Cisco Wireless Mesh Networking would be a good choice.The Cisco mesh architecture makes it easy to scale coverage as capacity needs dictate, including increasing access point density; adding wired connections, controllers, and radios; and using dual high-powered, high-sensitive radios and a selection of high-gain antennas.Refer the document for IP NGN in the following URL http://www.cisco.com/en/US/netsol/ns537/networking_solutions_solution_category.html
-
Internet connexion problem for remote site in Site to site VPN asa 5505
Hi all
I'm configuring a site to site Ipsec VPN in 2 sites using ASA 5505 V 8.2, The VPN is working fine i can ping machine in the 2 sides but the problem is the remote site dont' have internet.
The architecture is, we 2 site Site1 is the main site and Site2 is secondary site there will be Site3, ...
The internet connection is based in Site1 and site2 and site 3 will have internet connection through Site1. Site1, Site2 and Site 3 is interconnected by Ipsec VPN.
Here is my ASA 5505 Configuration :
SITE 1:
ASA Version 8.2(5)
hostname test-malabo
domain-name test.mg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd ta.qizy4R//ChqQH encrypted
names
interface Ethernet0/0
description "Sortie Internet"
switchport access vlan 2
interface Ethernet0/1
description "Interconnexion"
switchport access vlan 171
interface Ethernet0/2
description "management"
switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 41.79.49.42 255.255.255.192
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.100 255.255.0.0
interface Vlan171
nameif interco
security-level 0
ip address 10.22.19.254 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.mg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list interco_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
mtu interco 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any interco
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (interco) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 41.79.49.1 1
route interco 192.168.3.0 255.255.255.0 10.22.19.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map interco_map0 1 match address interco_1_cryptomap
crypto map interco_map0 1 set pfs group1
crypto map interco_map0 1 set peer 10.22.19.5
crypto map interco_map0 1 set transform-set ESP-3DES-SHA
crypto map interco_map0 interface interco
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto isakmp enable interco
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access interco
dhcpd option 3 ip 192.168.1.1
dhcpd address 192.168.1.100-192.168.1.254 inside
dhcpd dns 41.79.48.66 8.8.8.8 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.5 type ipsec-l2l
tunnel-group 10.22.19.5 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect snmp
inspect icmp
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5aa0d27f15e49ea597c8097cfdb755b8
: end
SITE2:
ASA Version 8.2(5)
hostname test-luba
domain-name test.eg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description "Sortie Interco-Internet"
switchport access vlan 2
interface Ethernet0/1
description "management"
switchport access vlan 10
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.22.19.5 255.255.255.0
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.101 255.255.0.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.eg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 10.22.19.254 1
route outside 192.168.1.0 255.255.255.0 10.22.19.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set pfs group1
crypto map outside_map0 1 set peer 10.22.19.254
crypto map outside_map0 1 set transform-set ESP-3DES-SHA
crypto map outside_map0 interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.3.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.254 type ipsec-l2l
tunnel-group 10.22.19.254 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:185bd689118ba24f9a0ef2f7e80494f6
Can anybody help why my remote site can't connect to Internet.
REgards,
RaitsarevoHi Carv,
Thanks for your reply. i have done finally
i used no crypto ipsec nat-transparency udp-encapsulation in my end router only.
and in remote access VPN i have enabled UDP for client configuration. the most imprtant is i have given IP add of same LAN pool to VPN user,
Regards,
Satya.M -
Ip addresses and internet sharing
My iBook is connect to the internet via a wireless network, and I have an ATA (Analogue Telephone Adpater, a Vonage-type box) connected to the ibook via ethernet cable. The iBook is set up to share the airport internet connection to its built in ethernet port, and the wireless router has the relvenat Voip ports forwarded to the iBook's ip address. This all works fine.
With this set up the iBook gets its ip address from my wireless router, and the ATA is picking up an ip address from my iBook. The wireless router is handing out addresses in the range 192.168.1.(1-100) to computers on the network and the iBook always hands out an address to the ATA that is 192.168.2.xxx
Is there anyway to force a change in the architecture of the local network to permit the ATA to get an ip address from the wireless router rather than the iBook? i.e. let the ibook work as a bridge rather than a router. I have tried simply setting the ATAs ip address manually to be inside the range of ip addresses handed out by the woreless router, and specifying the wireless router's ip address as the gateway, but with this configuration the ATA cannot see the internet.Yes, I've seen the cure in this particular Forum some months ago, (unfortunately I didn't bookmark it!).
If it helps, the pseudo router in the Mac always hands out x.x.2.x addies, which has been a bugaboo if you had any other x.x.2.x device in the mix, somewhere a few months after that discovery, some Guru here posted exactly what you need... sorry I can't help you more! -
Interactive Report wide Column Sorting hangs in Internet Explorer
I have an application that contains an interactive report. The Column Sorting and Filtering functions work fine in Firefox. However, if I try to sort a wide (110 byte - it contains a hyperlink) column in Internet Explorer, APEX produces the 'loading data' image and then hangs. Even a sort of a narrow (3 byte) column is noticeably slower in Internet Explorer than in Firefox.
We are running APEX 3.1.1 on Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production with the Partitioning, OLAP, Data Mining and Real Application Testing optionsHello,
I answer you over your post.
Joe Bertram wrote:
Hi,
That's an interesting issue. What kind of images are these? Are they the default images installed or are they your custom set of images?The images are png files included as they were icons into the table.
>
You say the images disappear when you sort the report. Does it happen when you sort on demand in the dashboard or when you sort it in the report itself? Or both?Only when sort from the dashboard. From the report itself, the answers works fine.
>
What are your environment details?Server:
OBI 10.1.3.4.1.090414.1900
Windows 2003 server
JDK 1.6.0.17
Thin Client:
Internet explorer 8
>
Thanks for the extra info.
Best regards,
-JoeIt happens also in other two environments (Development and Pre-production) with the same SW architecture.
Thanks for your time. -
Delivering Mail to Multiple users from Consolidated External Mailbox
Hi everyone
I'm new to the use of postfix, spamassassin and so on to send and recieve email. On PCs when setting up a small server at home, or with students to demonstrate some of the issues involoved I've used the rather nicely set up Mercury Mail system.
Now I have my own MacMini with OSX Server 10.6.x on it and want to do the same things as I used to do.
POP email from my ISP. The ISP email boxes act as central consolidation points for two or more domains.
Because my DSL connection may be allocated a different IP address when it drops, it has been easier to direct mail this way.
Mail to @mydomain.com and @anotherdomain.com all go to one mailbox at the ISP (thanks to my DNS registry).
Mail may also be retrieved from a GMail account via POP3 or similar to be consolidated on the server/backed up locally.
What I need to do:
- Mail needs to be retrieved from the mailboxes
- Mail needs to be checked for SPAM level and marked as SPAM as needed
- The OSX server via Postfix (?) needs to redirect mail to the appropriate OD user
- If no appropriate user detected then mail is copied to the postmaster account and bounced.
I have seen various tutorials out there for fetchmail/mpop out there but found them a tad confusing.
I have also seen replacement software, but I want to make use of the built in systems such as fetchmail to do what I want.
It would also be nice to have the passwords stored in the keychain for a little more security.
Can anyone help with a suitable guide or willing to help me write a guide to tell people how to do this?
Cheers
AdyOK so I have found from various sources, and through trial and error that I am able to do the following in a shell script:
--- start script ---
user=<ISP USERNAME>
isp=<ISP NAME>
server=<SERVER NAME AT ISP eg mail>
TMPFILE=`mktemp /tmp/fm.XXXXXX` || exit 1
password=$(security find-internet-password -s $server.$isp -a $user -g 2>&1 | perl -ne '/password: "(\S*)"/ and print $$
cat <<EoF > $TMPFILE
set postmaster '<LOCAL POSTMASTER ACCOUNT>'
set bouncemail
poll $server.$isp with proto POP3 and options no dns
user "$user" there with password '$password'
options fetchall keep mda '/usr/bin/procmail -d %T'
EoF
fetchmail -v -f $TMPFILE
rm -f $TMPFILE
--- end of script ---
thanks to http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email -grabber-with-osx-keychain-for-authenti
and for the autostart fetchmail on boot from http://discussions.apple.com/thread.jspa?threadID=2218143&tstart=225
making this executable and putting in the /etc folder as run-fetchmail is the first step
Now this works to deliver messages to the local mail, but you need to access it via the terminal - hmmm...
the fetchall is to grab all the messages even read ones whilst I test...
so I tried removing the mda section so it used the default mda on snow leopard, but the message are not being delivered to the respective users mail.app accessible mailboxes.
I will add daemon to the file once I have the fetching working correctly
so - how on earth do I get the mail to be delivered to the Mail.app accessible mail delivery agent? -
Introduction of New OAB Architecture in Exchange 2013 and Some General Troubleshooting methods
Exchange 2013 is different from previous versions of Exchange server on architecture, some of the old features have been changed. In this FAQ, I will demonstrate the changes on OAB and list a common issue for your reference.
[Agenda]
1. Differences between Exchange 2007/2010 OAB and Exchange 2013 OAB
a. Generation
b. Distribution
c. Download
2. Common issue and troubleshooting
3. More information
[Difference between Exchange 2007/2010 and Exchange 2013 on OAB]
As we know, OAB in Exchange 2007/2010 has 3 points, OAB files generated from MBX server, distributed to CAS server and downloaded to Outlook client. However in Exchange 2013, these 3 points have a little different from previous servers. For example, the OAB
Distribution process doesn’t depend on Microsoft Exchange File Distribution service anymore. Now let me show you the changes of OAB in Exchange 2013.
[OAB Generation]
====================
Exchange 2007/2010:
1. OAB generation server is the specific MBX server which has –server property.
2. If MBX01 is down, OAB generation will be affected.
3. Previous Server using Microsoft Exchange System Attendant service for OAB generation.
4. OAB generation is a scheduled process. By default, OAB files generated at 5:00AM every day.
5. The OAB files which generated from MBX server are located in following path:
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OAB\GUID folder
Exchange 2013:
1. OAB generation server is the MBX server that hosts a special type of arbitration mailbox, called organization mailbox. Thus, the same OAB files could be generated from multiple
MBX servers.
2. If one of the MBX server down, other MBX server still have the ability to generate the specific OAB files.
3. Exchange 2013 server using OABGeneratorAssistant for OAB Generation.
4. OAB generation is a throttled process. It depend on the Server workload.
5. The OAB files which generated from MBX server are located in following path:
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OAB\GUID folder
[OAB Distribution]
====================
Exchange 2007/2010:
Previous Servers use Microsoft Exchange File Distribution service to distribute OAB files from MBX server to CAS server. The distributed oab files stored in CAS server.
Exchange 2013:
The OAB files doesn’t distributed to CAS server. The OAB files only stored in MBX server.
[OAB Download]
====================
Exchange 2007/2010:
If Autodiscover works fine, Outlook should use OAB URL to get the OAB files and download it.
If Autodiscvoer doesn’t work, authenticated users can also get the OAB from the CAS server local disk.
Exchange 2013:
Microsoft Exchange File Distribution service has been removed from Exchange 2013 and the OAB files stored in MBX server. CAS server will proxy all OAB download requests to the appropriate MBX server.
Outlook also use Autodiscover to get the OAB URL and download it.
[Common issue and Troubleshooting]
Issue: Outlook doesn’t download OAB files automatically. When I try to manually download OAB, get this error: Task xxx reported error (0x80190194): The operation failed.
Troubleshooting:
1. First, please run following command to check the information of OAB Generation Server.
Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*OAB*”} | ft Name, Servername, Database
Example result as below:
2. Please make sure the authentication settings and URLs are set properly.
3. Try to verify whether the OAB files generated from MBX server successfully. Path as below:
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OAB\GUID folder
4. If all of the settings above set correctly, please try to check Autodiscover. Run “Test E-mail Autoconfiguration” to check whether there is anything abnormal on OAB. If has, please search the error code on MS official documents.
5. If this issue is related to local cache, please try to delete the OAB caches from local PC and re-download OAB for testing. Path as below:
C:\Users\Administrator.CU1(different)\AppData\Local\Microsoft\Outlook\Offline Address Books
[More information]
http://blogs.technet.com/b/exchange/archive/2012/10/26/oab-in-exchange-server-2013.aspx
http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.Hi Techy,
According to your description, I am still not quite sure about your environment. Could you please provide more information about it, such as:
1. How many Exchange servers in your coexistence environment? One Exchange 2010 with all roles and one Exchange 2013 with all roles? Or several Exchange 2010 and multiple Exchange 2013?
2. Are there two sites in your environment? What’s the Exchange deployment in different sites?
3. Please confirm if both Exchange 2010 and Exchange 2013 are Internet-facing.
Additionally, if you are using different namespaces for different services for internal access and external accessing, we need to include all service namespaces in your certificate with IIS service. Personal suggestion, we can follow ED Crowley’s suggestion
to use split-brain DNS in your environment and only use the same namespace for Exchange service URLs.
The following article described the details about how to configure different namespace for Exchange services by using Load Balance in Exchange 2013:
http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part2.html
Regards,
Winnie Liang
TechNet Community Support
Maybe you are looking for
-
Current emails open up to show old emails from 2008
A couple months ago I opened an email from my son, but it opened up an email that I received from someone else in 2008. This happened maybe twice more until today. My son sent me an email this morning and when I opened it, it was an email that I rece
-
Dynamic table name in FROM clause of an abap native sql statement
Hi Frenz, Kindly help me with the solution. Thank you. data: tabname type string. tabname = 'CRMD_ORDERADM_H'. EXEC SQL. SELECT count( * ) FROM tabname into :count ENDEXEC. This piece of the code is giving me a dump. Kindly let me know how
-
Camera raw 5.6 slider issue
Hello, I am having a problem with the sliders in ACR. When I drag any slider to make a correction, when I let go if the mouse it pops back to where I started from and acts like it is locked or something. If I try a couple more times, it finally wor
-
HT1349 when i turn on my mac pro it is very slow I don't know what happen what should i do?
Dear Sir I have a problem with my note book (Mac pro). when I turn on my note book it is very slow. I have to waite for long time I don't know what happen. how should I do? yours.
-
After resetting my iPod Touch I cant get to the page that list all the games I have purchased
After resetting my iPod Touch I cant get to the page tha list all the games that I have purchased & downloaded on my iPod. Why?