Ironport not forwarding HTTPS traffic

We have recently been trying to setup a BYOD wireless network and the wireless Clients that join this network have their traffic routed directly to an Ironport S370 (Ver7.1.4-053) as we do not want the BYOD users to have to configure their proxy settings.
We have created an Identity which matches the Subnet given to BYOD devices with no authentication and then an Access Policy for filtering, all this works as long as the traffic is HTTP, as soon as you try to access anything using HTTPS then the Ironport seems to drop the traffic as it never hits the firewall and the page cannot be displayed.
Any domained clients which have the Ironport address as their proxy work fine.
The Ironport is not set to bypass any addresses in bypass settings.
I am sure there must be a simple answer as to why HTTPS traffic is not being forwarded and any pointers as to why this is would be gretly appreciated.
Many thanks,
Neil.

Hi Igor and Neil,
As per AsyncOS 7.5 documentation, HTTPS proxy needs to be enabled to process HTTPS traffic in transparent mode.
following is the extract from the doco.
" When the Web Proxy is configured in transparent mode, you must enable the HTTPS Proxy if the appliance receives HTTPS traffic. When the HTTPS Proxy is disabled, the Web Proxy passes through explicit HTTPS connections and it drops transparently redirected HTTPS requests. The access logs contain the CONNECT requests for explicit HTTPS connections, but no entries exist for dropped transparently redirected HTTPS requests "
If you do not want to decrypt HTTPS traffic, you can enable HTTPS proxy in pass-through mode.
Thanks,
Wipula.

Similar Messages

RV220W not forwarding http to dmz

Hi!
Just bought an RV220W for my small business. I cannot figure out how to make my webserver (Win2008R2 running Tomcat on port 8080) visible to WAN. Here is what I have tried so far:
Under Networking->LAN->DMZ Host, I added my webserver as a dmz host to RV220W
Under Firewall->Access Control->IPv4 Firewall Rules, I added a firewall rule to direct http from WAN:80 to webserver:8080
Maybe I got #2 above wrong. I have attached a screenshot. But, there is no evidence (tcpdump, packettrace) that RV220W is forwarding http from WAN:80 to webserver:8080.
What am I doing wrong? Your help is sincerely appreciated.

Figured it out. My bad. Comcast "Business Gateway" has a firewall on by default, and was not allowing any inbound traffic at all. Once I fixed that, the above configuration for RV220W works as designed.
Thanks to Dave at Cisco technical support. Wasted a lot his time. But, he continued to be patient and helpful.

WLC module in 2811 not forwarding wlan traffic

Hi,
i have a WLC module inside a 2811 router. everything is working (ap connecting, administration) except traffic from WLAN is not leaving the wlc to the router.
The wlc is sending the dhcp packages to the default gateway (asa5510). See file wlc_dhcp.txt. The 2811 router isnt receiving the packace (at least a debug ip package didnt show it). Router interface config:
interface wlan-controller1/0
ip address 10.10.10.105 255.255.255.248
interface wlan-controller1/0.18
encapsulation dot1Q 318
no snmp trap link-status
bridge-group 18
bridge-group 18 spanning-disabled
interface Vlan318
no ip address
bridge-group 18
bridge-group 18 spanning-disabled
Whats wrong, why are the packages from vlan318 not reaching the router? Why are they not forwarded?
thanks, Martin

Why don't you use 2811 router as your gateway instead of the ASA5510?? I think it will be easier, cause your problem could not be of wireless, it seems that's a problem with your ASA to access your inside network.
Hope this helps,

Http not forwarded as https by ssl

I have the following problem with my serverfarm:
http flow initiated from a serverfarm is not being handled by the load balanced ssl blades thats supposed to forward traffic as https to its destination.
To compare the traffic, I am including test flows from 2 serverfarms, one of them is successfully handling the flow translation and the other one is not:
- From real server side, were initiating http connections to destination xx.yy.tt.104
- real server 192.168.11.35 (vip xx.yy.zz.124) http connection is translated to https by the SSL blades
- real server 192.168.11.47 (vip xx.yy.zz.73) http traffic is not translating to https and is not leaving the ContentSwitchingModule via vlan200:
Where:
* SRV-005 real address is 192.168.11.47 (vip xx.yy.zz.73) &
* SRV-001 real address is 192.168.11.35 (vip xx.yy.zz.124)
* real server side vlan: vlan301
* internal ssl vlan: ssl vlan201
* destination side transit vlan: vlan200
http flow from real server 192.168.11.35 leaving the ContentSwitchingModule as https:
LN-PRO-CSW001>sh mod csm 3 conn client 192.168.11.35
prot vlan source destination state
In TCP 301 192.168.11.35:1212 xx.yy.zz.12:389 ESTAB
Out TCP 200 xx.yy.zz.12:389 xx.yy.zz.124:22395 ESTAB
In TCP 201 192.168.11.35:1388 xx.yy.tt.104:443 ESTAB
Out TCP 200 xx.yy.tt.104:443 xx.yy.zz.124:22601 ESTAB
In TCP 301 192.168.11.35:1360 xx.yy.zz.12:389 ESTAB
Out TCP 200 xx.yy.zz.12:389 xx.yy.zz.124:22572 ESTAB
In TCP 301 192.168.11.35:1388 xx.yy.tt.104:80 ESTAB
Out TCP 201 xx.yy.tt.104:80 192.168.11.35:1388 ESTAB
http flow from real server 192.168.11.47 not leaving the ContentSwitchingModule as https:
LN-PRO-CSW001>sh mod csm 3 conn client 192.168.11.47
prot vlan source destination state
In TCP 301 192.168.11.47:1291 xx.yy.tt.104:80 ESTAB
Out TCP 201 xx.yy.tt.104:80 192.168.11.47:1291 ESTAB
In TCP 301 192.168.11.47:1301 xx.yy.tt.104:80 ESTAB
Out TCP 201 xx.yy.tt.104:80 192.168.11.47:1301 ESTAB
The following config is included on the 6500 content switch module and ssl module:
NL-PRO-CSM001#
static nat xx.yy.zz.73
real 192.168.11.47
static nat xx.yy.zz.124
real 192.168.11.41
real 192.168.11.35
serverfarm SRV-01/77
nat server
no nat client
predictor leastconns
real 192.168.11.35
inservice
real 192.168.11.41
inservice
probe LT-T:3389
serverfarm SRV-005
nat server
no nat client
real 192.168.11.47
inservice
vserver SRV-005-VIP
virtual xx.yy.zz.73 tcp 0
serverfarm SRV-005
persistent rebalance
inservice
vserver SSLtt.104:80
virtual xx.yy.tt.104 tcp www
serverfarm SSL_MODULES
persistent rebalance
inservice
serverfarm SSL_MODULES
no nat server
no nat client
real 192.168.10.68
inservice
real 192.168.10.69
inservice
NL-PRO-SSL001#
ssl-proxy service SSL-tt.104:80 client
virtual ipaddr xx.yy.tt.104 protocol tcp port 80 secondary
server ipaddr 192.168.10.67 protocol tcp port 443
certificate rsa general-purpose trustpoint test123
no nat server
trusted-ca ppCA
authenticate verify signature-only
inservice

if you don't have a version higher or equal to 2.1(2) for the SSLM, you are probably hitting bug
CSCed77583
SSL Module invalidate a source IP address using local mask
It looks like it works except for some ip addresses and therefore the bug mentioned above seems like a good match.
Gilles.

DMVPN split tunnling issue, not able to by pass http traffic at spoke end.

Dear all,
I would appreciate please help me out to resolve following issue.
I have been using DMVPN setup (Routing protocol EIGRP) for 20 site no issue at all and everything is perfectly working.
Now I received one request that I would need to split corporate legitimate traffic and internet traffic at spoke end, so all internet traffic has to forward via local ADSL connection , but I tried to resolve it but spoke router is continuously forwarding all traffic to tunnel.
Moreover I found on internet that DMVPN has limitation that split tunneling is not possible.
Please can you suggest me how can I forward internet traffic (HTTP) via local ADSL connection
thanks and regards,

I agree with Marcin.
At the spoke you would need to add a static default route for the internet traffic. You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric. Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down. But if they are both located off the same interface then there is no point in keeping the injected default route.
Please remember to rate and select a correct answer

Intercepting all http traffic and forwarding to VIP on CSM?

We would like to intercept all http traffic from clients from all vlans and redirect them to a VIP on the CSM for loadbalancing to 2 proxy servers. Is this possible? I can't seem to find a solution similar to our issue? Please help thanks!

Thx Giles! Do you mean a policy that uses route-maps with next-hop? So would I point the next-hop address to the CSM client vlan IP? Do you have a support link that covers this in detail? Thx!

Ironport not allowing different subnet using cisco dhcp

Recently i configured new vlan on remote site and directed it to backup link, but strange thing is our wireless clients proxy is working and lan connected pcs proxy is not working,
Ironport is working on default vlan, microsoft dhcp server but i created different vlan and configured dhcp on cisco but it is not allowing access that subnet. using wccp redirect on the interface.
we configured NTLM authentication connecting to AD, the problem is the clients which are different vlan is not in AD, and AD pc in different vlan is working only non AD denied actually we configured guest on authenticaion, and also that subnet is placing remote site and our main site's unknown pcs are accessing throught guest no problem, 2nd thing is main vlan uses MS server 2003 dhcp pool and working non AD users, im using switch own dhcp pool for vlan 200, is it conflict? and when i put ironport ip on IE's proxy setting it is working
How to fix it?

Network Side:
                       ---->Cisco 2800-1 (Gre Configured) --> Sat Link-->Cisco 2800-2(Gre Configured)--->
End Users->1-L3->                                                                                                  ---->L3-2(WCCP)---Ironport
                       ---->Cisco 2800-3 (MPLS Configured ) --> Sat Link-->Cisco 2800-4(MPLS Configured)--->
Our network is like this, so through MPLS everything is working fine. The problem is on backup.
End users --> VLAN 1, VLAN 200 and VLAN 1 is default and our AD users, AD users working okay but looks like depending on some operating system Win XP, Win 7 some of them not working, and for VLAN 200 is all unknown pc.
1-L3 doing only routing role.
Cisco 2800-1 and 2800-2 both also configured routing and Gre tunnel.
Cisco 2800-1 Configs
crypto isakmp policy 2
encr 3des
authentication pre-share
crypto isakmp key *** address 10.1.9.254
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile VPN
set transform-set 3DES-SHA
interface Loopback0
ip address 1.2.2.1 255.255.255.252
interface Tunnel0
bandwidth 1024
ip address 10.1.9.250 255.255.255.252
ip mtu 1300
tunnel source 10.2.9.254
tunnel mode ipsec ipv4
tunnel destination 10.1.9.254
tunnel protection ipsec profile VPN
service-policy output QoSTunnel
interface GigabitEthernet0/0
description Connected to Satellite Modem
bandwidth 1024
ip address 10.2.9.254 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet0/1
description Connected to L3-Switch
ip address 10.2.5.253 255.255.255.240
ip nbar protocol-discovery
duplex auto
speed auto
service-policy input block-p2p
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 Tunnel0
ip route 1.2.1.1 255.255.255.255 Tunnel0
ip route 10.1.0.0 255.255.224.0 Tunnel0
ip route 10.1.5.240 255.255.255.240 Tunnel0
ip route 10.1.5.254 255.255.255.255 10.1.5.253
on the WCCP configuration L3-2
sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   192.168.0.1
        Protocol Version:                    2.0
    Service Identifier: web-cache
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        4
          Process:                           2
          CEF:                               2
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            2970
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
sh ip wccp int
WCCP interface configuration:
    Vlan6
        Output services: 0
        Input services: 1
        Mcast services: 0
        Exclude In:      FALSE
    Vlan7
        Output services: 0
        Input services: 1
        Mcast services: 0
        Exclude In:      FALSE
    Vlan8
        Output services: 0
        Input services: 1
        Mcast services: 1
        Exclude In:      FALSE
interface Vlan6
ip address 10.1.0.254 255.255.224.0
no ip redirects
ip wccp web-cache redirect in
ip access-list standard wccp_grp_list
permit 10.1.7.253 ## Ironport IP ##
ip access-list extended wccp_redir_list
permit tcp 10.1.0.0 0.0.31.255 any eq www
permit tcp 10.2.0.0 0.0.31.255 any eq www
permit tcp 10.2.1.0 0.0.0.255 any eq www ## VLAN 1 Users ##
permit tcp 10.2.11.0 0.0.0.255 any eq www ## VLAN 200 Users ##
and Static routings on L3-2.
On Ironport.
connected NTLM to Domain server
Service Profile Name:
Service:
Standard service ID: 0 web-cache (destination port 80)
wccp_redir_list
Router ip address: 10.1.7.254
Load Balancing : Allow hash and mask
Forwarding method: Allow GRE or L2
Return method: Allow GRE or L2
Default Route : to Router IP
And configured Guest privileged so if unknown pc will connect it should go through Guest privilege.
Global Authentication Settings
Action if Authentication Service Unavailable:    Block all traffic if authentication fails
Failed Authentication Handling:    Log Guest User by: IP Address
Re-authentication:    Disabled
Basic Authentication Token TTL:    18000
Transparent Proxy Mode Authentication Settings
Credential Encryption:    Disabled
Redirect Hostname:    proxy
Credential Cache Options:    Surrogate Timeout: 3600 seconds
Client IP Idle Timeout: 3600 seconds
Cache Size: 8192 entries
User Session Restrictions:    Disabled
Secure Authentication Certificate:    Common name:    IronPort Appliance Demo Certificate
Organization:    IronPort Systems, Inc.
Organizational Unit:
Country:    US
Expiration Date:
Basic Constraints:    Not Critical
   Enable Identity
Name:
(e.g. my IT policy)
Description:
Insert Above:
Membership Definition
Membership is defined by any combination of the following options. All criteria must be met for the policy to take effect.
Define Members by Subnet:
(examples: 10.1.1.1, 10.1.1.0/24, 10.1.1.1-10)
Define Members by Protocol:
All protocols
HTTP/HTTPS Only
Native FTP Only
Define Members by Authentication:
Select a Realm or Sequence:
Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
If a user fails authentication:     Support Guest privileges
Authorization of specific users and groups is defined in subsequent policy layers
(see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:
IP Address
Persistent Cookie
Session Cookie
Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
Advanced
Use the Advanced options to define or edit membership by proxy port, destination (URL Category), or User Agents.
The following advanced membership criteria have been defined:
Proxy Ports:    None Selected
URL Categories:    None Selected
User Agents:    None Selected
Use: NTLMSSP
Identity Policies: Global Group
Settings for Global Policy
Define Members by Authentication:    Require authentication
Select a Realm or Sequence:    NTLMSSP
Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
If a user fails authentication:     Support Guest privileges
Authorization of specific users and groups is defined in subsequent policy layers
(see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:
IP Address
Persistent Cookie
Session Cookie
Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
But the problem is it is not forwarding Guest privilege and browser stuck when loading .

WSA blocking HTTPS traffic -allowing HTTP

We have two S170 WSA appliances configured as Guest Wi-Fi Internet proxy servers. The local network design is as follows:
WLC5508 (Foreign) >> WLC5508 (Anchor) >> ACE20 Context >> WSA 170 >> FWSM >> Internet
Guest traffic is authenticated via WCS using RADIUS but is disabled for now.
Clients associate to SSID, receive IP address via local DHCP scope on anchor WLC and forward all traffic to DFWG which is ACE20 interface.
ACE20 has specific class-maps for public DNS use and loadbalance policy-map which forwards all other traffic (excluding DNS) to WSA.
HTTP traffic works fine, HTTPS traffic fails. The HTTPS proxy service uses a local self-signed certificate for initial decryption of the session. The browser and WSA negotiates to use TLSv1 then the error below is shown.
Fails
57666018.658 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54930 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
1357666018.760 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54931 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
1357666018.799 0 192.168.244.1 TCP_DENIED_SSL/403 0 GET https://post.packetconsulting.com:443/owa - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 1 cs-auth-group= - c-port= 54931 cs-bytes= 598 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; InfoPath.2; Tablet PC 2.0; MS-RTC LM 8)" cs-referer= - cs-cookie= -
I have seen this error posted before but no resolution. I'm sure this is a config problem, but cannot figure why or where!
Any ideas, thoughts or help would be great...
Cheers

Hi axa,
This is an access policy blocking the SSL traffic based on the TCP_DENIED_SSL / 403. Also I would suspect that you do not have HTTPS proxy enabled which would be required since your not using port 80 for 443 traffic. I would recommend opening a ticket with the WSA Content Security Team.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
Message was edited by: Erik Kaiser

Repeater does not forward data packets

Hello all!
I have following setup:
A root access-point ap1, model AIR-AP1231G-E-K9 with IOS 12.3(8)JEE, is configured with one SSID on VLAN 1 (native) and working fine.
Now I would like to add a 2nd access-point ap2 of the same model with the same IOS version as a repeater to extend the WLAN coverage of the overall network.
I managed to configure the 2nd access-point successfully as repeater (same SSID settings, infrastructure ssid set, parent 1 mac-address set) and it associates successfully with the main root access-point.
Now I observe following effect: As soon I leave the coverage area of the first AP and enter the area of the repeater, the client (iPhone, Laptop or any other WLAN device) associates successfully to the repeater (confirmed with "show dot11 ass" and due to the log entries of the repeater) but the data packets are not forwarded to the main access-point. There is no IP connectivity to the root AP or internet anymore.
Another example which might lead to the solution is following observation:
I have my laptop connected to the wireless network with two console sessions open. In one I run a ping to the first AP, ap1 (10.200.3.5) and in the other console I run a ping to the repeater ap2 (10.200.3.6). Both access-points reply.
Now if I enter the coverage area of the repeater, my laptop gets associated to it and the ping to the first AP ap1 times out.
Again, it looks like that the repeater denies to forward traffic to the main root AP.
I have no clue why this happens, nor are there any log messages available which might explain this issue.
I hope someone can help me finding the problem.
The configuration of the working root access-point ap1 as the repeater ap2 is attached.
Thank you!
Best regards,
Bernhard

You have configured sub-interface on radio interface & not in ethernet interface at Root AP end. change the config like below & see.
dot11 ssid Internet Las 3 Marias
   vlan 1
   authentication open
   authentication key-management wpa
   guest-mode
   infrastructure-ssid
   wpa-psk ascii 7 xxxx
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm tkip
encryption mode ciphers aes-ccm tkip
bridge-group 1
ssid Internet Las 3 Marias
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root access-point
world-mode dot11d country-code US both
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
Here is a reference post for a similar setup (vlan 110 is native vlan though)
http://mrncciew.com/2013/01/20/autonomous-ap-repeater/
Also suggest to configure WPA2/AES (instead of WPA/TKIP), if it is supporting in this AP model, command syntax is like below.
dot11 ssid xx
authentication key-management wpa version 2
int d0
encryption mode ciphers aes-ccm
Let us know how it goes
HTH
Rasika
**** Pls rate all useful responses ****

Force to forward http to proxy

I'm not sure if this makes any sense. I'll ask anyway. I'm trying to forward all of my internal http traffic to proxy. I'm using ASA 5510. Is there anyway I can setup ASA forward all http traffic to proxy server that is sitting on DMZ network? I'm trying to avoid changing configuration on clients side PCs.
thanks.

Hi,
Normally you can use WCCP for this purpose but the ASA only supports this if both the clients and proxy are on the same interface (which won't work in your case.) Better to configure WCCP on a router if you can.
For transparent proxy you normally use WCCP or a layer 4 switch (like the Cisco CSS).
Non-transparent proxy using proxy pac files can offer more flexibility, but the initial setup takes some time.
HTH
Andrew.

WCCP not redirecting users traffic from other subnets

Hello,
I have configured WCCP redirection on ASA for redirecting transparently http and https traffic.
I have configured a service ID 90 that contains 80 and 443 port. The ironport S160 has two interfaces, one for management and the other for data.
The interface used for data is on a different subnet that the inside interface of ASA where it is configured WCCP.
The problem is that the users that are in the same subnet with ironport data interface, their traffic gets redirected, while the traffic of the other users that are not in the same subnet with ironport data interface is not processed correctly from ironport and this users does not have internet access.
Any idea ?
BR,
Ilir

Ilir,
How is this second group of users connected to the ASA? Their outbound traffic has to be going out the "inside" interface also. If they are on another port on the ASA, WCCP won't catch their traffic. i.e. You can't use the DMZ interface on an ASA and point its web traffic at a WSA that lives inside.
Ken

ISE Guest Portal only redirect HTTPS traffic.

I have a wireless deployment consisting of the following:
5760 WLC & ISE 1.2
Am I missing something here
I have 4 similar deployments, and never had these issues:
On Android / Apple devices, the guest portal does not pop up automatically &
On a Windows Laptop only https traffic directs to the guest portal.
Thanx

i think you need to recheck the configuration also check the link for step by step config
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-security/landing_DesignZone_TrustSec.html

Servlet not forwarding a control to the jsp with req dspher

hi ppl,my servlet code is supposed to forward a control to a jsp page so as to display the value in the jsp.but the request dispatcher's forward is not forwarding the control to the jsp page.....here is my servlet code----
// Decompiled by DJ v3.4.4.74 Copyright 2003 Atanas Neshkov Date: 7/4/2003 12:37:00 PM
// Home Page : http://members.fortunecity.com/neshkov/dj.html - Check often for new version!
// Decompiler options: packimports(3)
// Source File Name: BdgtMaster.java
package publicity;
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class BdgtMaster extends HttpServlet
 public synchronized void service(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse)
 throws ServletException, IOException
 Object obj = null;
 String s3 = "";
 String s4 = "";
 out = httpservletresponse.getOutputStream();
 String s = "";
 String s1 = "";
 String s2 = httpservletrequest.getParameter("option");
 s3 = httpservletrequest.getParameter("branch");
 s4 = httpservletrequest.getParameter("publicity_code");
 String s5 = httpservletrequest.getParameter("budget");
 try
 String s6 = "0";
 String s7 = "0";
 String s8 = "INSERT INTO Budget_Master(Branch,Publicity_Code,Budget_Alloted,Work_In_Progress,Amount_Paid) VALUES (?,?,?,?,?)";
 String s9 = "update budget_master set old_budget = budget_alloted where branch='" + s3 + "' and publicity_code=" + s4;
 String s10 = "UPDATE Budget_Master set budget_alloted=" + s5 + " where Branch='" + s3 + "' and publicity_code=" + s4;
 datasource = "jdbc:odbc:budget";
 con = DriverManager.getConnection(datasource);
 int i = con.getTransactionIsolation();
 con.setTransactionIsolation(2);
 con.setAutoCommit(false);
 if("new".equalsIgnoreCase(s2))
 PreparedStatement preparedstatement = con.prepareStatement(s8);
 preparedstatement.setString(1, s3);
 preparedstatement.setString(2, s4);
 preparedstatement.setString(3, s5);
 preparedstatement.setString(4, s7);
 preparedstatement.setString(5, s6);
 preparedstatement.executeUpdate();
 con.commit();
 preparedstatement.close();
 if("update".equalsIgnoreCase(s2))
 Statement statement = con.createStatement();
 statement.executeUpdate(s9);
 statement.executeUpdate(s10);
 con.commit();
 con.setTransactionIsolation(0);
 /*htmlStart(out, "BUDGET MASTER");
 out.println(" <div align=\"left\">");
 out.println("<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"50%\">");
 out.print("<tr>");
 out.println("<td width=\"50%\">Branch </td>");
 out.println("<td width=\"50%\">" + s3 + "</td></tr><tr>");
 out.println("<td width=\"50%\">Budget Alloted </td>");
 out.println("<td width=\"50%\">" + s5 + "</td></tr><tr>");
 out.println("<td width=\"50%\">Publicity Code</td>");
 out.println("<td width=\"50%\">" + s4 + "</td></tr></table></div>");
 htmlEnd(out);
 con.close();
 httpservletrequest.getRequestDispatcher("/pages/serview/BdgM.jsp").forward(httpservletrequest,httpservletresponse);
 catch(SQLException sqlexception)
 cleanUp();
 printSQLException(sqlexception, out);
 out.flush();
 public void init(ServletConfig servletconfig)
 throws ServletException
 super.init(servletconfig);
 try
 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
 return;
 catch(ClassNotFoundException classnotfoundexception)
 log("Couldn't load class sun.jdbc.odbc.JdbcOdbcDriver");
 throw new ServletException(classnotfoundexception.getMessage());
 static void printSQLException(SQLException sqlexception, ServletOutputStream servletoutputstream)
 throws IOException
 servletoutputstream.print("SQLException\n\n\n");
 for(; sqlexception != null; sqlexception = sqlexception.getNextException())
 servletoutputstream.print("SQLState: " + sqlexception.getSQLState() + " \n");
 servletoutputstream.print("Message: " + sqlexception.getMessage() + " \n");
 servletoutputstream.print("Vendor: " + sqlexception.getErrorCode() + " \n");
 private static boolean checkForWarning(SQLWarning sqlwarning)
 throws SQLException
 boolean flag = false;
 if(sqlwarning != null)
 System.out.println("\n *** Warning ***\n");
 flag = true;
 for(; sqlwarning != null; sqlwarning = sqlwarning.getNextWarning())
 System.out.println("SQLState: " + sqlwarning.getSQLState());
 System.out.println("Message: " + sqlwarning.getMessage());
 System.out.println("Vendor: " + sqlwarning.getErrorCode());
 System.out.println("");
 return flag;
 /*void htmlStart(ServletOutputStream servletoutputstream, String s)
 throws IOException
 servletoutputstream.println("<html><head><title>" + s + "</title></head>");
 servletoutputstream.println("<body topmargin=\"0\" leftmargin=\"0\" bgproperties=\"fixed\">");
 servletoutputstream.println("<div align=\"left\"><table border=\"0\" width=\"100%\">");
 servletoutputstream.println("<tr><td width=\"100%\" bgcolor=\"#DFDFFF\">");
 servletoutputstream.println("B u d g e t M a s t e r - D e t a i l s E n t e r e d</td>");
 servletoutputstream.println("</tr></table>");
 void htmlEnd(ServletOutputStream servletoutputstream)
 throws IOException
 servletoutputstream.print("<hr>");
 servletoutputstream.print("</body></html>\n");
 String link(String s, String s1)
 return "<a href=\"" + s + "\">" + s1 + "</a>";
 public String getServletInfo()
 return "Display and SQL manipulate JDBC databases on the server.";
 public void cleanUp()
 throws IOException
 if(con != null)
 try
 out.print("Closing database connection");
 con.setTransactionIsolation(0);
 con.close();
 return;
 catch(SQLException _ex)
 return;
 else
 return;
 public BdgtMaster()
 private Connection con;
 private String datasource;
 private String user;
 private String password;
 private String base;
 private ServletOutputStream out;
plz tell me where im wrong...
regards....a_joseph

Hi,
Sorry to say this but it'd be lot simple if we can avoid cross posting similar Queries.
I'd appriciate if you can continue using with your post
http://forum.java.sun.com/thread.jspa?threadID=5208928
Hope there are no hard issues on this.
REGARDS,
RaHuL

SG200 Switch not forwarding Packet

Hello,
I have a problem with my SG200-08 Switch the switch not fowarding a special Packet.
I try to run a simple Profinet installation for testing on the switch but it didn´t work correct. A special packet (Profinet error message) was not forwarded.
I have tried it with different Profinet masters with Siemens Profinet master it works without of problems. With Rexroth master it dosn´t work. But it is the same packet only another Mac Address.
I have added two Wireshark logs, where I have mirrored the slave and the master port. With the Siemens master all packets are forwarding (every packet is double loged) with the Rexroth master the alarm packet was not forwarding (the alarmpacket is lost between the ports).
With a not managed Switch it is no problem too run both Installations korrekt.
I have tried the Factory devault Settings of the switch and too deaktivate all services of the switch (like Spanning Tree, ..) but it was all the same, the Packet was not forwarded.
Has someone a idea which is the cause of the packet drop?

Hi Ulf, the switch doesn't filter traffic and this particular model doesn't have any special connection controls like ACL.
Features that may be service affecting include-
Spanning tree (portfast, bpdu flood/filter)
Port negotiation (speed/duplex)
Energy efficient ethernet
Bonjour discovery
Storm control (which is disabled by default)
I couldn't think of anything else that may be service affecting. You may disable spanning tree, manually set the port speed, disable EEE and bonjour if you want. However, I don't feel it will resolve your problems but it is worth trying if you feel the switch is the problem. Since the packet is forwarding correctly, it would appear to be a localized system setting.
-Tom
Please mark answered for helpful posts

WRT54GS v6 1.52.5 firm DMZ does not forward

I just flashed the router with the new firmware version. I still can not bypass the firewall to pass packets to my server. I just want to use a pc for a ventrilo server. PC is xp. No firewall, xp firewall is off. Static IP. DMZ is enabled to the IP. It forwards *nothing*. I watched Wireshark on the PC, no broadcast traffic or anything else ftm. I tried port forwarding for 3784 (ven server port) no joy. I have disabled and enabled uPNP. All off: Block Anonymous Internet Requests Filter Multicast Filter Internet NAT Redirection Everything works besides the router passing external requests to the designated IP address. Any advice? Would chatting with a tech help? I'm pretty much out of ideas.

I got it. The hard boot did not work and the new firmware did not work. I reset the router back to it's original config (reset for 10 sec), reboot, made the single change of turning off uPNP, upgraded the new firmware again, then made manual configurations. That made the dmz option forward all traffic. I then disabled dmz and config'ed the port forward parameters. Thanks for your help guys.

Ironport not forwarding HTTPS traffic

Similar Messages

Maybe you are looking for