ISE Wired guest portal redirect even after authentication
Hi
I have configured both Wired and Wireless guest authentication via guest portal. Wireless is working fine, however the when trying with Wired, the redireciton page is keep getting even after user authenticated.
I'm not seen the redirection authorization policy in my logs however I can see only the user authentication logs (successful). Attached is my configuration and logging output.
Here is what I see on the interface
ABQT-3FLR-ACC-01#sh authentication sessions interface gigabitEthernet 4/0/19
Interface: GigabitEthernet4/0/19
MAC Address: a0b3.ccca.2ab1
IP Address: 10.1.3.16
User-Name: A0-B3-CC-CA-2A-B1
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
URL Redirect ACL: ACL-WEBAUTH-REDIRECT
URL Redirect: https://xxxx-TW-ISE-2.xxx.xxx.qa:8443/guestportal/gateway?sessionId=AC14011F000001571E52779F&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC14011F000001571E52779F
Acct Session ID: 0x00000309
Handle: 0xE6000158
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
Here is the ACL
Extended IP access list ACL-WEBAUTH-REDIRECT
10 deny udp any any eq domain (1344 matches)
20 deny ip any host 172.20.5.12 (8122 matches)
30 deny ip any host 172.20.5.14
40 permit tcp any any eq www (3124 matches)
50 permit tcp any any eq 443 (202927 matches)
60 permit tcp any any eq 8080 (114 matches)
70 permit ip any any (8056 matches)
Hi Mohannad,
Thanks for your response.
Actually the as per the configuration it should work, I'm still trying to find out what is what has gone wrong with this configuration. Infact I have tested with 3560 switch with the same config and it worked. only difference here is we used 2960S switch.
We need to find out why the next Auth policy is not hitting once user is authenticated.
Here is the port configuration and the authen status of the port.
ABQT-3FLR-ACC-01#sh running-config interface gig4/0/19
Building configuration...
Current configuration : 427 bytes
interface GigabitEthernet4/0/19
switchport access vlan 103
switchport mode access
switchport voice vlan 135
authentication event fail action next-method
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab webauth
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
end
ABQT-3FLR-ACC-01#
Mar 31 12:32:14.127: %AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type tacacs+ (UNKNOWN)
ABQT-3FLR-ACC-01#
ABQT-3FLR-ACC-01#sh atuh
ABQT-3FLR-ACC-01#sh atu
ABQT-3FLR-ACC-01#sh authe
ABQT-3FLR-ACC-01#sh authentication se
ABQT-3FLR-ACC-01#sh authentication sessions in
ABQT-3FLR-ACC-01#sh authentication sessions interface gi
ABQT-3FLR-ACC-01#sh authentication sessions interface gigabitEthernet 4/0/19
Interface: GigabitEthernet4/0/19
MAC Address: 0015.c5b4.fd4a
IP Address: 10.1.3.23
User-Name: 00-15-C5-B4-FD-4A
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
URL Redirect ACL: ACL-WEBAUTH-REDIRECT
URL Redirect: https://ABQ-TW-ISE-2.abq.gov.qa:8443/guestportal/gateway?sessionId=AC14011F0000018A32B4D906&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC14011F0000018A32B4D906
Acct Session ID: 0x00000394
Handle: 0x3E00018B
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
Similar Messages
-
I've a new ISE Integration, I've implemented captive portal for wireless and wired guests, for Wireless all is working perfect
For Wired I can see that ISE put the url captive on the interface of the switch but from the laptop of windows machine, I'm unable to see the link on browser, please adviceIn the same document you have
Wired NAD Interaction for Central WebAuth
If your client's machine is hard wired to a NAD, the guest service interaction takes the form of a failed MAB request that leads to a guest portal Central WebAuth login.
The Central WebAuth triggered by a MAB failure flow follows these steps:
1. The client connects to the NAD through a hard-wired connection. There is no 802.1X supplicant on the client.
2. An authentication policy with a service type for MAB allows a MAB failure to continue and return a restricted network profile containing a URL-redirect for Central WebAuth user interface.
3. The NAD is configured to post MAB requests to the Cisco ISE RADIUS server.
4. The client machine connects and the NAD initiates a MAB request.
5. The Cisco ISE server processes the MAB request and does not find an end point for the client machine. This MAB failure resolves to the restricted network profile and returns the URL-redirect value in the profile to the NAD in an access-accept. To support this function, ensure that an Authorization Policy exists featuring the appropriate "NetworkAccess:UseCase=Hostlookup" and "Session:Posture Status=Unknown" conditions.
The NAD uses this value to redirect all client HTTP/HTTPS traffic on ports 8080 or 8443 to the URL-redirect value. The standard URL value in this case is:
https://ip:port/guestportal/gateway?sessionId=NetworkSessionId&action=cwa.
6. The client initiates an HTTP or HTTPS request to any URL using the client browser.
7. The NAD redirects the request to the URL-redirect value returned from the initial access-accept.
8. The gateway URL value with action CWA redirects to the guest portal login page.
9. The client enters the username and password and submits the login form.
10. The guest action server authenticates the user credentials provided.
11. If the credentials are valid, the username and password are stored in the local session cache by the guest action server.
12. If the guest portal is configured to perform Client Provisioning, the guest action redirects the client browser to the Client Provisioning URL. (You can also optionally configure the Client Provisioning Resource Policy to feature a "NetworkAccess:UseCase=GuestFlow" condition.)
Since there is no Client Provisioning or Posture Agent for Linux, guest portal redirects to Client Provisioning, which in turn redirects back to a guest authentication servlet to perform optional IP release/renew and then CoA.
13. If the guest portal is not configured to perform Client Provisioning, the guest action server sends a CoA to the NAD through an API call. This CoA will cause the NAD to reauthenticate the client using the RADIUS server. This reauthentication makes use of the user credentials stored in the session cache. A new access-accept is returned to the NAD with the configured network access. If Client Provisioning is not configured and the VLAN is in use, the guest portal performs VLAN IP renew.
14. With redirection to the Client Provisioning URL, the Client Provisioning subsystem downloads a non-persistent web-agent to the client machine and perform posture check of the client machine. (You can optionally configure the Posture Policy with a "NetworkAccess:UseCase=GuestFlow" condition.)
15. If the client machine is non-complaint, ensure you have configured an Authorization Policy that features "NetworkAccess:UseCase=GuestFlow" and "Session:Posture Status=NonCompliant" conditions.
16. Once the client machine is compliant, ensure you have an Authorization policy configured with conditions "NetworkAccess:UseCase=GuestFlow" and "Session:Posture Status=Compliant" conditions), From here, the Client Provisioning issues a CoA to the NAD. This CoA will cause the NAD to reauthenticate the client using the RADIUS server. This reauthentication makes use of the user credentials stored in the session cache. A new access-accept is returned to the NAD with the configured network access. -
WLC - 7.2.110.0
ISE - 1.1.1
I'm new to ISE. I want to set up a very basic method for BYOD users to access our wireless network. I've set up an SSID for external Web Auth, where users get redirected to the ISE Guest Portal: https://1.2.3.4:8443/guestportal/Login.action
At that screen, users can enter their Active Directory credentials and login. Although the authentcation shows as successful under Operations -> Authentications, the user is redirected to the device registration page. On that page they see the message "We are unable to determine access privileges in order to access the network. Please contact your administrator." Their device MAC is listed, and they can enter a description but the "Register" button is greyed out.
I'm getting overwhelmed with the amount of documentation available as well as the new terminology. I'm familiar with using Windows RADIUS servers, but ISE is very foreign to me now. Is there any documentation to help me understand how access requests are processed?As you asked the documents related to ISE and Guest Portal. I am sending you two docs which will help you in this case. Please find the below documents:
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html
http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_guest_pol.pdf -
How do I stop redirects even after selecting the advanced panel
How do I stop redirects even after selecting the advanced panel to warn or not to redirect to another web site?
Go to Edit/Preferences. You'll see the checkbox option to play after render there.
Unfortunately, render applies only to the timeline. There is no way to render clips before you add them to a timeline -- except converting them to DV-AVIs before you bring them into your project. -
Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.
Hi to all,
I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID. The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
Error: Resource not found.
Resource: /guestportal/
Does anyone have any ideas why the portal is doing this?
Thanks
PaulHello,
As you are not able to get the guest portal, then you need to assure the following things:-
1) Ensure that the two Cisco av-pairs that are configured on the authorization profile should exactly match the example below. (Note: Do not replace the "IP" with the actual Cisco ISE IP address.)
–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also defined on the access switch)
2) Ensure that the URL redirection portion of the ACL have been applied to the session by entering the show epm session ip command on the switch. (Where the session IP is the IP address that is passed to the client machine by the DHCP server.)
Admission feature : DOT1X
AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
URL Redirect ACL : ACL-WEBAUTH-REDIRECT
URL Redirect :
https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
0000A45A2444BFC2&action=cpp
3) Ensure that the preposture assessment DACL that is enforced from the Cisco ISE authorization profile contains the following command lines:
remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8906 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
deny ip any any
Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on the switch as follows:
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host 80.0.80.2
permit ip any any
5) Ensure that the http and https servers are running on the switch:
ip http server
ip http secure-server
6) Ensure that, if the client machine employs any kind of personal firewall, it is disabled.
7) Ensure that the client machine browser is not configured to use any proxies.
8) Verify connectivity between the client machine and the Cisco ISE IP address.
9) If Cisco ISE is deployed in a distributed environment, make sure that the client machines are aware of the Policy Service ISE node FQDN.
10) Ensure that the Cisco ISE FQDN is resolved and reachable from the client machine.
11) Or you need to do re-image again. -
5760 v3.6 guest portal redirect to ISE
I'm testing a new set of 5760 controllers for a future production rollout, running software version 3.6. Our current production setup consists of older WISM-1 and 4402 controllers running CUWN 7.0. Our guest network has an anchor in the DMZ, redirecting to ISE.
In the recent thread (https://supportforums.cisco.com/discussion/12319151/3850-ise-guestportal-no-redirect-v-334), one of the posters said that guest redirection in 3.6 works similarly to redirection in CUWN, while in 3.3 it is very different. I found the documentation for 3.3 (http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117717-config-wlc-00.html), which I have to say I don't like very much. However, I find the configuration and command reference guides for 3.6 are less than helpful on this point.
So the question I have is whether guest networking with an external redirect to ISE looks like the following in 3.6? Or does it work like CUWN, where the SSID is configured with layer 3 security? If it uses layer 3 security like CUWN, does anybody have a quick configuration sample for how it can work end to end in 3.6?
------ From the document http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117717-config-wlc-00.html ---------
The flow includes these steps:
The user associates to the web authentication Service Set Identifier (SSID), which is in fact open+macfiltering and no Layer 3 security.
The user opens the browser.
The WLC redirects to the guest portal.
The user authenticates on the portal.
The ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) in order to indicate to the controller that the user is valid, and eventually pushes RADIUS attributes such as the Access Control List (ACL).
The user is prompted to retry the original URL.I have a project with a 5760 running 3.6 working to a 5508 anchor controller in a DMZ.
I have web authentication working to an ISE OK.
Regards
Roger -
ISE Guest Portal redirection not working
I have built a lab at home. I have a Win2008 Server for AD/DNS, ISE 1.2 (VM trial), a 3560-cg switch, 2500 WLC and 2602i AP. I have configured everything as per the documentations online. My issue is that when I connect to the open SSID, it gets connected and has the dns server populated as well, but the redirection never takes place. I can search for google or cnn.com but it just stays at looking up host or something. However, if i take the redirect URL from the WLC and then do it on the browser, it does go to the guest portal. Let me know what issues I can see and if there is any other information I can provide.
Issue resolved.
Since my lab environment didnt have access to the internet and hence dns servers 8.8.8.8 would not resolve any public ips. But when an address is resolvable by a dns then it redirects nicely. For test I created a dns entry on the dns server itself and tested it.
Sent from Cisco Technical Support Android App -
ISE - sponsor guest portal with smartcard authentication
Team, any support for sponsor guest portal authentication with the smartcard?
If not then can someone plese create feature request to Cisco, smartcards are being rolled out more and more.
BilalWe've got it working in our agency. It's front ended by an 5540 ASA that sends the users attributes to ISE and then loops ISE to authenticate via AD. I've got a pretty sweet write up on it from our advanced services rep. The guys are legit when it comes to work around and I just finished testing this with ISE 1.3. If you guys are interested I'll attach it tomorrow.
Attached configuration guide. Note for 1.3 the Sponsor Group Policy has been removed. Just make sure the Sponsor Group is configured and add the store to locate the user. In our case its AD.
If you have questions just PM me and Ill be glad to assist.
-Ryan -
Wired Hotspot portal redirect fails
I'm working on wired guest access from a 2960-X switch stack running 15.0(2)EX4. The ISE 1.3 policy delivers the access-accept with the redirect URL, but the switch doesn't seem to do anything with it. The client can do DNS resolution, so there is web traffic to redirect. What I get is "Connecting". The ISE can be reached directly from the client, so routing and ACL seem to be OK. It also doesn't make any difference whether the name or the IP address of the ISE policy server is used. Anyone else seen this behavior?
Here's the session info as seen by the switch
EF3211# sh auth sess int gi6/0/12
Interface: GigabitEthernet6/0/12
MAC Address: 28d2.440e.5662
IP Address: Unknown
User-Name: 28-D2-44-0E-56-62
Status: Authz Success
Domain: DATA
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 648
URL Redirect ACL: Blackhole
URL Redirect: https://DHISE1P2.hitchcock.org:8445/portal/gateway?sessionId=82bd783e000E38FF552FED1B&portal=59c60952-e443-11e4-a2a2-0050568a6a89&action=cwa&type=drw&token=36c5ae30b39dd01e8a6b9852096a3924
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 82BDF8060004560D109E916F
Acct Session ID: 0x00048CA9
Handle: 0xD800088F
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
The ACL looks like this
Extended IP access list Blackhole
10 permit udp any any eq domain
20 permit tcp any any established
30 permit ip any host 130.189.120.62
40 permit ip any host 130.189.120.63
50 permit icmp any any echo
60 permit icmp any any echo-reply
70 permit udp any eq bootpc any eq bootps
80 deny ip any anyProblem I believe is the Redirect ACL. The ACL isn't used as access control, it's used as a filter to say which traffic is redirected. So you want HTTP and HTTPS traffic to be redirected. Should look more like the following:
deny ip any host <PSN_IP>
permit ip tcp any any eq www 443 8443
deny ip any any
So the Permit is actually saying "redirect this traffic" to ISE for CWA and the deny is saying "dont redirect". The first line is there because there used to be a bug where any traffic towards the ISE box turned into somekind of redirect loop so I've included it just to be sure. -
Hello,
We have some disconfort with Guest web authentication. When WLC redirects a guest user, he views certificate error.
Can I use http instead https for guest portal?
Thanks,
OlegHi,
Is your guest portal on the ISE ? In the ISE , there is only HTTPS port allowed to configure under Guest portal and no option of http port is there , So I dont think so. You also might be using port 8443 in the external web-auth redirection URL under security tab.
Now even if you put a valid certificate on the ISE which hosts external guest portal , still you would receive certificate warning as long as you use local web server of the controller which is its virtual ip address.This is because even if the external web server where page is hosted for example has a valid certificate , even then internal virtual ip address is presented to the client.
So
> either you trust them in your browser so that you dont receive certificate warnings
>or else have a valid certificate on the controller and external web server.
> or use http for web authentication in the controller and also http to external hosted page, then also you can get rid of these certificates.
Regards
Dhiresh -
HTTPS Guest Portal Redirection
Dears,
We have Guest Portal on ISE server, when our guests connect to Guest SSID they automatically redirected to WEB portal
it works only with http websites
if user writes in his browser for example facebook.com or some websites with https redirection doesnt happens
thank youIt's new:) the first version of 8.0.100.0 wasn't great if you ask me. v8.0.110.0 is MR1 and fixes some issues but it's new. I would wait for MR2/3 before going into production unless you really need to go to v8.0. You can always downgrade. You need to make sure your AP's support this code and if you have WCS/NCS/PI and or MSE. Here is the compatibility matrix:
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
-Scott -
ISE Wired Guest + user without supplicant and dynamic vlan change
Hi All,
I have two issues:
Is it still an issue when a wired user who is directed to the ISE CWA, is able to stay authenticated as a guest for as long as they stay connected?
This is happening on our test pilot - a guest with 2 hour access on a wired connection can maintain the guest access for as long as they desire.
I hear that this isnt an issue for wireless, but yet to try this out. Is there a workaround for this?
Secondly my testing confirms that only users with a supplicant eg anyconnect NAM can be dynamically changed into a vlan (only tested on wired).
What I'd hope to do, is create a policy that when wired guest connect in, to dynamically change their vlan to the guest vlan (same one guest WLAN users will use).
Is this possible if the guest doesnt have a supplicant?One of my tasks was to rebuild the multiportal config, and looks like there was an option there to do a VLAN dhcp release and renew. I wont know if this will work until next week but it sounds promising. It was tucked down on the screen so I had to scroll down to find it...
Still dont have an answer about the guest able being able stay authenticated, or does this feature solve this issue as well? Only time will tell.. -
Guest Portal appears again after successful login
I'm setting a Wireless Guest with a WLC 5508 (7.3) and ISE (1.1.2) -- (no anchor).
It appears to work (still some adjustments are required), but I found when the guest user log in, it receives the successful login screen and inmediately the guest portal again. If another browser window or tab is open, the user can browse properly.
I think I'm missing something.Sorry for the delay! Were you able to figure out what was/is causing this? I have done many deployments and never had this issue before, unless something was misconstrued in a custom HTML portal. Couple of more questions:
1. Do you have the latest patch installed
2. Have you tried adding a new portal based on the pre-built templates and try it again -
ISE 3315 Guest Portal on ETH1?
Hi,
the 3315 and other ise appliances have multiple nics.
Is it possible/supported to use eth1 for hosting the guest portal? (wireless LWA)
Tnx,
Bartjrabinow ,
I found this reference:
http://www.cisco.com/en/US/docs/security/ise/1.1/installation_guide/ise_app_e-ports.html
it states that the guest portal services are also listening on the other interfaces..
Could somebody please confirm? -
Dears
i have configured everything right for the Gusset login and everything is going the way i want except one thing that the switch doesn’t force the quest to web directed to the ISE login paged however the ouput of the below command looks perfect and when i copy the url manually it works .. so how can i make it automatically ?
ISE-SWITCH#sh authen se int f0/12
Interface: FastEthernet0/12
MAC Address: c80a.a96a.47b1
IP Address: Unknown
User-Name: C8-0A-A9-6A-47-B1
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
ACS ACL: xACSACLx-IP-CENTRAL_WEB_AUTH-50683952
URL Redirect ACL: ACL-WEBAUTH-REDIRECT
URL Redirect: https://EG1SHQ06.HEIWAY.NET:8443/guestportal/gateway?sessionId=0A8B080600000005001ECF63&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A8B080600000005001ECF63
Acct Session ID: 0x00000007
Handle: 0xD9000005
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
ISE-SWITCH#sh ip access-l
Extended IP access list ACL-WEBAUTH-REDIRECT
10 deny ip any host 10.139.8.216
11 permit tcp any any eq www
12 permit tcp any any eq 443
Extended IP access list Auth-Default-ACL-OPEN
10 permit ip any any (314 matches)
Extended IP access list xACSACLx-IP-CENTRAL_WEB_AUTH-50683952 (per-user)
10 permit udp any any eq domain
20 permit icmp any any
30 permit tcp any any eq www
40 permit tcp any any eq 443
50 permit tcp any host 10.139.8.216 eq 8443i did this changes and even upgraded the switch IOS to 12.2(58)SE2 but no luck ,
any other idea?
ISE-SWITCH#sh ip access-l
Extended IP access list ACL-DEFAULT
10 permit udp any eq bootpc any eq bootps
20 permit udp any any eq domain
30 permit icmp any any
40 permit udp any any eq tftp
50 permit tcp any host 10.139.8.216 eq www
60 permit tcp any host 10.139.8.216 eq 443
70 permit tcp any host 10.139.8.216 eq 8443
80 permit tcp any host 10.139.8.216 eq 8905
90 permit udp any host 10.139.8.216 eq 8905
100 permit udp any host 10.139.8.216 eq 8906
110 permit tcp any host 10.139.8.216 eq 8080
120 permit udp any host 10.139.8.216 eq 9996
130 deny ip any any log
Extended IP access list ACL-POSTURE-REDIRECT
10 deny udp any any eq domain
20 deny udp any host 10.139.8.216 eq 8905
30 deny udp any host 10.139.8.216 eq 8906
40 deny tcp any host 10.139.8.216 eq 8443
50 deny tcp any host 10.139.8.216 eq 8905
60 deny tcp any host 10.1.252.21 eq www
70 permit ip any any
Extended IP access list ACL-WEBAUTH-REDIRECT
10 deny ip any host 10.139.8.216
20 permit tcp any any eq www
30 permit tcp any any eq 443
Extended IP access list Auth-Default-ACL-OPEN
10 permit udp any eq bootpc any eq bootps
20 permit udp any any eq domain
30 permit icmp any any
40 permit udp any any eq tftp
50 permit tcp any host 10.139.8.216 eq www
60 permit tcp any host 10.139.8.216 eq 443
70 permit tcp any host 10.139.8.216 eq 8443
80 permit tcp any host 10.139.8.216 eq 8905
90 permit udp any host 10.139.8.216 eq 8905
100 permit udp any host 10.139.8.216 eq 8906
110 permit tcp any host 10.139.8.216 eq 8080
120 permit udp any host 10.139.8.216 eq 9996
130 deny ip any any
Extended IP access list xACSACLx-IP-CENTRAL_WEB_AUTH-50683952 (per-user)
10 permit udp any any eq domain
20 permit icmp any any
30 permit tcp any any eq www
40 permit tcp any any eq 443
50 permit tcp any host 10.139.8.216 eq 8443
Maybe you are looking for
-
Multiscreen Preview for iPhone Retina Does Not Match iPhone Retina Itself
I am testing a web site built for responsive design. I have posted the site to a test server. When I view the test version of the site on my iPhone 4S with Retina display I get an entirely different layout from Dreamweaver's Multiscreen preview. Mult
-
When trying to burn a DVD it will go through the encoding step and at 98% we see the message 'data rate for this file is too high for DVD. You must replace this file with one of a lower data rate". We need help to correct this so we can complete bu
-
Populate_index -- error
I am new to spatial option and tried to follow the online guid.I created four tables. library_sdolayer, library_sdodim, library_sdogeom, library_sdoindex. Then I inserted data into the first three tables and then I tried to execute the sdo_admin.popu
-
Windows - Airport Utility won't recognize Express plugged into Home stereo.
I am trying to set up the express to stream music to home stereo exclusively. I currently have a NETGEAR 108 Mbps (WGT624 v2) router set up on a Windows XP. Airport Utility won't recognize the device. Any ideas on how to make this thing work while ke
-
when i play a movie, the screen is black and no sound comes out, but it is still playing. What's wrong?