Javascript errors using Checkpoint Mobile Access VPN: Workaround needed
Hi,
We are currently in the process of upgrading from APEX 3.2 to 4.2.1 at our organization. We are done with fixing all applications and tests have been successful so far.
However we are facing one issue when we use applications by passing through a web proxy called Checkpoint Mobile Access VPN. The issue never occured in APEX 3.2 when using this proxy.
Before explaining the issue here is a quick description of how this proxy works. I first authenticate through the proxy's login page. Once authenticated, there is a list of shortcuts I can choose to access our Portal.
From the portal, I then have links to my APEX applications (APEX authentication is done with Oracle Single-sign-on).
The proxy modifies all URLs to something like this:
https://my-proxy-host/axess/Web/pls/apex/f,CVPNHost=my-apex-host,CVPNProtocol=http,CVPNOrg=rel?p=10001:101:2345777452066514
It also modifies HTML content and javascript libraries in order to work with its translated URLs (and maybe for some other reasons which I don't know). In javascript files, it replaces some functions and variables with some of its own.
Now here is the issue. This javascript rewriting causes a syntax error to occur in desktop_all.min.js , more precisely in the code that concerns apex.security . This causes all apex and jquery functions to break.
To investigate deeper, I removed the #APEX_JAVASCRIPT# placeholder in a template and included one by one all the uncompressed libraries that are used by desktop_all.min.js .
This resolved the issue.
After this I tried to include again all the same libraries but in their minified version. I then got the issue back. After searching a bit I realized that the issue is located in security.min.js .
The minified version of the library has a syntax error but the uncompressed version works well.
I analyzed the syntax error and it's caused by the proxy that closes a parenthesis at the wrong place. I've never had this kind of javascript rewriting issue before but the proxy software definitely failed in this case.
I understand that the error is caused by the proxy software and has nothing to do with APEX. However I need to put a workaround in place since we have no choice of using the proxy in many situations.
-Does anyone here ever got or heard about this issue? If yes, did you find a workaround?
-I may have found my own workaround and would like to know your opinion on it:
I took the uncompressed security.js file and minified it with a tool found on internet. The result code is different from the one bundled with APEX.
I then refered to this new file in my template and had no error this time.
What I finally did is edit desktop_all.min.js and replace the line concerning apex.security with my new file. It seems to work quite well.
I know it's not a good approach to overwrite files provided by APEX like this but I would prefer this than including all the dozens of files.
I would like to keep #APEX_JAVASCRIPT# so APEX continues controlling which libraries to include.
What do you think about this? Maybe is there something similar that would be a better approach?
Thanks in advance
Hello
I have similar problem - difference is just in using PPTP instead of VPN client but basicaly it is the same setup.
Simply ip local policy doesn't work when you have some encrypted traffic.
Can you post your configuration for the internet-redirect-rmap route map.
I have tried with match gre protocols and ports 1723 for pptp but it simply doesn't work so I am wondering is this even feasible on cisco router.
Dusan
Similar Messages
-
JavaScript error using UIXML to generate frames
Hello all,
I am trying to use the uix:frameBoderLayout and uix:frame elements to generate an HTML page with frames. I get a Javascript error when running the testFrame.uix in JDeveloper 9.0.3. Both MSIE and Netscape yield the same error.
The JavaScript error is:
JavaScript Error:
http://20.19.205.86:8988/pssWeb-pss-context-root/testFrame.uix,
line 1:
_checkLoad is not defined.
The HTML generated is:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en-US">
<head>
<title>Property Security System Application</title>
<link rel="stylesheet" charset="UTF-8" type="text/css" href="/pssWeb-pss-context-root/cabo/styles/cache/blaf-en-netscape.css">
</head>
<body class="xc" style="background-color:#FFFFE1" onload="_checkLoad(event)" onunload="_checkUnload(event)">
<script src="/pssWeb-pss-context-root/cabo/jsLibs/MarlinCore.js">
</script>
<frameset border="0" rows="100%,*">
<frameset rows="*,0" onresize="if(!frames['_uixJS'].cached){location.reload();}">
<frameset rows="null,*,null">
<frame name="top" marginwidth="5" frameborder="0" marginheight="0" noresize src="topFrame.uix">
<frame name="center" marginwidth="5" frameborder="0" marginheight="0" noresize src="centerFrame.uix">
<frame name="bottom" marginwidth="5" frameborder="0" marginheight="0" noresize src="bottomFrame.uix">
</frameset>
<frame frameborder="0" marginwidth="0" marginheight="0" title="" name="_uixJS" noresize src="/pssWeb-pss-context-root/cabo/jsps/a.jsp?_t=jsCache">
</frameset>
<noframes>
</noframes>
</frameset>
</body>
</html>
<!-- Created by Oracle UIX 2.1.7 -->
_checkLoad is contained in the MarlinCore.js file. That file should be in cabo/jslib/ directory.
Two things strike me odd about the generated HTML code with relation to JavaScript. First, I expect to see JavaScript source files declared in the head portion. Second, the source files is declared after the onload call is made to the _checkLoad function.
The third thing that I can see possibly causing the error is that the MarlinCore.js file is not visible to the server and therefore not delivered to the browser. But I am not certain where to find the files used by the embedded OC4J server.
Is this a bug in 9.0.3?
The uix files follow. All three framed pages (topFrame.uix, centerFrame.uix and bottomFrame.uix) display nicely in the uix preview and run nicely in the embedded OC4J.
testFrame.uix
<?xml version="1.0" encoding="windows-1252"?>
<page xmlns="http://xmlns.oracle.com/uix/controller"
xmlns:ctrl="http://xmlns.oracle.com/uix/controller"
xmlns:html="http://www.w3.org/TR/REC-html40">
<content>
<dataScope xmlns="http://xmlns.oracle.com/uix/ui"
xmlns:data="http://xmlns.oracle.com/uix/ui">
<provider>
<!-- Add DataProviders (<data> elements) here -->
</provider>
<contents>
<document>
<metaContainer>
<!-- Set the page title -->
<head title="Property Security System Application"/>
</metaContainer>
<contents>
<body>
<inlineStyle>
<property name="background-color">#FFFFE1</property>
</inlineStyle>
<contents>
<frameBorderLayout xmlns="http://xmlns.oracle.com/uix/ui">
<top>
<frame name="top" source="topFrame.uix">
</frame>
</top>
<center>
<frame name="center" source="centerFrame.uix">
</frame>
</center>
<bottom>
<frame name="bottom" source="bottomFrame.uix">
</frame>
</bottom>
</frameBorderLayout>
</contents>
</body>
</contents>
</document>
</contents>
</dataScope>
</content>
</page>
topFrame.uix
<?xml version="1.0" encoding="windows-1252"?>
<page xmlns="http://xmlns.oracle.com/uix/controller"
xmlns:ctrl="http://xmlns.oracle.com/uix/controller"
xmlns:html="http://www.w3.org/TR/REC-html40">
<content>
<dataScope xmlns="http://xmlns.oracle.com/uix/ui"
xmlns:data="http://xmlns.oracle.com/uix/ui">
<provider>
<!-- Add DataProviders (<data> elements) here -->
</provider>
<contents>
<document>
<metaContainer>
<!-- Set the page title -->
<head title=""/>
</metaContainer>
<contents>
<pageLayout>
<contents>
<text text ="Top frame"></text>
</contents>
</pageLayout>
</contents>
</document>
</contents>
</dataScope>
</content>
<handlers>
<!-- Add EventHandlers (<event> elements) here -->
</handlers>
</page>
center Frame.uix
<?xml version="1.0" encoding="windows-1252"?>
<page xmlns="http://xmlns.oracle.com/uix/controller"
xmlns:ctrl="http://xmlns.oracle.com/uix/controller"
xmlns:html="http://www.w3.org/TR/REC-html40">
<content>
<dataScope xmlns="http://xmlns.oracle.com/uix/ui"
xmlns:data="http://xmlns.oracle.com/uix/ui">
<provider>
<!-- Add DataProviders (<data> elements) here -->
</provider>
<contents>
<document>
<metaContainer>
<!-- Set the page title -->
<head title=""/>
</metaContainer>
<contents>
<pageLayout>
<contents>
<text text="center frame"></text>
</contents>
</pageLayout>
</contents>
</document>
</contents>
</dataScope>
</content>
<handlers>
<!-- Add EventHandlers (<event> elements) here -->
</handlers>
</page>
bottomFrame.uix
<?xml version="1.0" encoding="windows-1252"?>
<page xmlns="http://xmlns.oracle.com/uix/controller"
xmlns:ctrl="http://xmlns.oracle.com/uix/controller"
xmlns:html="http://www.w3.org/TR/REC-html40">
<content>
<dataScope xmlns="http://xmlns.oracle.com/uix/ui"
xmlns:data="http://xmlns.oracle.com/uix/ui">
<provider>
<!-- Add DataProviders (<data> elements) here -->
</provider>
<contents>
<document>
<metaContainer>
<!-- Set the page title -->
<head title=""/>
</metaContainer>
<contents>
<pageLayout>
<contents>
<text text="bottom frame"></text>
</contents>
</pageLayout>
</contents>
</document>
</contents>
</dataScope>
</content>
<handlers>
<!-- Add EventHandlers (<event> elements) here -->
</handlers>
</page>
Your assistance is appreciated,
BillDid you create the files with JDev 903 preview or JDEV 902? If you created with JDEV 902 and upgraded your project to
903 you need to delete all the files in the cabo directory in your public_html directory. That should get rid of your
javascript errors. -
Javascript Error in EP7 when accessing SRM - Shop iView - SRM5.0
Hi SDN
We are expriencing a problem with our "Shop" iView rendered via EP7. On a PC with the Sun JVM 1.4.2.10, when the Shop iView/Page loads, our users are havong a javascript error in their IE instance. I've started the JVM console and got this description of the error.
--> One funny thing, is that this error is not occuring if we are switching to the MS JVM embedded in IE...
Have you ever had that on your side? What can be done to fix this? We are on SRM 5.0 SP11.
Thanks!
Eric L.
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
Invoking method: public java.lang.String com.sapportals.portal.epcf.DataBag.getObjectType(java.lang.String,java.lang.String)
Needs conversion: java.lang.String --> java.lang.String
Needs conversion: java.lang.String --> java.lang.String
22/08/08 10:12:30 AM INFO
DataBag #0 getObjectType: urn:com.sapportals.portal.SWF2EPCM:DataBag BbpMainDataBag class Null
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
Invoking method: public java.lang.Object com.sapportals.portal.epcf.DataBag.getObject(java.lang.String,java.lang.String)
Needs conversion: java.lang.String --> java.lang.String
Needs conversion: java.lang.String --> java.lang.String
22/08/08 10:12:30 AM INFO
DataBag #0 getObject: urn:com.sapportals.portal.SWF2EPCM:DataBag BbpMainDataBag null
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
Invoking method: public java.lang.String com.sapportals.portal.epcf.DataBag.getObjectType(java.lang.String,java.lang.String)
Needs conversion: java.lang.String --> java.lang.String
Needs conversion: java.lang.String --> java.lang.String
22/08/08 10:12:30 AM INFO
DataBag #0 getObjectType: urn:com.sapportals.portal.SWF2EPCM:DataBag BbpMainDataBag class Null
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
Invoking method: public java.lang.Object com.sapportals.portal.epcf.DataBag.getObject(java.lang.String,java.lang.String)
Needs conversion: java.lang.String --> java.lang.String
Needs conversion: java.lang.String --> java.lang.String
22/08/08 10:12:30 AM INFO
DataBag #0 getObject: urn:com.sapportals.portal.SWF2EPCM:DataBag BbpMainDataBag null
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
Invoking method: public java.lang.String com.sapportals.portal.epcf.DataBag.getObjectType(java.lang.String,java.lang.String)
Needs conversion: java.lang.String --> java.lang.String
Needs conversion: java.lang.String --> java.lang.String
22/08/08 10:12:30 AM INFO
DataBag #0 getObjectType: urn:com.sapportals.portal.SWF2EPCM:DataBag BBP0000.0001.00000000 class Null
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
Invoking method: public java.lang.Object com.sapportals.portal.epcf.DataBag.getObject(java.lang.String,java.lang.String)
Needs conversion: java.lang.String --> java.lang.String
Needs conversion: java.lang.String --> java.lang.String
22/08/08 10:12:30 AM INFO
DataBag #0 getObject: urn:com.sapportals.portal.SWF2EPCM:DataBag BBP0000.0001.00000000 null
Invoking method: public com.sapportals.portal.epcf.IDataBag com.sapportals.portal.epcf.EPCMfactory.getDataBag()
java.lang.ClassCastException
at sun.plugin.com.DispatchImpl.convertParams(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
java.lang.Exception: java.lang.ClassCastException
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
Edited by: Eric Longpré on Aug 27, 2008 9:21 AMI am having almost the same issue. This is what my java console throws "load: class com.sapportals.portal.epcf.EPCMfactory not found."
-
Remote access VPN access across LAN-to-LAN VPN
I have two sites (site 1 & site 2) connected by a LAN-to-LAN VPN. At site 1, users connect with a remote access VPN and need to be able to access resources at site 2.
I started out with same-security-traffic intra-interface configured.
Here is the output from both ASAs:
NM-ASA# show crypto isakmp sa
Active SA: 6
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 6
1 IKE Peer: 3.3.3.3
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
2 IKE Peer: 74.138.171.237
Type : user Role : responder
Rekey : no State : AM_ACTIVE
3 IKE Peer: 96.28.201.133
Type : user Role : responder
Rekey : no State : AM_ACTIVE
4 IKE Peer: 1.1.1.1
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
5 IKE Peer: 74.138.126.195
Type : user Role : responder
Rekey : no State : AM_ACTIVE
6 IKE Peer: 96.28.201.133
Type : user Role : responder
Rekey : no State : AM_ACTIVE
NM-ASA#
NM-ASA# sho crypto ipsec sa
interface: outside
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: 2.2.2.2
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.20.5/255.255.255.255/0/0)
current_peer: 96.28.201.133, username: joneal
dynamic allocated peer ip: 10.1.20.5
#pkts encaps: 50, #pkts encrypt: 50, #pkts digest: 50
#pkts decaps: 33, #pkts decrypt: 33, #pkts verify: 33
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 50, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 96.28.201.133
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 5E0D76C9
inbound esp sas:
spi: 0x969790AD (2526515373)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 315392, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28618
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000003 0xFFFFFFFF
outbound esp sas:
spi: 0x5E0D76C9 (1577940681)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 315392, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28618
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: 2.2.2.2
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.20.6/255.255.255.255/0/0)
current_peer: 96.28.201.133, username: joneal
dynamic allocated peer ip: 10.1.20.6
#pkts encaps: 1368, #pkts encrypt: 1368, #pkts digest: 1368
#pkts decaps: 945, #pkts decrypt: 945, #pkts verify: 945
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1368, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 96.28.201.133
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 968FF103
inbound esp sas:
spi: 0xA49C8920 (2761722144)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 331776, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28703
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x968FF103 (2526015747)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 331776, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28702
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: vpnmap, seq num: 20, local addr: 2.2.2.2
access-list peak10-vpn permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.16.0.0/255.255.255.0/0/0)
current_peer: 3.3.3.3
#pkts encaps: 352, #pkts encrypt: 352, #pkts digest: 352
#pkts decaps: 270, #pkts decrypt: 270, #pkts verify: 270
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 352, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 3.3.3.3
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 773AB6C7
inbound esp sas:
spi: 0xD34E0435 (3545105461)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 303104, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (3914940/28605)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x773AB6C7 (2000336583)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 303104, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (3914941/28605)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: vpnmap, seq num: 20, local addr: 2.2.2.2
access-list peak10-vpn permit ip 192.168.128.0 255.255.224.0 172.16.0.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.128.0/255.255.224.0/0/0)
remote ident (addr/mask/prot/port): (172.16.0.0/255.255.255.0/0/0)
current_peer: 3.3.3.3
#pkts encaps: 26, #pkts encrypt: 26, #pkts digest: 26
#pkts decaps: 24, #pkts decrypt: 24, #pkts verify: 24
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 26, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 3.3.3.3
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 66CD02A3
inbound esp sas:
spi: 0x531B430A (1394295562)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 303104, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (3914990/28666)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x01FFFFFF
outbound esp sas:
spi: 0x66CD02A3 (1724711587)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 303104, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (3914990/28666)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: 2.2.2.2
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.20.7/255.255.255.255/0/0)
current_peer: 74.138.126.195, username: jnord
dynamic allocated peer ip: 10.1.20.7
#pkts encaps: 990, #pkts encrypt: 990, #pkts digest: 990
#pkts decaps: 1429, #pkts decrypt: 1429, #pkts verify: 1429
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 990, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 3
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 74.138.126.195
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 62241B76
inbound esp sas:
spi: 0xB1F2F97B (2985490811)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 327680, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28674
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x62241B76 (1646533494)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 327680, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28674
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: 2.2.2.2
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.20.4/255.255.255.255/0/0)
current_peer: 74.138.171.237, username: cbulmahn
dynamic allocated peer ip: 10.1.20.4
#pkts encaps: 832, #pkts encrypt: 832, #pkts digest: 832
#pkts decaps: 620, #pkts decrypt: 620, #pkts verify: 620
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 832, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 74.138.171.237
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 64CD5FBE
inbound esp sas:
spi: 0xCDFCE528 (3455903016)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 311296, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28613
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x64CD5FBE (1691180990)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 311296, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 28613
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: vpnmap, seq num: 10, local addr: 2.2.2.2
access-list sg-vpn permit ip 192.168.100.0 255.255.255.0 192.168.0.0 255.255.192.0
local ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
current_peer: 1.1.1.1
#pkts encaps: 5228, #pkts encrypt: 5228, #pkts digest: 5228
#pkts decaps: 5246, #pkts decrypt: 5246, #pkts verify: 5246
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 5229, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 3200F1CB
inbound esp sas:
spi: 0x10DEE5CE (283043278)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4373446/28613)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x3200F1CB (838922699)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4373496/28613)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: vpnmap, seq num: 10, local addr: 2.2.2.2
access-list sg-vpn permit ip 192.168.111.0 255.255.255.0 192.168.0.0 255.255.192.0
local ident (addr/mask/prot/port): (192.168.111.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
current_peer: 1.1.1.1
#pkts encaps: 321, #pkts encrypt: 321, #pkts digest: 321
#pkts decaps: 296, #pkts decrypt: 296, #pkts verify: 296
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 321, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: EC77AF32
inbound esp sas:
spi: 0x16C7E578 (382199160)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4373950/28636)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xEC77AF32 (3967266610)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4373936/28636)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: vpnmap, seq num: 10, local addr: 2.2.2.2
access-list sg-vpn permit ip 192.168.112.0 255.255.240.0 192.168.0.0 255.255.192.0
local ident (addr/mask/prot/port): (192.168.112.0/255.255.240.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
current_peer: 1.1.1.1
#pkts encaps: 2910, #pkts encrypt: 2910, #pkts digest: 2910
#pkts decaps: 3794, #pkts decrypt: 3794, #pkts verify: 3794
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 2996, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: EEDD3278
inbound esp sas:
spi: 0x9FAA12E6 (2678723302)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4370659/28610)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xEEDD3278 (4007473784)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4373556/28610)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: vpnmap, seq num: 10, local addr: 2.2.2.2
access-list sg-vpn permit ip 192.168.128.0 255.255.224.0 192.168.0.0 255.255.192.0
local ident (addr/mask/prot/port): (192.168.128.0/255.255.224.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
current_peer: 1.1.1.1
#pkts encaps: 3034, #pkts encrypt: 3034, #pkts digest: 3034
#pkts decaps: 3748, #pkts decrypt: 3748, #pkts verify: 3748
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 3034, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: D1F3CBED
inbound esp sas:
spi: 0x7C688B5D (2087226205)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4370712/28609)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xD1F3CBED (3522415597)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 319488, crypto-map: vpnmap
sa timing: remaining key lifetime (kB/sec): (4373429/28609)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
NM-ASA#
QSRCORPFW# sho crypto isakmp sa
Active SA: 2
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: 3.3.3.3
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
2 IKE Peer: 2.2.2.2
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
QSRCORPFW# sho crypto ipsec sa
interface: WAN
Crypto map tag: outside_map, seq num: 1, local addr: 1.1.1.1
access-list PEAK10VPN permit ip 192.168.0.0 255.255.192.0 172.16.0.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
remote ident (addr/mask/prot/port): (172.16.0.0/255.255.255.0/0/0)
current_peer: 3.3.3.3
#pkts encaps: 2162, #pkts encrypt: 2162, #pkts digest: 2162
#pkts decaps: 1761, #pkts decrypt: 1761, #pkts verify: 1761
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 2162, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 3.3.3.3
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: BDC6A8EE
inbound esp sas:
spi: 0x966B78C0 (2523625664)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6328320, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914547/28485)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xBDC6A8EE (3183913198)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6328320, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914652/28485)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_dyn_map, seq num: 20, local addr: 1.1.1.1
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.10.6/255.255.255.255/0/0)
current_peer: 74.128.145.69, username: administrator
dynamic allocated peer ip: 10.1.10.6
#pkts encaps: 10, #pkts encrypt: 10, #pkts digest: 10
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify: 16
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 10, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 74.128.145.69
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 0ED4D561
inbound esp sas:
spi: 0x70133356 (1880306518)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 6332416, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28521
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x0001FFFF
outbound esp sas:
spi: 0x0ED4D561 (248829281)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 6332416, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28508
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 2, local addr: 1.1.1.1
access-list outside_2_cryptomap permit ip 192.168.0.0 255.255.192.0 192.168.111.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
remote ident (addr/mask/prot/port): (192.168.111.0/255.255.255.0/0/0)
current_peer: 2.2.2.2
#pkts encaps: 350, #pkts encrypt: 350, #pkts digest: 350
#pkts decaps: 379, #pkts decrypt: 379, #pkts verify: 379
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 350, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 2.2.2.2
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 16C7E578
inbound esp sas:
spi: 0xEC77AF32 (3967266610)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914923/28493)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x16C7E578 (382199160)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914939/28493)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 2, local addr: 1.1.1.1
access-list outside_2_cryptomap permit ip 192.168.0.0 255.255.192.0 192.168.112.0 255.255.240.0
local ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
remote ident (addr/mask/prot/port): (192.168.112.0/255.255.240.0/0/0)
current_peer: 2.2.2.2
#pkts encaps: 5270, #pkts encrypt: 5270, #pkts digest: 5270
#pkts decaps: 4314, #pkts decrypt: 4314, #pkts verify: 4314
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 5270, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 2.2.2.2
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 9FAA12E6
inbound esp sas:
spi: 0xEEDD3278 (4007473784)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914358/28463)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x9FAA12E6 (2678723302)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3911355/28463)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 2, local addr: 1.1.1.1
access-list outside_2_cryptomap permit ip 192.168.0.0 255.255.192.0 192.168.100.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
remote ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
current_peer: 2.2.2.2
#pkts encaps: 11323, #pkts encrypt: 11323, #pkts digest: 11323
#pkts decaps: 11262, #pkts decrypt: 11262, #pkts verify: 11262
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 11323, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 2.2.2.2
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 10DEE5CE
inbound esp sas:
spi: 0x3200F1CB (838922699)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914033/28461)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x10DEE5CE (283043278)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3913939/28459)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 2, local addr: 1.1.1.1
access-list outside_2_cryptomap permit ip 192.168.0.0 255.255.192.0 192.168.128.0 255.255.224.0
local ident (addr/mask/prot/port): (192.168.0.0/255.255.192.0/0/0)
remote ident (addr/mask/prot/port): (192.168.128.0/255.255.224.0/0/0)
current_peer: 2.2.2.2
#pkts encaps: 4206, #pkts encrypt: 4206, #pkts digest: 4206
#pkts decaps: 3490, #pkts decrypt: 3490, #pkts verify: 3490
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 4206, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 2.2.2.2
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 7C688B5D
inbound esp sas:
spi: 0xD1F3CBED (3522415597)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914326/28457)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x7C688B5D (2087226205)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 6324224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3911559/28457)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
QSRCORPFW# -
Hi All,
I'm looking to setup a Remote Access VPN via my ASA 5510. The clients will be using Cisco Anyconnect (which I assume is compatible...?) When I use the wizard it only mentions Cisco VPN Client.
When my clients connect up to the ASA via Anyconect, can I get them to just use DHCP via my AD servers or do I need to configure a seperate independent scope specifically for VPN clients?
ThanksHi Grant,
When you configure Remote access VPN , you need to configure a seprated pool of ip address for the vpn user.
Regards,
Bikas R.Pandey. -
Javascript errors when loading ADF app
We are running two ADF applications in a weblogic server with ADF 11.1.2.3 patches. Out of these two applications, users intermittently encounter javascript error using either IE 8, IE 9, or Firefox in http mode at first screen. We only recently started testing https, so we do not know if the error will occur with https – however, it needs to work in both modes. This error sometimes goes away by clearing the cache and sometimes goes away over time. The front page for the two applications are essentially the same. We investigated and diagnosed (through IE developer tool) is that the JS files containing the core ADF JavaScript libraries are not being downloaded completely (this is same for other static files including image files). Also could notice that these incomplete files took a much longer time to download (16ms) when compared to others(<1ms) of same size.
The issue may be related to : https://forums.oracle.com/thread/1558474. as the error messages shown here are almost the same especially those with ADF Javsacript API missing.Can you try restarting the server once. We resolved this issue by restarting the server and clearing and restting the browesr to the defaults.
-
Remote access VPN with ASA 5510 using DHCP server
Hi,
Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
ASA Version 8.2(5)
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface inside
crypto isakmp enable inside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
vpn-addr-assign aaa
vpn-addr-assign dhcp
group-policy testgroup internal
group-policy testgroup attributes
dhcp-network-scope 10.6.192.1
ipsec-udp enable
ipsec-udp-port 10000
username testlay password *********** encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
default-group-policy testgroup
dhcp-server 10.6.20.3
tunnel-group testgroup ipsec-attributes
pre-shared-key *****
I got following output when I test connect to ASA with Cisco VPN client 5.0
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
[OK]
kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT Client Application Version: 5.0.07.0440
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Regards,
LayFor RADIUS you need a aaa-server-definition:
aaa-server NPS-RADIUS protocol radius
aaa-server NPS-RADIUS (inside) host 10.10.18.12
key *****
authentication-port 1812
accounting-port 1813
and tell your tunnel-group to ask that server:
tunnel-group VPN general-attributes
authentication-server-group NPS-RADIUS LOCAL
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Portlet editor's rich text editor gives javascript error 'access denied'
I created a header portlet using the Publisher's published content portlet template. When I try to edit the portlet content using the rich text editor in the portlet editor window, I get a javascript error in the status bar stating 'access denied'. I can't even type into the rich text editor window, it's totally disabled. Not that I see anything in there anyway. I'm logged in as admin. I've gone into the publisher explorer admin portlet and even 'published' the portlet's content, but to no avail. When I try to 'add header portlet' in my experience definition and try to use this portlet, nothing shows up, where the header portlet should be is just collapsed so my banner is just the top bar view bumped right on top of the nav view. (p.s. does anyone know how to take the alui doc's suggestion of 'disabling the topbar view and nav view' so that I can construct what I want entirely in a header portlet? Anyway, first things first, how do I get that access denied message to disappear in my header portlet's rich text editor and how the heck do I get it show up? Help.
There's probably not a developer in the forum that doesn't uncheck that box the moment they rebuild their machine/ennvironment. Changing the format of error messaging is hardly a fix for the error itself. Personally, I'm uploading 'file content items' now. I create the content in notepad and then upload > file content item. Then create a portlet that uses the pre-existing (was installed w/ publisher using their pte) 'published content item' web service. Go into the portlet's settings and associate the portlet w/ the content item you uploaded. Voila.
As far as using their rich text editor to create new content, I personally have no need anymore. However I'm sure our content managers will probably have to soon so I hope our latest installation will accommodate them w/o error, because I've never been aware of an actual fix to this problem. -
I need to emulate several ActiveX functions in my client's web application. I have located several Mozilla web pages that describe how to do the things I need, and I have attempted to implement those instructions. However, I can't seem to get past the first line of code. In my web page, I am calling a JavaScript function using the onLoad attribute of the <body> tag. I am using the Navigator object to determine that the browser is Firefox. I then attempt to access the extension classes using the following code on lines 51 and 52 of the Download.js file:
var C = Components;
var CC = C.classes;
The Web Console gives me these two messages:
[13:51:55.621] The Components object is deprecated. It will soon be removed. @ http://distribution:781/NewDDI/DownLoad.js:51
[13:51:55.621] Error: Permission denied to access property 'classes' @ http://distribution:781/NewDDI/DownLoad.js:52
How do I enable adequate permission to be able to access the Components classes?I think Components is available only in extensions (or otherwise privileged code) and not in ordinary web pages.
-
Javascript error when using ExternalInterface.addCallback with crossdomain swf file
how can i use ExternalInterface.addCallback when using
javascript access from Server A (html) to Server B (swf) ? coz it
showing error?
Server A
192.168.0.10/XXX/example.html
===========
<object
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
id="MGSInsurances1" width="960" height="600"
codebase="
http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab">
<param name="movie" value="
http://192.168.0.22/MGS/flex/MGSInsurances1.swf"
/>
<param name="quality" value="high" />
<param name="bgcolor" value="#869ca7" />
<param name="allowScriptAccess" value="always" />
<embed src="
http://192.168.0.22/MGS/flex/MGSInsurances1.swf"
quality="high" bgcolor="#869ca7"
width="960" height="600" name="MGSInsurances1"
align="middle"
play="true"
loop="false"
quality="high"
allowScriptAccess="always"
type="application/x-shockwave-flash"
pluginspage="
http://www.adobe.com/go/getflashplayer">
</embed>
</object>
<script language="javascript">
window.MGSInsurances1 =
document.getElementById('MGSInsurances1');
</script>
Server B
192.168.0.22/MGS/flex/MGSInsurances1.swf
==================
Security.allowDomain("*");
if(ExternalInterface.available)
ExternalInterface.addCallback("onchange",onchange);
ExternalInterface.addCallback("datachange",datachange);
but javascript Error is showing "Unknown name", how can i fix
it? urgent! somebody know this?i solved it! because i havent restart my server again! No
Error again ! sorry for bothering everybody. -
JavaScript error when using HoverMenu
Hi,
I'm using the HoverMenu with the TreeView in my project. When I call JavaScript methods in my form from the menu I get JavaScript Object Expected errors.
For test I have made a simple DynPage iView (see code below). When I try to call the script reloadTree() from buttons, links, checkbox etc. everything works just fine. Trying to call the same method in the setClientSideScript of a hover menu item I get a JavaScript error: Object expected.
I have tried to add the script method as raw text to the form with no luck. If I use the Document.setHeadRawText the script is inserted in the body and not in the header as described in the documentation.
If I add alert('Some test') directly to the setClientSideScript it works just fine
The code example is from the doProcessBeforeOutput()
Document doc = getDocument();
doc.setHeadRawText("<script>function reloadTree(){alert('Alert inside reloadTree function');}</script>");
myForm.addRawText("<a href="#" onClick="reloadTree()">Test of reloadTree() from a href...</a>");
HoverMenu hover = new HoverMenu("HoverMenu");
hover.setMenuTrigger(com.sapportals.htmlb.enum.HoverMenuTrigger.ONCLICK);
hover.addMenuItem("TEST1", "Test of reloadTree() from hovermenu...").setClientSideScript("reloadTree()");
TextView tv = new TextView("click here to test reloadTree()");
tv.setHoverMenu(hover);
form.addComponent(tv);
Button bt_Refresh = new Button("Button_HiddenRefresh");
bt_Refresh.setText("Test of reloadTree() from button");
bt_Refresh.setOnClientClick("reloadTree()");
form.addComponent(bt_Refresh);
Checkbox cb = new Checkbox("Checkbox");
cb.setText("Test from checkbox");
cb.setDisabled(false);
cb.setChecked(true);
cb.setOnClientClick("reloadTree()");
form.addComponent(cb);
Does anyone know why the HoverMenu item script in setClientSideScript cannot access JavaScript functions in my form ?
Regards
MichaelHi,
I'm using the HoverMenu with the TreeView in my project. When I call JavaScript methods in my form from the menu I get JavaScript Object Expected errors.
For test I have made a simple DynPage iView (see code below). When I try to call the script reloadTree() from buttons, links, checkbox etc. everything works just fine. Trying to call the same method in the setClientSideScript of a hover menu item I get a JavaScript error: Object expected.
I have tried to add the script method as raw text to the form with no luck. If I use the Document.setHeadRawText the script is inserted in the body and not in the header as described in the documentation.
If I add alert('Some test') directly to the setClientSideScript it works just fine
The code example is from the doProcessBeforeOutput()
Document doc = getDocument();
doc.setHeadRawText("<script>function reloadTree(){alert('Alert inside reloadTree function');}</script>");
myForm.addRawText("<a href="#" onClick="reloadTree()">Test of reloadTree() from a href...</a>");
HoverMenu hover = new HoverMenu("HoverMenu");
hover.setMenuTrigger(com.sapportals.htmlb.enum.HoverMenuTrigger.ONCLICK);
hover.addMenuItem("TEST1", "Test of reloadTree() from hovermenu...").setClientSideScript("reloadTree()");
TextView tv = new TextView("click here to test reloadTree()");
tv.setHoverMenu(hover);
form.addComponent(tv);
Button bt_Refresh = new Button("Button_HiddenRefresh");
bt_Refresh.setText("Test of reloadTree() from button");
bt_Refresh.setOnClientClick("reloadTree()");
form.addComponent(bt_Refresh);
Checkbox cb = new Checkbox("Checkbox");
cb.setText("Test from checkbox");
cb.setDisabled(false);
cb.setChecked(true);
cb.setOnClientClick("reloadTree()");
form.addComponent(cb);
Does anyone know why the HoverMenu item script in setClientSideScript cannot access JavaScript functions in my form ?
Regards
Michael -
OAM Error : Enable JavaScript to use OAM Server.
Hi Friends,
I see following script when I try to access a resource protected using OAM in Mozillla and Safari browsers.
<body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript>The same configuration works with IE.
Could you please help me understand if any patch need to be applied to OAM or if I am missing something in the configurations?
Note: We are using OAM 11.1.1.5.0 to protect webcenter 11.1.1.5.0.
Thanks,
Sachin
Edited by: 873687 on Feb 3, 2012 2:54 AMHi,
We had a customer that ran into the same exact issue and symptoms described in this thread. The issues occurred after some upgrades were made to browsers and java. Our customer was using Forms/Reports 11.1.2.1 (11gR2), OAM/OID (11.1.1.5) and mod_osso for the Forms-OAM integration.
The issue was caused by a bug in OAM 11.1.1.5. The problem is when OAM authentication occurs, it does some web directs within it's internal java code. The HTML/JavaScript it tries to execute fails only in Chrome/Firefox. Applying the patch, supposedly fixes that faulty HTML/Javascript generated by OAM.
Oracle Support documents on the issue and bug:
- There is a Oracle Support article describing the issue: 1447194.1
- Oracle Support Bug Number: 13254371
To fix the issue:
- Apply OAM Patch: 13115859. Its a generic patch that will work on any environment type.
- If you use WebGates for your application, check out patch 13453929
I wrote an article on how to install the patch: http://pitss.com/us/2013/04/04/oam-error-enable-javascript-to-use-oam-server/
I hope this helps!
Thank you,
Gavin -
Javascript error on - Help - Learn how to use Numbers with this online...
I am trying to find out more about Numbers. I am using iTunes 9.1.1 on a Vista PC. I get a Javascript error in Internet Explorer 8 when I try to access:
Help - Learn how to use Numbers with this online resource.
http://help.apple.com/numbers/1.0
The link redirects to the following page:
http://help.apple.com/iwork/safari/interface/#tan727163ed
The above page is blank except for boxes for Keynote Help, Pages Help, Numbers help, and a blank input field that seems to do nothing. Here is the Javascript error message from Internet Explorer 8:
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Timestamp: Tue, 1 Jun 2010 20:55:54 UTC
Message: This command is not supported.
Line: 1
Char: 41589
Code: 0
URI: http://help.apple.com/iwork/safari/interface/javascript.jsLink also does not work for me in WIN 7 with IE8. However, it does work in Chrome in WIN 7. It also works in Safari on my G4. Suggest you try Chrome or it may work in another browser like FireFox or Safari in Vista.
-
Javascript error: invalid access to memory location
I have a Popup Key LOV (Displays description, returns key value) in a screen that works great.
Then we were giving a training to use the app.
This one room has 8 computers in it and all get the Javascript error:
Error: invalid access to memory location
after the Popup comes up and then when selecting one of the choices.
The version was 6.0xxxx and other machines are IE 7.0 but we found another machine not in that room that had 6.0xxx and it works fine.
That room may not have had upgrades to OS or ???, ???
Any ideas in what to check?
Thanks BillHello,
And this is a javascript error your getting? I've never seen that one, have you checked in FF it's debug message is better and will help you narrow it down.
Since there your getting inconsistent results between the machines in that room compared to others is some sort of plugins on the machines your using for training? Popup blockers or tracking plugins (seen that in some UI labs).
My other guess is that there might be some js trying to run on the popup before it's opened, but that wouldn't account for the inconsistent results.
Carl -
Can I use my iPad to connect to a Mobile Access Server on a Mac mini ?
I run a small business and am considering setting up an internal network. The online "features" description for Mobile Access Server (a component of Snow Leopard Server) says I can connect remoetley from an iPod or a Mac. The iPad is not mentioned. can I use my iPad to connect to a Mobile Access Server?
Yes. It's the same as connecting from an iPod touch or iPhone.
Logmeinigniton or teamviewer are a few of the apps you can use.
Teamvewer has free app and you can see if it does what you want.
Maybe you are looking for
-
CMS System to create a page on the server
Hi all, I am looking for a way for ColdFusion to create and save an html (or cfml) page generated by a user entering text into a form field on an html template page and submitting the text. I am looking to build an email system to allow the client to
-
Reader XI needs plugin instalation for Portfolios
Recently I got Acrobat Reader XI, and get surprised because now we need to install a flash plugin separately- that will be one more roadblock for Portfolio usage, because there are lots of Reader deployments where user have no admin rights (companies
-
can I burn CD's from my itunes account? Can I transfer the files back to my computer so that I can use windows media player with them?
-
Connecting via airport to Sky broadband
Has anybody had any problems connecting to Sky broadband via their built in airport? When I try to connect my iMac I am unable to do so unless I use a cable direct into the router. The message that I recieve is cannot find PPPoE host. I have tried co
-
Can you assign a Window grab or snapshot (Shift+Command+4) folder?
I am using ShiftCommand4 for capturing a picture of a window or section of the screen. I was wondering if I can select a folder to save the pictures to. Where are the preferences for this feature? Are there preferences? Can you assign a folder or do