Multiple VPN tunnels on Multiple interfaces on PIX

We have a PIX 515 with 5 interfaces in it, I have 2 different ISPs connect to 2 different interfaces on the PIX. I want to create 2 different ipsec tunnels from our office on Toronto. Toronto have 2 different ISPs int there router. How can I create 2 different ipsec tunnels on to different interfaces on a PIX 515?

Thank you for the reply -
So if I had Internet---router---PIX---inside. I have a router for each ISP and then the routers are connected to the PIX. I would then terminate the VPN tunnels on the routers? How would I route the traffic from the inside to the outside for the VPN tunnels?

Similar Messages

Configure a VPN client and Site to Site VPN tunnel

Hi, I'm setting up a test network between 2 sites. SiteA has a 515E PIX and SiteB has a 501 PIX. Both sites have been setup with a site to site VPN tunnel, see SiteA config below. I also require that remote clients using Cisco VPN client 3.6 be able to connect into SiteA, be authenticated, get DHCP info and connect to hosts inside the network. However, when I add these config lines, see below, to SiteA PIX it stops the vpn tunnel to SiteB. However, the client can conect and do as needed so that part of my config is correct but I cannot see why the site to site vpn tunnel is then no longer.
SiteA config with working VPN tunnel to SiteB:
SITE A
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 webdmz security20
enable password xxx
passwd xxx
hostname SiteA-pix
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
no fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 200.x.x.0 SiteA_INT
name 201.x.x.201 SiteA_EXT
name 200.x.x.254 PIX_INT
name 10.10.10.0 SiteB_INT
name 11.x.x.11 SiteB_EXT
access-list inside_outbound_nat0_acl permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list outside_cryptomap_20 permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list acl_inside permit icmp any any
access-list acl_inside permit ip any any
access-list acl_outside permit ip any any
access-list acl_outside permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu webdmz 1500
ip address outside SiteA_EXT 255.x.x.128
ip address inside PIX_INT 255.255.0.0
no ip address webdmz
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
route outside 0.0.0.x.x.0.0 201.201.201.202 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer SiteB_EXT
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key secret address SiteB_EXT netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
SiteA-pix(config)#
Lines I add for Cisco VPN clients is attached
I entered each line one by one and did a reload and sh crypto map all was OK until I entered the crypto map VPNPEER lines.
Anyone any ideas what this can be?
Thanks

Heres my config:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 webdmz security20
enable password xxx
passwd xxx
hostname SiteA-pix
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
no fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 200.x.x.0 SiteA_INT
name 201.x.x.201 SiteA_EXT
name 200.x.x.254 PIX_INT
name 10.10.10.0 SiteB_INT
name 11.11.11.11 SiteB_EXT
access-list inside_outbound_nat0_acl permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list outside_cryptomap_20 permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list acl_inside permit icmp any any
access-list acl_inside permit ip any any
access-list acl_outside permit ip any any
access-list acl_outside permit icmp any any
access-list 80 permit ip SiteA_INT 255.255.0.0 200.220.0.0 255.255.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu webdmz 1500
ip address outside SiteA_EXT 255.255.255.128
ip address inside PIX_INT 255.255.0.0
no ip address webdmz
ip audit info action alarm
ip audit attack action alarm
ip local pool pix_inside 200.x.x.100-200.220.200.150
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
route outside 0.0.0.0 0.0.0.x.x.201.202 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 200.200.200.20 letmein timeout 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set AAADES esp-3des esp-md5-hmac
crypto dynamic-map DYNOMAP 10 match address 80
crypto dynamic-map DYNOMAP 10 set transform-set AAADES
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer SiteB_EXT
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 30 ipsec-isakmp dynamic DYNOMAP
crypto map outside_map client authentication RADIUS
crypto map outside_map interface outside
isakmp enable outside
isakmp key secret address SiteB_EXT netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup Remote address-pool pix_inside
vpngroup Remote dns-server 200.200.200.20
vpngroup Remote wins-server 200.200.200.20
vpngroup Remote default-domain mycorp.co.uk
vpngroup Remote idle-time 1800
vpngroup Remote password password
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
I will attach debug output later today.
Thanks

Include multiple sub-interfaces in Cisco ASA for VPN tunnel

I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
Inside, int0/1 : 10.1.1.0/24
DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
Additional settings:
Have ACL to allow all sub interfaces to access outsite ( lower security level)
NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet.
I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.

I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
Inside, int0/1 : 10.1.1.0/24
DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
Additional settings:
Have ACL to allow all sub interfaces to access outsite ( lower security level)
NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet.
I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.

Multiple Site-Site VPN Tunnel on a Single PiX Firewall

I cureently have a site to site VPN tunnel (VPN1) between HK (Pix ver 6.1(2) & Leeds (ASA version 7.2(2). I am in the process of migrating the VPN tunnel to a newly deployed 10 Mb internet link in Leeds which has a Pix 506E Ver 7.0(2). I have decided to create a 2nd VPN tunnel to HK (VPN2) and will shutdown VPN1 when VPN2 is up.
On the HK PIX I am using the same isakmp policy, transform-set and have created another crypto map for the the new VPN (VPN2).
On passing intersting traffic to establish the new tunnel for the Leeds end, I am gettting the following debugging errors.
Feb 04 15:06:42 [IKEv1]: QM FSM error (P2 struct &0x1b24150, mess id 0x47595d7)!
Feb 04 15:06:42 [IKEv1]: Group = 192.168.0.1, IP = 192.168.0.1, Removing peer from correlator table failed, no match!
Feb 04 15:06:42 [IKEv1]: QM FSM error (P2 struct &0x1b24860, mess id 0x9cafcd4d)!
Feb 04 15:06:42 [IKEv1]: Group = 192.168.0.1, IP = 192.168.0.1, Removing peer from correlator table failed, no match!
sh Feb 04 15:06:47 [IKEv1]: QM FSM error (P2 struct &0x1d085d0, mess id 0x458d4091)!
Feb 04 15:06:47 [IKEv1]: Group = 192.168.0.1, IP = 192.168.0.1, Removing peer from correlator table failed, no match!
sh crypto isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 192.168.0.1
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Site HK - PIX1(192.168.0.1)
crypto ipsec transform-set chevvie esp-des esp-md5-hmac
(crypto map for existing VPN (VPN1)
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer 192.168.0.2
crypto map transam 1 set transform-set chevvie
(New Crpto Map for new VPN (VPN2)
crypto map transam 2 ipsec-isakmp
crypto map transam 2 match address 101
crypto map transam 2 set peer 192.168.0.3
crypto map transam 2 set transform-set chevvie
crypto map transam interface outside
isakmp enable outside
isakmp key ****** address 192.168.0.2 netmask 255.255.255.255
isakmp key ev0lut10n address 192.168.0.3 netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp am-disable
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
Site - Leeds PIX2 (192.168.0.3)
crypto ipsec transform-set ford esp-des esp-md5-hmac
crypto map VPNHK 2 match address outside_crypto_acl
crypto map VPNHK 2 set peer 192.168.0.1
crypto map VPNHK 2 set transform-set ford
crypto map VPNHK interface outside
isakmp identity address
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp am-disable
tunnel-group 192.168.0.1 type ipsec-l2l
tunnel-group 192.168.0.1 ipsec-attributes
pre-shared-key ev0lut10n
sysopt connection permit-ipsec
Your assistance will be grately appreciated.

How could the HK PIX decide which tunnel to use if you apply the same ACL to both? You have to choose a different subnet to Leeds2.
Peter

VPN tunnels for multiple sites

Hi, i am building new vpn tunnels for multple sites using 2 ASR 1004, and 100 remote devices cisco 2800 routers.
I am thinking of using getvpn to do it, am i thinking correct ????? can i use DMVPN ???? what is else there ???
thanks

Is there a need for branch to branch communication? If so, I would go with the DMVPN option using a single tier, dual DMVPN cloud topology which will allow for spoke to spoke communication.
Matt

Which wireless router do I need for multiple VPN tunnels?

I work at home and I connect to my office VPN (SSH Extranet Client) thru cable broadband. I need to have 2 VPN tunnels open as I frequently have my laptop & desktop connected to my work VPN. I've had a BEFSX41 for the past 3 years and it's worked good as it allowed for 2 VPN tunnels. It just died on me a few days ago and I would like to go wireless now. What wireless router(s) would meet my needs? Thanks in advance for any input.Message Edited by nolesworld on 11-27-200606:24 PM
Message Edited by nolesworld on 11-27-200606:38 PM

hi , the WRV200 will be a good choice....supports upto 50 tunnels and has wireless capabilities....

Bandwidth Allocation for a specific VPN Tunnel - PIX 525 7.2(1)

Hello,
I have a PIX with a 10 MB internet connection. This PIX has several L2L VPN Tunnels configured: Tunnel1, Tunnel2...TunnelN. I want to be able guarentee 5Mb of the total 10Mb to a specific VPN Tunnel. Is this possible? I have read the following links, however I believe that the configuration guidelines I'm looking for are a combination of several examples shown here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml#tab4
https://supportforums.cisco.com/docs/DOC-1230
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#cqos
The tunnel is being defined by the following commands:
crypto map prdmay 20 match address vpn_1
crypto map prdmay 20 set peer 61.172.142.222
crypto map prdmay 20 set transform-set TS
access-list vpn_1 extended permit ip 10.14.102.0 255.255.255.0 any
access-list vpn_1 extended permit ip 10.14.101.0 255.255.255.0 any
tunnel-group 61.172.142.222 type ipsec-l2l
tunnel-group 61.172.142.222 ipsec-attributes
pre-shared-key *
Is the following what I need to do in order to accomplish what I want:
priority-queue outside
class-map vpn_5Mb
match access-list vpn_1
match tunnel-group 61.172.142.222
policy-map police-priority-policy
class vpn_5Mb
police output 5120000
service-policy police-priority-policy interface outside
Thank you for your help.

I don't think the ASA will let you match on ACL and tunnel group at the same time.
Just the ACL will do though. The ACL should match local ip addresses (there are usually no-natted for the VPN anyway).
Here is a page with a QoS examples on the ASA for reference https://supportforums.cisco.com/docs/DOC-1230
I hope it helps.
PK

How to use multiple Interfaces for the same BS?

Hi @ ,
Is it possible to have a scenarion where i am using multiple interfaces in the same BS based upon some conditional field in the message.
I amnot able to get the solution I know with condition editor I can have multiple receivers but in my scenarion based upon message fiels i have to decide which BAPI to be used and wht mapping and then post it to the same System
Any help will be highly rewarded
Regards

Hi-
Yes it is possible you can use multimapping for mapping the interfaces.
To know more about multimapping see
http://help.sap.com/saphelp_nw04/helpdata/en/21/6faf35c2d74295a3cb97f6f3ccf43c/content.htm
Some more helpful links
/people/jin.shin/blog/2006/02/07/multi-mapping-without-bpm--yes-it146s-possible

Multiple Interfaces on a single web service URL

we have a scenario where we have a multiple interfaces that are related to SD that needs to be exposed to another system. When we generate the WSDL from XI - it seems we can do only for one interface at a time.
Is there a way - where in we can expose a single URL and treat these interfaces as web methods on that single URL? (similar to .Net or Java)
If yes - how do we do that?
Thanks.

That will not be possible. Instead you have to expose only one interface which takes generic data as input. In the mapping, depending on dat, you should map them to various other interfaces which would definetly make your scenario complex..
In XI each outbound interface is a separate web service (method).
VJ

Single SOAP receiver adapter for multiple interfaces

Hi,
I have to send multiple interfaces like Vendor, Customer, Material to one receiver.
I want to configure only one communication channel (receiver SOAP adapter) to send all these interfaces. Is this possible?
Currently I am provided with different URLs from the receiver system as below.
http://host:port/Services/Vendor.wsdl
http://host:port/Services/customer.wsdl
http://host:port/ServicesMaterial.wsdl
I will be having 3 Sender agreement, 3 receiver determination, 3 interface determination and 3 Receiver agreement.
I want only one SOAP reciever adapter which goes inside all the above 3 Receiver agreement.
So When I give the target url as http://host:port/Services, the messages fail.
But When I specify the full targert url in the adapter as http://host:port/Services/Vendor.wsdl then it works.
Which means I would have to create as many communication channel as interfaces.
Is there a work around for this?

hi kantheri,
For this, we have to fill the TargetURL and the SOAPAction in Receiver Communication channel dynamically.
So, we need to write UDF in Message Mappings using DynamicConfiguration to fill the TargetURL and the SOAPAction Dynamically.
DynamicConfigurationKey keyURL = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP","THeaderSOAPACTION");
DynamicConfigurationKey targetURL=DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP","TServerLocation");
// access dynamic configuration
DynamicConfiguration conf = (DynamicConfiguration) container
.getTransformationParameters()
.get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
conf.put(keyURL,"Soap action");
conf.put(targetURL,"target url");
return "";
In this UDF, we are filling the TargetURL in u201CTServerLocationu201D message attribute and SOAPAction in u201CTHeaderSOAPActionu201D message attribute.
So, whenever we execute this corresponding operation these values will be filled in receiver communication channel at runtime.
TargetURL- Give some dummy URL or http://
SOAPAction - *
regards,
ganesh.

BPM using multiple interface

Hi All,
i have a sceanrio where i have one sender idoc and multiple(5) soap receivers.so i have five interface that have same sender idoc and different soap receiver.Soap is syncronous and sending us the response of that message.
So we have to create a scenario as IDOCSoapRequestSoapResponse---File for each interface
I know it requires BPM to fullfill the condition of multiple interface.Please suggest the BPM design to achive the scenario.
Regards
Laxmi Bhushan

hi Laxmi Bhushan Jha ,
IDOCSoapRequestSoapResponse---File for each interface
As per my knowledge that is poosiable and simple with SOAP Lookup in ESR Mapping
for Soap Lookup:
Webservice Calls From a User Defined Function.
and coming to id:
in receiver determination , we need to define multiple recievers
in interface determiination, we define multiple operation mappings.
thanks,

Single IDOC to Multiple Interface Mapping

We have a requirement in our project where one masterdata IDOC will be sent from a SAP MDM box and will be transformed to a target IDOC and be sent to an SAP SNC box. However, the scenario is that depending on the contents of the IDOC, there can be multiple IDOCs that need to be created. For example, the single MDM IDOC has V1, V2 and V3 values then the IDOCS that should be sent to the SAP SNC box should be three.
The IT head of the customer decided against using Enhanced Interface Determination (since the problem can be easily solved using a 1:n mapping) due to the complexity especially when the solution is rolled out to other regions as each region has it's own logic (currently, the other implementation has only 1:1 mapping so there is no problem). I had developed a 1:n mapping but the resulting map is too big and very complex.
What I tried to do is to create separate mappings for each scenario that an IDOC needs to be generated out of the values from the received IDOC in XI and then define rules in the Interface Determination. Problem is that XI throws an error stating that multiple interfaces are found. So I cannot use Interface Determination to trigger creation of multiple IDOCS of the same type with different values from a single IDOC sent by the same SAP box.
Question is, is there any way to solve this requirement without using Enhanced Receiver Determination. I was thinking of BPM but not really sure how to do it.
Thanks in advance!
Best Regards,
Rommel Mendoza
Hewlett Packard Asia-Pacific, Ltd.

Thanks a lot for that.
For example, We have this input Message:
<ZMATMA>
<IDOC>
 <E1MARAM>
 <E1MARMM>
 <MEINH>IT</MEINH>
 </E1MARMM>
 <E1MARMM>
 <MEINH>CS</MEINH>
 </E1MARMM>
 <E1MARMM>
 <MEINH>SW</MEINH>
 </E1MARMM>
 </E1MARAM>
</IDOC>
</ZMATMA>
then there should be an output of:
<SAVEMULTIPLE204>
<IDOC>
 <BUOM>IT</BUOM>
</IDOC>
</SAVEMULTIPLE204>
<SAVEMULTIPLE204>
<IDOC>
 <BUOM>CS</BUOM>
</IDOC>
</SAVEMULTIPLE204>
<SAVEMULTIPLE204>
<IDOC>
 <BUOM>SW</BUOM>
</IDOC>
</SAVEMULTIPLE204>
The logic is when the MEINH field of the ZMATMA02 IDOC has the values: IT, CS and SW, create one IDOC for each.
Thanks in advance!
Edited by: Rommel Mendoza on Nov 6, 2008 7:30 PM

Idoc to multiple interfaces in XI

Hi,
how can we handle same Idoc ( MATMAS.MATMAS03) sending to multiple interfaces in XI otherthan using multi mapping?
If we develop one scenario now and in future if you want to send same idoc to different systems, do we have to change the existing interface?. Alternatively is it possible to add another interface?. Please clarify.

ok, as it's case 1, I think it's easier.
You have two ways:
1. Inside ID, use your previous Scenario:
=> after that, you will have 1 scenario...
1.1 Create a new Business Process (BPM_2)
1.2 Inside your existing Receiver Determination, add your new BPM_2 as a receiver (use righ-click + "insert above").
1.3 with your triplet "Sender_name + Sender_interface + BPM_2", create your Interface Determination
1.4 As receiver is a BPM, Receiver Agreement is not needed.
Then, you need to configure the step "BPM_2 -> Receiver_2"
1.5 Create a Receiver Determination between your BPM_2 (sender) and your receiver_2.
1.6 create your Interface Determination
1.7 create your Receiver Agreement (receiver adapter)
2. Inside ID, use a new Scenario:
=> after that, you will have 2 scenarios which use the SAME Receiver Determination "Matmas -> Receiver_1 + BPM_2"
2.1 create a new Scenario
2.2 ADD to this scenario your existing Receiver Determination ("Matmas -> Receiver_1").
2.2 do the same steps than "1.1 -> 1.7"
At the end, you will have:
Matmas --> | Receiver_1 => File_1 with single Idoc
 | BPM_2
 BPM_2 --> Receiver_2 => File_2 with collected IDocs
Mickael
Message was edited by: Mickael Huchet

SWIG - C++/Java and multiple interface inheritance - SWIG typemaps

In C++ I have the following. Can someone explain how to use SWIG typemaps to accomplish multiple interface inheritance in Java? I understand there is a javainterfaces typemap built into SWIG however I am such a newb with SWIG I really don't know where to start.
class IRemoteSyncIO
public:
virtual ~IRemoteSyncIO () {}
protected:
IRemoteSyncIO () {}
private:
IRemoteSyncIO (const IRemoteSyncIO&);
IRemoteSyncIO& operator= (const IRemoteSyncIO&);
class IRemoteAsyncIO
public:
virtual ~IRemoteAsyncIO () {}
protected:
IRemoteAsyncIO () {}
private:
IRemoteAsyncIO (const IRemoteAsyncIO&);
IRemoteAsyncIO& operator= (const IRemoteAsyncIO&);
class RemoteMpe : public IRemoteSyncIO, public IRemoteAsyncIO
}Thanks!

Actually now I understand what you mean.... Ok, now I am going to modify the problem slightly and add Interface2 into the picture. The new code is:
interface Interface1<SelfType extends Interface1<SelfType>>
interface Interface2
class Superclass implements Interface1<Superclass>
class Dependant<Type extends Interface1<Type>>
 public static <Type extends Interface1<Type> & Interface2> Dependant<Type> getInstance(Class<Type> c)
 return new Dependant<Type>();
class Subclass extends Superclass implements Interface2
public Subclass()
 Dependant<Subclass> dependant = Dependant.getInstance(Subclass.class);
}Now, previously I could replace:
Dependant<Subclass> dependant = Dependant.getInstance(Subclass.class);
with
Dependant<Superclass> dependant = Dependant.getInstance(Superclass.class);
and it solved the problem, but now that Type must implement Interface2 I cannot.
The reason I added this requirement is that this is actually what is going on in my applicationI had made mistakely omited this detail from the original use-case.
Can you think up of a possible solution to this new use-case?
Thanks,
Gili

Assigning multiple interfaces for Oracle API Gateway (OAG)

We are deploying Oracle API Gateway to throttle our incoming API requests. We would like to keep the incoming external API requests separate from the internal configuration management so that they go through different interfaces when accessing the OAG server. This is mainly for security reasons so that the external people won’t have access to the interface used by internal operations team to manage OAG. Based on your experience, is there any standard best practice to accomplish this? We were thinking to perhaps use two of the server’s network interfaces with different IPs, one for the incoming API requests and the other for the internal admin management of OAG. But not sure if this is the best way to do what we need. We are aware of OAG's capability to support two separate ports to handle this situation, but would like a more secure set-up that could completely eliminate external access to the OAG management done by the IT team.
Would appreciate any thoughts on best practices used regarding multiple interfaces for OAG set-up. Thank you. Oracle Marketing Cloud.

You are on the right track.
Here is how you can achieve this:
You can use multiple network interfaces on the UNIX machine and setup networking/routing in such a way that all external traffic comes on on one card and is routed internally via a different card.
Segregate difference types of services (i.e to be used by external clients vs internal apps) into difference different "Service Groups". Have each of these service groups listen on different port + NIC card (under Listeners, you can define a port to list to list on a specific network address and port instead of *).
Setup additional protection for services that will be accessed by external clients. Use "Threatening Content " filter to protect your services.
Setup 2 way SSL for the interface that will be called by external clients. Setup a DN based authorization check if you want to have both authentication and authorization.
Hope this helps.
-Thanks,
Ankit Kumar

Multiple VPN tunnels on Multiple interfaces on PIX

Similar Messages

Maybe you are looking for