Passive client Behind WGB(WAP121)

Similar Messages

• Problems with Arrowpoint cookies for clients behind a Proxy

  I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
  I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
  Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
  I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
  Thanks

  I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
  Once the CSS has associated a connection with a service, it does not look into the request anymore.
  The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
  Find more info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
  Gilles.

• Client behind NAT

  I have been searching for a solution for this issue with all that google knows......
  I have my client behind NAT with ip 192.168.27.1
  And the server behind NAT with some ip (i am not really worried abt this)
  Now I register a client object to server for notification. SImply a hash table in server stores all my client objects. On a expected change, I invoke a method in my client objects.
  In this scenario I happened to observer that the client objects sent to server had the client ip (192.168.27.1) inside it and not the NAT ip through which they went out.
  So when I went invoke the remote method nothing interestingly happens as the client cannot be located.
  I tried creating custom sockets in client and binding it to NAT ip --> obvious bind exception for a ip that is not with client
  Setting the NAT ip as java.rmi.hostname in client --> no effect, since still the server is trying to notify (192.16827.1)
  Help me to root out this issue. I feel that there must be a solution for this, otherwise RMI it would not have been this much successful.

  Hi turing,
  thanks for your reply
  actually my question is
  "maybe if you try using the "real" ip (www,whatismyip.com)
  your program will work. "
  how to do this in the scenario I explained.
  Most of the discussions I saw in this forum are about server behind NAT and resolution approach for it. I can't find an answer for this even in the post you mentioned.
  Simply,
  When I register a client object in server, how will the server identify the client to notify, when the client is behind NAT.
  Will the ip address that the remote object carries will also be NAT'ed. I don't see this happening.

• Multiple ichat clients behind firewall?

  IS it possible to have multiple ichat clients behind a firewall? I've just bought a macbook pro and would like to purchase two more for ichat functionality. Two of these will be behind one firewall, the other across the country. I can't find any documentation other than how to configure a single ichat client.
  Is it possible? It's ok if we have to purchase an xserve and run some kind of server our end - I just want it to work.
  Message was edited by: paulgami

  Hi paulgami,
  iChat will work behind a firewall or routing device.
  With routing device the easiest method is UPnP which allows the Apps to open the ports and allows multiple computers to use the same ports.
  A device that has Port Triggering can also allow multiple computers to use the same ports.
  If you mean that you want the Bonjour side or even the Jabber side (in the iChat Server in OS X serve) to be in the same Network you will have to look to setting up VPNs (virtual Private Networks) to cover the distances you are talking about.
  It may be just semantics but it helps if we know which bit of iChat you are talking about.
  Tiger 10.4.x OS X Serve has an Jabber Server that can be used with the Jabber side of iChat (iChat 3.x)
  Each computer already has the iChat Client.
  There are also Public Jabber servers including Googletalk to use with the Jabber side of iChat.
  The Main Buddy list obviously uses the AIM service and again this can be world wide.
  iChat also has the Bonjour side. This can find any other Mac on the same network. It uses the user's Address Book to broadcast a Screen Name for the other iChat clients (separate buddy List)
  Possibly start here
  http://www.ralphjohnsuk.dsl.pipex.com/index.html
  Just getting started ?
  http://www.siriusaddict.com/ichat.html
  Collaboration Services Forum in OS XServer
  http://discussions.apple.com/forum.jspa?forumID=700
  8:44 PM Monday; August 13, 2007

• SSID with Passive Client Enabled Problem - WLC2106

  Hello,
  In my environment i have this topology :
  WLC                                                                 ~~~~~~|Another Vendor Client Radio doing Bridge|----Camera
     |                         |----RAP-1552E~~~~~~~MAP-1552E~~~~~|Another Vendor Client Radio doing Bridge|------|Camera|
     |----------Switch-----|                                            
  |---| Ethernet
  |~~~| Wireless
  The WLC is one 2106 WLC with version 7.0.240.0.
  All clients are in the same broadcast domain, the camera/another vendor client and the RAP and MAPs, the another vendor is connecting in SSID LAB, when i connect some notebook in the SSID LAB i can't reach camera.
  I tried to segmenting this networking putting the SSID-LAB2 broadcasted from RAP and MAP to another network and connecting my notebook in the SSID LAB2 and i have problems to access camera too. The routing is OK.
  I put my notebook in the switch in the same broadcast domain or in another broadcast domain and i could access the camera without problem.
  I'm having these problems only when i have the clients connected in wireless.
  I enabled multicast in the controller and passive-client, because i wasn't reaching the camera without this configuration enabled, now i can access but i'm having these problems.
  Thank You.

  I don't know what else you can do here. There are some wireless Ethernet bridges I have tested that work okay and others that just doesn't. Seems like the one that I use, a Buffalo Ethernet converter needs to be rebooted every so often. Others just don't work. Have you tried opening a TAC case?
  Sent from Cisco Technical Support iPhone App

• FTP-client behind RRAS - unable to connect to external FTP servers

  FTP-client behind RRAS - unable to connect to external FTP servers
  A small network (10-20PCs) without any segmentation - one LAN with one Gateway.
  1. If the Gateway is some small hardware device, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  2. If the Gateway is Win2003+RRAS+NAT or Win2003+ISA2005, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  3. But if the gateway is Win2008+RAS+NAT or Win2012+RRAS+NAT, the computers in the LAN are not able to connect to Internet FTP-servers
  I made a few tests:
  1. On Win2012+RRAS+NAT
  TurnOff Windows Firewall for All profiles (Domain, Private, Public) - the problem disappears, it it possible to connect to external Internet FTP-servers.
  2. On Win2012+RRAS+NAT
  TurnOff Windows Firewall only for Domain profile - the problem disappears, it it possible to connect to Internet FTP-servers.
  3. On Win2012+RRAS+NAT
  TurnOn Windows Firewall for All profiles (Domain, Private, Public)
  But I excluded the Internal NIC in this list
  Windows Firewall / Properties / Domain Profile / Protected network connections 
  and the problem disappears again
  My question is:
  What new Firewall rule  I have to make and where to place it (to be able to make FTP-connection from LAN to Internet FTP-servers)?
  I made some attempts to allow port21, but any success.

  Thank you, but did you try this ? 
  Can you describe in detail "exclusion rule for FTP traffic" ?!
  In my previous post, I want to say that if you use Win 2008/2012 RAS+NAT as a network gateway, than it is not possible to make FTP-connections to external FTP servers from the computers behind that gateway.
  And the standard attempts to make "Allow"-rules for port 21 in the gateway firewall (Win 2008/2012), do not solve the problem.
  No matter which FTP-client you can try to use.
  To see this problem, just make few simple tests: 
  ">telnet <ftp-server> 21" 
  with firewall on/off  and inbound/outbound "Allow port 21 rule (All/Domain/Private/Public)"
  In my country, the Government Tax Department uses FTP-protocol to collect monthly data from companies. 
  And it is too stupid scenario (to be a small company and to) upgrade from Win 2003 to a newer 2008/2012 and than to not be able to make all your jobs.
  -------EDIT---------
  The same problem (and its solution) is described here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c68aed6-e22b-4cd4-86bd-f3c767e88349/advanced-firewall-blocking-through-ftp-traffic-rras
  The magic command:
  ">netsh routing ip nat delete ftp"
  solved the problem for me.
  And here is the description of this command - "Disables the FTP proxy on the NAT server."
  http://technet.microsoft.com/en-us/library/cc754535(v=ws.10).aspx#BKMK_106

• Contivity vpn client behind router with easy server

  Hi, I've seen this argument before, but without an effective solution.
  I have a contivity client behind a 857 cisco router. This client needs to connect to a remote VPN server.
  With NAT enable and easy VPN server disable all works fine.
  When I enable easy VPN server on the 857 (I need to connect several dial-up cisco vpn client from outside to this office) the contivity client can't connect anymore to the remote vpn server and hang up with the famous "bannet text" error.
  I think that because the external interface of the 857 is waiting for cisco vpn client to connect, it intercepts also the data from the remote contivity vpn server, not forwarding to the client inside the LAN.
  If there is a way to "passthrough" the contivity connection data to the internal client it would be very nice.
  Many thanks, Stefano.

  Hi, I found a possible solution. At this page
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
  this is the interesting part:
  !--- Dynamic crypto map.
  crypto dynamic-map dynmap 1
  set transform-set foo
  match address 199
  access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 199 permit ip host 172.16.142.191 192.168.1.0 0.0.0.255
  I try to put the contivity vpn client to another subnet (192.168.3.10) but the easy vpn server still intercepts its encrypted data.
  Salutes.

• RMI Clients behind firewall

  When the RMI client behind firewall tries to access the server the following error is thrown up:
  java.rmi.ConnectIOException: Exception creating connection to: 10.130.12.128; ne
  sted exception is:
  java.net.NoRouteToHostException: Operation timed out: no further informa
  tion
  java.net.NoRouteToHostException: Operation timed out: no further information
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(Unknown Source)
  at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
  at java.net.PlainSocketImpl.connect(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
  at sun.rmi.server.UnicastRef.invoke(Unknown Source)
  at RMIFaxServer_Stub.getResult(Unknown Source)
  at FaxTest.main(FaxTest.java:51)

  your client is behind the firewall but the server you're trying to access has an address 10.x.x.x which says that it too is behind a firewall and not on the Internet, or is the server in a DMZ. It sounds more like a networking issue than a java problem at this point. If the server is on some side of a firewall, you may need a some sort of "permit established" config setting added to the firewall. Just a thought.

• CSCuh46996 - Clients behind 3rd party WGB fail DHCP post upgrade from 7.0.116.0

                     Has software version 7.6(1.70) been made available to the public?
  Downloads Home
  Products
  Wireless
  Wireless LAN Controller
  Standalone Controllers
  Cisco 5500 Series Wireless Controllers
  Cisco 5508 Wireless Controller
  Wireless LAN Controller Software
  only has release 7.4.110.0 ED available

  The following entry may indicate a failing harddrive, so doing backups and replacing the harddrive may be in order.
  Disk Information:
            TOSHIBA MK7559GSXF disk0 : (750,16 GB)
            S.M.A.R.T. Status: Failing                                  <-----------
  A little bit about drive S.M.A.R.T. status:
  "The most basic information that SMART provides is the SMART status. It provides only two values: "threshold not exceeded" and "threshold exceeded". Often these are represented as "drive OK" or "drive fail" respectively. A "threshold exceeded" value is intended to indicate that there is a relatively high probability that the drive will not be able to honor its specification in the future: that is, the drive is "about to fail". The predicted failure may be catastrophic or may be something as subtle as the inability to write to certain sectors, or perhaps slower performance than the manufacturer's declared minimum."
  http://en.wikipedia.org/wiki/S.M.A.R.T.

• Lync Client Behind A Proxy

  Can anyone confirm if the Lync client can be configured to route traffic via a proxy, or to use the proxy settings defined in IE?
  I have the following scenario...
  The environment is heavily locked down, and PC's only have access to the Internet via a defined IE proxy.  Internal IM, presence and communication all work fine.  We have configured federation with some remote organizations.  IM and presence
  works fine to these orgs, but when any A/V or application sharing is attempted, the media fails.  I can see from traces this is when the client tries (and fails) to access the A/V edge of the remote federated parties edge server.
  I've looked at the Lync settings, reg settings, group policy ADM and documentation, and cant find anything to a) confirm if this behavior is correct or b) any way to work around it.
  There must be other Lync implementations in hardened environments like this.  Opening up outbound ports is out of the question, so what other options do i have?
  Dave

  Jay, you missed the key word in my last post "internally".  Functionally, everything about the edge server is working fine.  Clients can login internally and externally.  Media flows from internal to external clients is fine.  All SIP/AV/WEBCON
  DNS entries are fine in public DNS along with supporting SRV records.  These interfaces are Nat'd and the AV address is correctly assigned.
  My problem only occurs when an AV session is attempted with a federated partner...
  When any AV or sharing is attempted, from the internal network, to the federated partner, i can see the Lync client attempting to make connections out to the remote federated partners AV edge (something which it will never be able to do as it's behind a
  proxy with no direct Internet access).  This is what I'm trying to address.
  Should the SIP/AV/WEBCON address exist INTERNALLY
  on the corporate DNS servers for internal clients to resolve?  Is this what i have missed?
  Is there anyway to instruct the Lync client to route traffic bound for the Internet via a proxy?
  Surely there must be someone else with this scenario in a locked down environment?

• Tta_printer with linux client behind router

  hi,
  what do have i to do, to print to my Linux Client! The Client is behind a firewall!
  if i print a job, the job hangs on the tarantella server!
  Applikation Server: SuSE 9.3
  Tarantella Server:SLES10
  Client: openSuSE 10.2
  Router also linux!! ;-)

  if your client is behind a firewall then you probably want to use firewall traversal. If your app server is behind a firewall then you need to open 515 (lpr) or 631 (CUPS). If you are using Windows printing, then you just need the RDP port open (3389).

• Active/passive servers behind CSS

  Hi,
  I have 2 servers behind CSS, instead of doing load lancing , we need to work both servers as active/passive mode, mean if active server down then only second sever will serve.We can not move servers from behind css.
  Please advice if this can be possible.
  Regards,

  you will need to use the "sorry server" feature in CSS to acheive that
  Sample Config
  !********* SERVICE *****************
  service serverA
  ip address x.x.x.1
  active
  service serverB
  ip address x.x.x.2
  active
  !********** OWNER ****************
  owner SYED
  content EXAMPLE
  vip address 1.1.1.1
  port 80
  protocol tcp
  add service serverA
  primarySorryServer ServerB
  active
  HTH
  Syed Iftekhar Ahmed

• Connecting to DirectAccess server from a client behind proxy with authentication

  Hi,
  All our DA clients are working fine except those that are working from a client company where a proxy with authentication is used.
  Our DA server is running Windows server 2012 and clients are running Windows 7.
  I have found similar posts, where it states it is a known issue and it is fixed by a new feature in Windows 2012, however i cannot find more info:
  http://technet.microsoft.com/en-us/library/hh831416.aspx
  IP-HTTPS runs in a system context rather than a user context. This context can cause connection issues. For example, if a DirectAccess
  client computer is located in the network of a partner company that uses a proxy for Internet access, and WPAD auto detection is not used, the user must manually configure proxy settings in order to access the Internet. These settings are configured in Internet
  Explorer on a per user basis, and cannot be retrieved in an intuitive way on behalf of IP-HTTPS. In addition, if the proxy requires authentication, the client provides credentials for Internet access, but IP-HTTPS will not provide the credentials required
  to authenticate to DirectAccess. In Windows Server 2012, a new feature solves these issues. Specifically, the user can configure IP-HTTPS to work when behind a proxy that is not configured using WPAD and IP-HTTPS will request and provide the proxy credentials
  needed to IP-HTTPS request authenticated, and relay it to the DirectAccess server.

  Hello,
  As far as I know it's a feature of Windows 2012 URA with a Windows 8 client.
  Unfortunatelly you will have trouble with proxy authentication with Windows 7 client I think
  Regards,
  Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
  http://security.sakuranohana.fr/

• Vpn client behind VPN router

  I have a customer running Cisco VPN client 5,0xx on a network behind a Cisco ASA 5505 router set up as a VPN server. He can connect to the remote (external) network, but cannot browse the remote network. Are there any special settings needed on the ASA 5505 to allow vpn client traffic through?

  Maybe you need to enable Nat-traversal on your VPN Headend device.
  Crypto isakmp Nat-t
  HTH
  Saju

• Java chat client behind the proxy or fire wall

  i am developing the chat application useing java.net.*.but i am not able to get connectivity behind the firewall or proxy on the java client.pls help me out

  to guarantee easy to use, no problem chat applet then you will need to have the chat server running on port 80 and the client use http request/response system
  first problem is that the applet will have to have been delivered from port 80 on the same ip# so you will either have to use Servlets or write your own web server with chat facilities
  you will need to maitain persistent/ pseudo persistent http connections for the server to deliver messages to clients, you can assume that a connection will remain open for ~ 5 minutes after a request from the client
  use HTTP/1.1 for reliable Connection: keep-alive and request/response pipelining
  with all that in place your client method is...
  register and send GET /chat <wait for upto 5 mins>
  if there is client activity send POST/chat <wait for upto 5 mins>
  if the above waits timeout send GET/chat <wait for upto 5mins>
  server method...
  accept GET/POST requests from client
  if there is chat to deliver, reply to most recent request from client
  if you recive another request before the previous one's reply is used, send a No Content reply to the previous request