Pcomm over smart tunnel
I wonder if anybody tried to run ibm pcomm application over smart tunnel to connect to the mainframe. It is telnet like software. I am trying to make it work but I think I am missing something. By the way I can RDP to Wintel on the same subnet. It works fine using port forwarding but to confusing for end users. Thank you in advance.
Are you referencing the correct process in the Smart Tunnel list?
Similar Messages
-
Smart Tunnel not working correctly
I have setup Smart Tunnelling on an ASA5505.
Situation is PC ---> Proxy [bluecoat] ---> Internet ---> ASA
I can connect to the front end clientless VPN side ok and I then click on start smart tunnelling. It starts up (at least it says so) but when I access one of the programs in the list (mstsc.exe) the [Tunnel] traffic does not go via the Proxy but tries to go direct instead. Wireshark shows traffic being sent to the ASA VPN IP instead of via the proxy (trace is filtered to ASA subnet). Although encrypted the trace only shows traffic when I start a connection from mstsc.exe.
ASA version is 8.4(3), Java is build 1.6.0_26-b03
Any tips on what maybe going on?Automatic proxy setting or manual? Manual is supported.
-
Why use Non-Interactive Adobe forms over Smart-Forms
Hi,
Is there any advantage of using Adobe over Smart-forms. We do not need Interactive forms. I know this is a new approach which SAP is using, but other than that is there any good reason?better look and fill..
better scope of development.
reusable interfaces
digital signatures.
use of scripting languages. -
Qt applications over ssh tunnel: very slow redrawing
Regularly I do not use many Qt applications, mostly Skype. I run it over ssh tunnel from another computer within the same local network for long time. After recent system update I noticed it became very slow refreshing its graphics. I checked several Gtk and Qt applications and found that Gtk ones work almost with the "native" speed, while Qt ones with that damn slow redrawing...
I tried ssh with both "ForwardX11" and "ForwardX11Trusted" - there is no difference. I'm using no DE with xmonad WM (tried TWM - no difference either) in x86_64 box.
Any directions/advices/ideas?
Thanks!Regularly I do not use many Qt applications, mostly Skype. I run it over ssh tunnel from another computer within the same local network for long time. After recent system update I noticed it became very slow refreshing its graphics. I checked several Gtk and Qt applications and found that Gtk ones work almost with the "native" speed, while Qt ones with that damn slow redrawing...
I tried ssh with both "ForwardX11" and "ForwardX11Trusted" - there is no difference. I'm using no DE with xmonad WM (tried TWM - no difference either) in x86_64 box.
Any directions/advices/ideas?
Thanks! -
Advantage of SAP Script over Smart forms
Hi Friends,
Can you please let me know some ten points on Advantages of SAP Scripts over Smart Forms.
Thanks,
GokulHi Gokul,
Major Differences between smart form and Scripts are
Multiple page formats are possible in smartforms which is not the case of SAP Scripts
It is possible to have a smartform without a main window
Labels cannot be created in smartforms.
Routines can be written in smartforms tool.
Smartforms generates a function module when activated
Background graphics are possible in case of SMARTFORMS
Assigning the font colours to the text are not possible in the case SMARTFORMS.
Creating and maintaining SMARTFORMS requires half the time compared to SAP Scripts
Smart Forms SAP Scripts
1)Form, Text Module, Styles are Form, So10 are
client independent client dependent
2)In a form diff pages can have In a form all pages should
different page formats follow one page format
3)Back ground picture is possible Not Possible
4)Maintenance cost is low Heavy
5)Web publishing is possible Not Possible
using XML
rewards if helpful........................
Regards,
Maha. -
IPsec over GRE tunnel's line protocol is down but able to ping the tunnel destination
>>both routers are located in different countries and connected with ISP
>>IPsec over GRE tunnel is configured on both the routers
>>tunnel's line protocol is down for both the ends but able to reach the tunnel destination with tunnel source
>>Packet is not receiving on the router_1 and but could see packets are getting encrypting on the Router_2
>>ISP is not finding any issue with their end
>>Please guide me how i can fix this issue and what need to be check on this ????
========================
Router_1#sh run int Tunnel20
Building configuration...
Current configuration : 272 bytes
interface Tunnel20
bandwidth 2048
ip address 3.85.129.141 255.255.255.252
ip mtu 1412
ip flow ingress
delay 1
cdp enable
tunnel source GigabitEthernet0/0/3
tunnel destination 109.224.62.26
end
===================
Router_1#sh int Tunnel20
Tunnel20 is up, line protocol is up>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Keepalive is not set
Hardware is Tunnel
Description: *To CRPrgEIQbaghd01 - 2Mb GRE over Shared ISP Gateway*
Internet address is 3.85.129.141/30
MTU 17916 bytes, BW 2048 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 195.27.20.14 (GigabitEthernet0/0/3), destination 109.224.62.26
Tunnel Subblocks:
src-track:
Tunnel20 source tracking subblock associated with GigabitEthernet0/0/3
Set of tunnels with source GigabitEthernet0/0/3, 32 members (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 1w6d, output 14w4d, output hang never
Last clearing of "show interface" counters 2y5w
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1565172427 packets input, 363833090294 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1778491917 packets output, 1555959948508 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
=============================
Router_1#ping 109.224.62.26 re 100 sou 195.27.20.14
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 109.224.62.26, timeout is 2 seconds:
Packet sent with a source address of 195.27.20.14
Success rate is 92 percent (92/100), round-trip min/avg/max = 139/142/162 ms
Router_1#
============================================
Router_1#sh cry ip sa pe 109.224.62.26 | in caps
#pkts encaps: 831987306, #pkts encrypt: 831987306, #pkts digest: 831987306
#pkts decaps: 736012611, #pkts decrypt: 736012611, #pkts verify: 736012611
Router_1#sh clock
15:09:45.421 UTC Thu Dec 25 2014
Router_1#
===================
Router_1#sh cry ip sa pe 109.224.62.26 | in caps
#pkts encaps: 831987339, #pkts encrypt: 831987339, #pkts digest: 831987339
#pkts decaps: 736012611, #pkts decrypt: 736012611, #pkts verify: 736012611>>>>>>>>>>>>>>>>>>>>Traffic is not receiving from Router 2
Router_1#sh clock
15:11:36.476 UTC Thu Dec 25 2014
Router_1#
===================
Router_2#sh run int Tu1
Building configuration...
Current configuration : 269 bytes
interface Tunnel1
bandwidth 2000
ip address 3.85.129.142 255.255.255.252
ip mtu 1412
ip flow ingress
load-interval 30
keepalive 10 3
cdp enable
tunnel source GigabitEthernet0/0
tunnel destination 195.27.20.14
end
Router_2#
=======================
Router_2#sh run | sec cry
crypto isakmp policy 10
authentication pre-share
crypto isakmp key Router_2 address 195.27.20.14
crypto isakmp key Router_2 address 194.9.241.8
crypto ipsec transform-set ge3vpn esp-3des esp-sha-hmac
mode transport
crypto map <Deleted> 10 ipsec-isakmp
set peer 195.27.20.14
set transform-set ge3vpn
match address Router_2
crypto map <Deleted> 20 ipsec-isakmp
set peer 194.9.241.8
set transform-set ge3vpn
match address Router_1
crypto map <Deleted>
Router_2#
====================================
Router_2#sh cry ip sa pe 195.27.20.14 | in caps
#pkts encaps: 737092521, #pkts encrypt: 737092521, #pkts digest: 737092521
#pkts decaps: 828154572, #pkts decrypt: 828154572, #pkts verify: 828154572>>>>>>>>>>>>Traffic is getting encrypting from router 2
Router_2#sh clock
.15:10:33.296 UTC Thu Dec 25 2014
Router_2#
========================
Router_2#sh int Tu1
Tunnel1 is up, line protocol is down>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Down
Hardware is Tunnel
Internet address is 3.85.129.142/30
MTU 17916 bytes, BW 2000 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec), retries 3
Tunnel source 109.224.62.26 (GigabitEthernet0/0), destination 195.27.20.14
Tunnel Subblocks:
src-track:
Tunnel1 source tracking subblock associated with GigabitEthernet0/0
Set of tunnels with source GigabitEthernet0/0, 2 members (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 1w6d, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 14843
Queueing strategy: fifo
Output queue: 0/0 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
1881547260 packets input, 956465296 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1705198723 packets output, 2654132592 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
=============================
Router_2#ping 195.27.20.14 re 100 sou 109.224.62.26
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 195.27.20.14, timeout is 2 seconds:
Packet sent with a source address of 109.224.62.26
Success rate is 94 percent (94/100), round-trip min/avg/max = 136/143/164 ms
Router_2#
=========================Hello.
First of all, try to reset IPSec (clear crypto isakmp sa ..., clear crypto session ...).
Configure inbound ACL on the router to match esp protocol and check if the packets arrive.
Please provide full output "show crypto ipsec sa"
from both sides. -
Hi,
Can any one guide me about the benefits of MPLS over GRE Tunnels. Do this serve the purpose of MPLS (except TE, which is suppose is not possible on GRE Tunnels) as Layer-3 is already involved before Label Switching even starts.
thanx and regards,
Shakeel AhmadI have a problem with MPLS over GRE. When i try to apply a policy to shape the traffic it seems that the default-class dosent see the mpls packets.
Im trying to shape the traffic to 256k but it seems that the shaping never are activated.
Anyone have any idea how to solve this?
Example:
class-map match-all PING
match access-group 171
policy-map class-default
class PING
bandwidth percent 15
policy-map PING
class class-default
shape average 256000
service-policy class-default
INterfacexx
service-policy output PING
access-list 171 permit icmp any any -
Is it possible to use MVR for delivering multicast to customers over dot1q-tunnel interface ?
Can QinQ and MVR work together ?I think the muticast vlan registration shortly termed MVR is not supported in dot1Q tunnelling interface.Because, there is a criteria for configuring MVR.That is, while configuring MVR, receiver ports cannot be trunk ports. Since, do11q is a trunking protocol,I believe MVR can't be transmitted over trunk port, and hence over dot1q tunnel interface.For detailed info on this mvr,
refer to the configuration guidelines sections of mvr at:
http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e8d9.html#xtocid14 -
Dear expert,
Currently I have problem running bridging over GRE tunnel.We are using cisco 3640 but somehow under tunnel 0, the is no 'bridge-group 1' command.We are trying to get the IOS that support the command under tunnel 0 but to no avail.Can someone help me ? Thanks
--ranIt's a hidden command. Even do, you might get a warning messasge stating this is obsolete and unsupported, it still technically a valid configuration. Legacy, but works.
Keep in mind there are better solutions for this kind of connections. But you can try it, it's simple anyways.
Host1---Fa0/0--R1-------------GRE------------R2--Fa0/0---Host2
1. Create a Loopback intf. on both routers and ensure L3 connectivity between them.
2. Create bridge:
router(config)#bridge 1 protocol ieee
3. Create a GRE tunnel interface (dont configure IP's):
router(config)# interface tun0
router(config-if)# tun source loopback x
router(config-if)# tun destination <other router loopback ip>
router(config-if)# bridge-group 1
**This is a hidden cmd. You will get a warning message, but ignore it**
3. Attach Physical Interface to Bridge as well:
router(config)# interface Fa0/0
router(config-if)# bridge-group 1
4. Configure the Hosts IP addresses to be on the same IP Segment and validate communication between them.
You can try this on GNS3 as well. I made a diagram and a brief explanation at another thread, but really don't remember how to get to it.
Once again, this is legacy and there are better ways to achieve this. But for small implementations this is valid and easier. It also helps to understand the newer versions/enhancements to this as well.
HTH -
ASA: Smart Tunnel and proxy problem
Hello
I are having problem that some of my external users that has a proxy setup on theres end can't use the smart tunnel.
They get proxy warning when they click on a bookmark.
If I skipp using Smart tunnel the user can't start the citrix app, get corrupted ica file.
Is it a common problem if so is there a soultion ?
KR
DanielHi Daniel,
"Smart tunnel supports only proxies placed between computers running Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the ASA,
the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services
. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy."
You can get more information from following link:-
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_clientless_ssl.html#wp1321610
HTH!!
Regards,
Naresh -
Smart tunnel used for access other than native application?
Dear all,
i have a question about smart tunnel. my situation is, i need to access to the server on certain IP address that using a port (example : port 5007) that is native for the application. that application is customized application just for my company.
Question is :
1. can i use smart tunnel to access the application for that particular port (ex : port 5007, 8476) ?
2. i have so many grup servers (other than group server A) with so many costumized application with native port . is there any other way for me to access to that IP without using smart tunnel? because this project requirement is
Clientless application access using application/Agent in user's PC, such as RDP, SSH & Native Application and ohers.
Group Server A
IP Port
10.194.24.99
5007, 80, 9593, 9594, 9595
10.194.22.99
82
192.9.1.99
23, 449, 8470, 8476, 9470, 9476, 992
My ASA is 9.1.3 and my ASDM is 7.1.3
Please kindly to help, any reponse i appreciated
source : http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/tunnel.pdfSee http://www.mozilla.org/projects/netlib/PortBanning.html
* http://kb.mozillazine.org/network.security.ports.banned.override -
We have a webpage that uses java, and we are unable to make it work on web vpn on mac os. On the windows side, we added the following to the webvpn smart tunnel and it works:
smart-tunnel list banner WebStart javaws.exe platform windows
smart-tunnel list banner JavaWindows javaw.exe platform windows
Does anyone know the path for mac os x?The VPN client for Mac OS runs on any Power Macintosh or compatible computer with Mac OS Version 7.6 to 9.x, and Open Transport Version 1.1.1 or later.
Have available an application that can translate a BinHex (.hqx) archive, such as StuffIt. Your web browser might perform the translation automatically for you.
http://www.cisco.com/en/US/docs/security/vpn5000/client/windows_mac/client52/user/guide/Install.html#wp1023928 -
Ssl smart tunnel and vmware client
Has anyone gotten the vmware client(for either server or VI) to work using a smart tunnel on webvpn? I set up a smart tunnel for vmware.exe, but it does not seem to connect. I am running 8.0.4. Also, has anyone been able to smart tunnel explorer.exe?
The AnyConnect VPN Client is not compatible with virtualization software, such as VMWare.
-
ASA Smart Tunnel with OS X 10.7
Hello,
I've recently configured SSL VPN on an ASA failover pair running 8.4(2). The smart tunnel policy allows RDP clients (native MS client on Windows, MS Client and CoRD on Mac). Early testing looked good for both Windows and Mac. But then I had a mac user who reported that the "Application Access" button did not display in the navigation pane, and hence they can't get to where to launch Mac smart tunnel applications. The difference between those that worked and the one that doesn't is OS X v10.6 (works), OS X v10.7 (doesn't work).
Doing a little research, I found that JRE isn't installed by default in OS X 10.7, and I found the following link:
http://support.apple.com/kb/DL1421. After installation, and verifying that "enable applet plug-in and Web Start applications" was checked and trying again, the same results. "Application Access" is missing from the navigation bar, and hence smart tunnel apps can't be launched.
Does anyone have an idea on what could be going wrong here?
Thanks!
KurtKurt,
I just found your thread here.
Which browser are you using on the Mac?
I have found that with Mac OS 10.7 (lion) there are issues with the smart tunnel applet with Safari and Chrome
However, it works as expected with Firefox.
I actually get a Safari Web Content crash report when I try to connect with Safari.
I have been monitoring this since 10.7 was released, I haven't opened a ticket with TAC because it appeard to be an Apple / Safari issue since the applet works with Firefox.
I installed the latest Java update for 10.7 today and there was no change in behavior.
I guess it's time to open a TAC ticket. -
i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec
Hi josedilone19
GRE is used when you need to pass Broadcast or multicast traffic. That's the main function of GRE.
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks
However there are some other important aspect to consider:
In contrast to IP-to-IP tunneling, GRE tunneling can transport multicast and IPv6 traffic between networks
GRE tunnels encase multiple protocols over a single-protocol backbone.
GRE tunnels provide workarounds for networks with limited hops.
GRE tunnels connect discontinuous sub-networks.
GRE tunnels allow VPNs across wide area networks (WANs).
-Hope this helps -
Maybe you are looking for
-
how do i transfer photos between my macbook and i phone 5s wireless, how do i transfer photos between my macbook and i phone 5s wireless
-
Spinning circle (not signed in)
Since skype updated to 7.6 something the other day, I have been unable to sign in. I literally star the program and it just shows the spinning circle of dots, doesn't even get to the point where I can put in my log in details. I have been at this sin
-
Having problem with update new os4.3.2 of ipod touch G4
Dear All can anyone help to solve my problem, that i can't update lastest version OS 4.3.2 of Ipod Touch, because now i have problem on screen display by using os4.3 as i have tried many times but i can't get the lastest one. so please give me sugge
-
Device will not show when iTunes is loaded and iPhone is connected
When I connect the iPhone to iTunes the device does not show. So now I can't sync my phone to iTunes. Can anybody help with this please?
-
Data partitioning & Index partitioning
Hi, I have the following questions about implementing ILM on a existing table consisting of millions of rows and with index partitioning... 1) how can data be partitioned when index partitioning exists? 2) what happens to the indexes when the table d