Pcomm over smart tunnel

I wonder if anybody tried to run ibm pcomm application over smart tunnel to connect to the mainframe. It is telnet like software. I am trying to make it work but I think I am missing something. By the way I can RDP to Wintel on the same subnet. It works fine using port forwarding but to confusing for end users. Thank you in advance.

Are you referencing the correct process in the Smart Tunnel list?

Similar Messages

  • Smart Tunnel not working correctly

    I have setup Smart Tunnelling on an ASA5505.
    Situation is PC --->  Proxy [bluecoat] ---> Internet ---> ASA
    I can connect to the front end clientless VPN side ok and I then click on start smart tunnelling.  It starts up (at least it says so) but when I access one of the programs in the list (mstsc.exe) the [Tunnel] traffic does not go via the Proxy but tries to go direct instead.  Wireshark shows traffic being sent to the ASA VPN IP instead of via the proxy (trace is filtered to ASA subnet).  Although encrypted the trace only shows traffic when I start a connection from mstsc.exe.
    ASA version is 8.4(3), Java is build 1.6.0_26-b03
    Any tips on what maybe going on?

    Automatic proxy setting or manual? Manual is supported.

  • Why use Non-Interactive Adobe forms over Smart-Forms

    Hi,
       Is there any advantage of using Adobe over Smart-forms. We do not need Interactive forms. I know this is a new approach which SAP is using, but other than that is there any good reason?

    better look and fill..
    better scope of development.
    reusable interfaces
    digital signatures.
    use of scripting languages.

  • Qt applications over ssh tunnel: very slow redrawing

    Regularly I do not use many Qt applications, mostly Skype. I run it over ssh tunnel from another computer within the same local network for long time. After recent system update I noticed it became very slow refreshing its graphics. I checked several Gtk and Qt applications and found that Gtk ones work almost with the "native" speed, while Qt ones with that damn slow redrawing...
    I tried ssh with both "ForwardX11" and "ForwardX11Trusted" - there is no difference. I'm using no DE with xmonad WM (tried TWM - no difference either) in x86_64 box.
    Any directions/advices/ideas?
    Thanks!

    Regularly I do not use many Qt applications, mostly Skype. I run it over ssh tunnel from another computer within the same local network for long time. After recent system update I noticed it became very slow refreshing its graphics. I checked several Gtk and Qt applications and found that Gtk ones work almost with the "native" speed, while Qt ones with that damn slow redrawing...
    I tried ssh with both "ForwardX11" and "ForwardX11Trusted" - there is no difference. I'm using no DE with xmonad WM (tried TWM - no difference either) in x86_64 box.
    Any directions/advices/ideas?
    Thanks!

  • Advantage of SAP Script over Smart forms

    Hi Friends,
    Can you please let me know some ten points on Advantages of SAP Scripts over Smart Forms.
    Thanks,
    Gokul

    Hi Gokul,
    Major Differences between smart form and Scripts are
    Multiple page formats are possible in smartforms which is not the case of SAP Scripts
    It is possible to have a smartform without a main window
    Labels cannot be created in smartforms.
    Routines can be written in smartforms tool.
    Smartforms generates a function module when activated
    Background graphics are possible in case of SMARTFORMS
    Assigning the font colours to the text are not possible in the case SMARTFORMS.
    Creating and maintaining SMARTFORMS requires half the time compared to SAP Scripts
    Smart Forms                                           SAP Scripts
    1)Form, Text Module, Styles are          Form, So10 are
    client independent                             client dependent
    2)In a form diff pages can have         In a form all pages should
    different page formats                      follow one page format
    3)Back ground picture is possible     Not Possible
    4)Maintenance cost is low                Heavy
    5)Web publishing is possible             Not Possible
      using XML
    rewards if helpful........................
    Regards,
    Maha.

  • IPsec over GRE tunnel's line protocol is down but able to ping the tunnel destination

    >>both routers are located in different countries and connected with ISP
    >>IPsec over GRE tunnel is configured on both the routers 
    >>tunnel's line protocol is down for both the ends but able to reach the tunnel destination with tunnel source
    >>Packet is not receiving on the router_1 and but could see packets are getting encrypting on the Router_2
    >>ISP is not finding any issue with their end 
    >>Please guide me how i can fix this issue and what need to be check on this ????
    ========================
    Router_1#sh run int Tunnel20
    Building configuration...
    Current configuration : 272 bytes
    interface Tunnel20
     bandwidth 2048
     ip address 3.85.129.141 255.255.255.252
     ip mtu 1412
     ip flow ingress
     delay 1
     cdp enable
     tunnel source GigabitEthernet0/0/3
     tunnel destination 109.224.62.26
    end
    ===================
    Router_1#sh int Tunnel20
    Tunnel20 is up, line protocol is up>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Keepalive is not set
      Hardware is Tunnel
      Description: *To CRPrgEIQbaghd01 - 2Mb GRE over Shared ISP Gateway*
      Internet address is 3.85.129.141/30
      MTU 17916 bytes, BW 2048 Kbit/sec, DLY 10 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation TUNNEL, loopback not set
      Keepalive not set
      Tunnel source 195.27.20.14 (GigabitEthernet0/0/3), destination 109.224.62.26
       Tunnel Subblocks:
          src-track:
             Tunnel20 source tracking subblock associated with GigabitEthernet0/0/3
              Set of tunnels with source GigabitEthernet0/0/3, 32 members (includes iterators), on interface <OK>
      Tunnel protocol/transport GRE/IP
        Key disabled, sequencing disabled
        Checksumming of packets disabled
      Tunnel TTL 255, Fast tunneling enabled
      Tunnel transport MTU 1476 bytes
      Tunnel transmit bandwidth 8000 (kbps)
      Tunnel receive bandwidth 8000 (kbps)
      Last input 1w6d, output 14w4d, output hang never
      Last clearing of "show interface" counters 2y5w
      Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         1565172427 packets input, 363833090294 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         1778491917 packets output, 1555959948508 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    =============================
    Router_1#ping 109.224.62.26 re 100 sou 195.27.20.14
    Type escape sequence to abort.
    Sending 100, 100-byte ICMP Echos to 109.224.62.26, timeout is 2 seconds:
    Packet sent with a source address of 195.27.20.14
    Success rate is 92 percent (92/100), round-trip min/avg/max = 139/142/162 ms
    Router_1#
    ============================================
    Router_1#sh cry ip sa pe 109.224.62.26 | in caps
        #pkts encaps: 831987306, #pkts encrypt: 831987306, #pkts digest: 831987306
        #pkts decaps: 736012611, #pkts decrypt: 736012611, #pkts verify: 736012611
    Router_1#sh clock
    15:09:45.421 UTC Thu Dec 25 2014
    Router_1#
    ===================
    Router_1#sh cry ip sa pe 109.224.62.26 | in caps
        #pkts encaps: 831987339, #pkts encrypt: 831987339, #pkts digest: 831987339
        #pkts decaps: 736012611, #pkts decrypt: 736012611, #pkts verify: 736012611>>>>>>>>>>>>>>>>>>>>Traffic is not receiving from Router 2 
    Router_1#sh clock
    15:11:36.476 UTC Thu Dec 25 2014
    Router_1#
    ===================
    Router_2#sh run int Tu1
    Building configuration...
    Current configuration : 269 bytes
    interface Tunnel1
     bandwidth 2000
     ip address 3.85.129.142 255.255.255.252
     ip mtu 1412
     ip flow ingress
     load-interval 30
     keepalive 10 3
     cdp enable
     tunnel source GigabitEthernet0/0
     tunnel destination 195.27.20.14
    end
    Router_2#
    =======================
    Router_2#sh run | sec cry
    crypto isakmp policy 10
     authentication pre-share
    crypto isakmp key Router_2 address 195.27.20.14
    crypto isakmp key Router_2 address 194.9.241.8
    crypto ipsec transform-set ge3vpn esp-3des esp-sha-hmac
     mode transport
    crypto map <Deleted> 10 ipsec-isakmp
     set peer 195.27.20.14
     set transform-set ge3vpn
     match address Router_2
    crypto map <Deleted> 20 ipsec-isakmp
     set peer 194.9.241.8
     set transform-set ge3vpn
     match address Router_1
     crypto map <Deleted>
    Router_2#
    ====================================
    Router_2#sh cry ip sa pe 195.27.20.14 | in caps
        #pkts encaps: 737092521, #pkts encrypt: 737092521, #pkts digest: 737092521
        #pkts decaps: 828154572, #pkts decrypt: 828154572, #pkts verify: 828154572>>>>>>>>>>>>Traffic is getting encrypting from router 2 
    Router_2#sh clock
    .15:10:33.296 UTC Thu Dec 25 2014
    Router_2#
    ========================
    Router_2#sh int Tu1
    Tunnel1 is up, line protocol is down>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Down
      Hardware is Tunnel
      Internet address is 3.85.129.142/30
      MTU 17916 bytes, BW 2000 Kbit/sec, DLY 50000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation TUNNEL, loopback not set
      Keepalive set (10 sec), retries 3
      Tunnel source 109.224.62.26 (GigabitEthernet0/0), destination 195.27.20.14
       Tunnel Subblocks:
          src-track:
             Tunnel1 source tracking subblock associated with GigabitEthernet0/0
              Set of tunnels with source GigabitEthernet0/0, 2 members (includes iterators), on interface <OK>
      Tunnel protocol/transport GRE/IP
        Key disabled, sequencing disabled
        Checksumming of packets disabled
      Tunnel TTL 255, Fast tunneling enabled
      Tunnel transport MTU 1476 bytes
      Tunnel transmit bandwidth 8000 (kbps)
      Tunnel receive bandwidth 8000 (kbps)
      Last input 1w6d, output 00:00:02, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 14843
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      30 second input rate 0 bits/sec, 0 packets/sec
      30 second output rate 0 bits/sec, 0 packets/sec
         1881547260 packets input, 956465296 bytes, 0 no buffer
         Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         1705198723 packets output, 2654132592 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    =============================
    Router_2#ping 195.27.20.14 re 100 sou 109.224.62.26
    Type escape sequence to abort.
    Sending 100, 100-byte ICMP Echos to 195.27.20.14, timeout is 2 seconds:
    Packet sent with a source address of 109.224.62.26
    Success rate is 94 percent (94/100), round-trip min/avg/max = 136/143/164 ms
    Router_2#
    =========================

    Hello.
    First of all, try to reset IPSec (clear crypto isakmp sa ..., clear crypto session ...).
    Configure inbound ACL on the router to match esp protocol and check if the packets arrive.
    Please provide full output "show crypto ipsec sa"
     from both sides.

  • MPLS over GRE Tunnel

    Hi,
    Can any one guide me about the benefits of MPLS over GRE Tunnels. Do this serve the purpose of MPLS (except TE, which is suppose is not possible on GRE Tunnels) as Layer-3 is already involved before Label Switching even starts.
    thanx and regards,
    Shakeel Ahmad

    I have a problem with MPLS over GRE. When i try to apply a policy to shape the traffic it seems that the default-class dosent see the mpls packets.
    Im trying to shape the traffic to 256k but it seems that the shaping never are activated.
    Anyone have any idea how to solve this?
    Example:
    class-map match-all PING
    match access-group 171
    policy-map class-default
    class PING
    bandwidth percent 15
    policy-map PING
    class class-default
    shape average 256000
    service-policy class-default
    INterfacexx
    service-policy output PING
    access-list 171 permit icmp any any

  • MVR over DOT1Q-TUNNEL

    Is it possible to use MVR for delivering multicast to customers over dot1q-tunnel interface ?
    Can QinQ and MVR work together ?

    I think the muticast vlan registration shortly termed MVR is not supported in dot1Q tunnelling interface.Because, there is a criteria for configuring MVR.That is, while configuring MVR, receiver ports cannot be trunk ports. Since, do11q is a trunking protocol,I believe MVR can't be transmitted over trunk port, and hence over dot1q tunnel interface.For detailed info on this mvr,
    refer to the configuration guidelines sections of mvr at:
    http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e8d9.html#xtocid14

  • Bridging over GRE tunnel

    Dear expert,
    Currently I have problem running bridging over GRE tunnel.We are using cisco 3640 but somehow under tunnel 0, the is no 'bridge-group 1' command.We are trying to get the IOS that support the command under tunnel 0 but to no avail.Can someone help me ? Thanks
    --ran

    It's a hidden command.  Even do, you might get a warning messasge stating this is obsolete and unsupported, it still technically a valid configuration. Legacy, but works.
    Keep in mind there are better solutions for this kind of connections.  But you can try it, it's simple anyways.
    Host1---Fa0/0--R1-------------GRE------------R2--Fa0/0---Host2
    1. Create a Loopback intf. on both routers and ensure L3 connectivity between them.
    2. Create bridge:
    router(config)#bridge 1 protocol ieee
    3. Create a GRE tunnel interface (dont configure IP's):
    router(config)# interface tun0
    router(config-if)# tun source loopback x
    router(config-if)# tun destination <other router loopback ip>
    router(config-if)# bridge-group 1
    **This is a hidden cmd. You will get a warning message, but ignore it**
    3. Attach Physical Interface to Bridge as well:
    router(config)# interface Fa0/0
    router(config-if)# bridge-group 1
    4. Configure the Hosts IP addresses to be on the same IP Segment and validate communication between them.
    You can try this on GNS3 as well.  I made a diagram and a brief explanation at another thread, but really don't remember how to get to it.
    Once again, this is legacy and there are better ways to achieve this. But for small implementations this is valid and easier.  It also helps to understand the newer versions/enhancements to this as well. 
    HTH

  • ASA: Smart Tunnel and proxy problem

    Hello
    I are having problem that some of my external users that has a proxy setup on theres end can't use the smart tunnel.
    They get proxy warning when they click on a bookmark.
    If I skipp using Smart tunnel the user can't start the citrix app, get corrupted ica file.
    Is it a common problem if so is there a soultion ?
    KR
    Daniel

    Hi Daniel,
    "Smart tunnel supports only proxies placed between computers running Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the ASA,
    the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services
    . If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy."
    You can get more information from following link:-
    http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_clientless_ssl.html#wp1321610
    HTH!!
    Regards,
    Naresh

  • Smart tunnel used for access other than native application?

    Dear all,
    i have a question about smart tunnel. my situation is, i need to  access to the server on certain IP address that using a port (example : port 5007) that is native for the application. that application is customized application just for my company.
    Question is :
    1. can i use smart tunnel to access the application for that particular port (ex : port 5007, 8476) ?
    2. i have so many grup servers (other than group server A) with so many costumized application with native port . is there any other way for me to access to that IP without using smart tunnel? because this project requirement is
    Clientless application access using application/Agent in user's PC, such as RDP, SSH & Native Application and ohers.
    Group Server A
    IP                                     Port
    10.194.24.99
    5007, 80, 9593, 9594, 9595
    10.194.22.99
    82
    192.9.1.99
    23, 449, 8470, 8476, 9470, 9476, 992
    My ASA is 9.1.3 and my ASDM is 7.1.3
    Please kindly to help, any reponse i appreciated
    source : http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/tunnel.pdf

    See http://www.mozilla.org/projects/netlib/PortBanning.html
    * http://kb.mozillazine.org/network.security.ports.banned.override

  • Os x smart tunnel for java

    We have a webpage that uses java, and we are unable to make it work on web vpn on mac os. On the windows side, we added the following to the webvpn smart tunnel and it works:
    smart-tunnel list banner WebStart javaws.exe platform windows
    smart-tunnel list banner JavaWindows javaw.exe platform windows
    Does anyone know the path for mac os x?

    The VPN client for Mac OS runs on any Power Macintosh or compatible computer with Mac OS Version 7.6 to 9.x, and Open Transport Version 1.1.1 or later.
    Have available an application that can translate a BinHex (.hqx) archive, such as StuffIt. Your web browser might perform the translation automatically for you.
    http://www.cisco.com/en/US/docs/security/vpn5000/client/windows_mac/client52/user/guide/Install.html#wp1023928

  • Ssl smart tunnel and vmware client

    Has anyone gotten the vmware client(for either server or VI) to work using a smart tunnel on webvpn? I set up a smart tunnel for vmware.exe, but it does not seem to connect. I am running 8.0.4. Also, has anyone been able to smart tunnel explorer.exe?

    The AnyConnect VPN Client is not compatible with virtualization software, such as VMWare.

  • ASA Smart Tunnel with OS X 10.7

    Hello,
       I've recently configured SSL VPN on an ASA failover pair running 8.4(2). The smart tunnel policy allows RDP clients (native MS client on Windows, MS Client and CoRD on Mac). Early testing looked good for both Windows and Mac. But then I had a mac user who reported that the "Application Access" button did not display in the navigation pane, and hence they can't get to where to launch Mac smart tunnel applications. The difference between those that worked and the one that doesn't is OS X v10.6 (works), OS X v10.7 (doesn't work).
       Doing a little research, I found that JRE isn't installed by default in OS X 10.7, and I found the following link:
    http://support.apple.com/kb/DL1421. After installation, and verifying that "enable applet plug-in and Web Start applications" was checked and trying again, the same results. "Application Access" is missing from the navigation bar, and hence smart tunnel apps can't be launched.
       Does anyone have an idea on what could be going wrong here?
    Thanks!
    Kurt

    Kurt,
    I just found your thread here.
    Which browser are you using on the Mac?
    I have found that with Mac OS 10.7 (lion) there are issues with the smart tunnel applet with Safari and Chrome
    However, it works as expected with Firefox.
    I actually get a Safari Web Content crash report when I try to connect with Safari.
    I have been monitoring this since 10.7 was released, I haven't opened a ticket with TAC because it appeard to be an Apple / Safari issue since the applet works with Firefox.
    I installed the latest Java update for 10.7 today and there was no change in behavior.
    I guess it's time to open a TAC ticket.

  • When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a

    i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

    Hi josedilone19
    GRE is used when you need to pass Broadcast or multicast traffic.  That's the main function of GRE.
    Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks
    However there are some other important aspect to consider: 
    In contrast to IP-to-IP tunneling, GRE tunneling can transport multicast and IPv6 traffic between networks
    GRE tunnels encase multiple protocols over a single-protocol backbone.
    GRE tunnels provide workarounds for networks with limited hops.
    GRE tunnels connect discontinuous sub-networks.
    GRE tunnels allow VPNs across wide area networks (WANs).
    -Hope this helps -

Maybe you are looking for