PI 7.11: Mapping inside or outside PI??

Hi,
We have an IDoc to SOAP scenario.
Currently we have many issues with that interface, because the message mapping is very complicated (various entries per infotype have to be mapped to one target field etc.).
Wouldn't it be easier (especially for me as an ABAPer) to do the mapping in a user exit on SAP ERP side and call the PI WS from there?
Then we would have only to bypass the data through PI, because the inbound/outbound message type would be the same.
For me it always takes ages to find out what's wrong inside the mapping.
And the graphical mapping becomes very confusing even for easy mappings.
In ABAP the mapping part would be much easier!
What is here the best practice?
Do PI developers have always the aim to do all the mapping inside PI?
Thanks in advance!

Hi,
my problem is still not solved
I've extended Idoc HRMD_A06 now.
The problem is, that it works only if i put the Z segment under segment E1PITYP, which is always linked to an Infotype  (currently I put '0000' as Infotype).
E1PITYP contains the following fields:
PLVAR     PLVAR
OTYPE     OTYPE
OBJID     HROBJID
INFTY     INFOTYP
SUBTY     SUBTYP
BEGDA     PD_BEGDA
ENDDA     PD_ENDDA
LONG_INFTY     LONG_INFTY
I tried to put my segment under header segment E1PLOGI, but then SM58 gives me the following error:
Segment 'ZHRMD_A06', segmentnumber '000084' not correct in structure
E1PLOGI has the following fields:
PLVAR     PLVAR
OTYPE     OTYPE
OBJID     HROBJID
PROOF     CHAR1
OPERA     HROPERA
SERIAL_COUNTER     CHCOU
FILTER1     HRMD_FILTER1
FILTER2     HRMD_FILTER2
I don't really understand why I cannot do it that way...
My question:
Is there a way to include my data without linking it to an HR Infotype???

Similar Messages

  • How to allow some fixed extension go in from outside to inside but not allow go from inside to outside

    how to allow some fixed extension go in from outside to inside but not allow go from inside to outside
    for example, allow JPEG, MOV, AVI data flow from outside to inside
    but not allow JPEG, MOV, AVI files access or upload or get by outside, in another words not from inside to outside
    how to configure?

    Hi,
    The ZBF link sent earlier show how we can inspect URI in http request
    parameter-map type regex uri_regex_cm
       pattern “.*cmd.exe”
    class-map type inspect http uri_check_cm
       match request uri regex uri_regex_cm
    ZBf is the feature on Cisco routers and ASA though concepts are little same but works differently. However it is important that you can be more granular with the protocol (layer 7) inspection only. Like on ASA if you will try to restrict .exe file from a p2p application that won't be possible, But on router you have some application for p2p in NBAR and you can use it file filtering. Please check configuartion example for both devices.
    Thanks

  • Internet Access from Inside to Outside ASA 5510 ver 9.1

    Hi everyone, I need help setting up an ASA 5510 to allow all traffic going from the inside to outside so I can get internet access through it. I have worked on this for days and I have finally got traffic moving between my router and my ASA, but that is it. Everything is blocked because of NAT rules I assume.
    I get errors like this when I try Packet Tracer:
    (nat-xlate-failed) NAT failed
    (acl-drop) Flow is denied by configured rule
    Version Information:
    Cisco Adaptive Security Appliance Software Version 9.1(4)
    Device Manager Version 7.1(5)
    Compiled on Thu 05-Dec-13 19:37 by builders
    System image file is "disk0:/asa914-k8.bin"
    Here is my ASA config, all I want for this exercise is to pass traffic from the inside network to the outside to allow internet access so I can access the internet and then look for specific acl's or nat for specific services:
    Thank You!
    Config:
    ASA5510# sh running-config
    : Saved
    ASA Version 9.1(4)
    hostname ASA5510
    domain-name
    inside.int
    enable password <redacted> encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd <redacted> encrypted
    names
    dns-guard
    interface Ethernet0/0
    description LAN Interface
    nameif Inside
    security-level 100
    ip address 10.10.1.1 255.255.255.252
    interface Ethernet0/1
    description WAN Interface
    nameif Outside
    security-level 0
    ip address 199.199.199.123 255.255.255.240
    boot system disk0:/asa914-k8.bin
    ftp mode passive
    dns domain-lookup Outside
    dns server-group DefaultDNS
    name-server 199.199.199.4
    domain-name
    inside.int
    object network inside-net
    subnet 10.0.0.0 255.255.255.0
    description Inside Network Object
    access-list USERS standard permit 10.10.1.0 255.255.255.0
    access-list OUTSIDE-IN extended permit ip any any
    access-list INSIDE-IN extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu Inside 1500
    mtu Outside 1500
    mtu management 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-715.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (Inside,Outside) source dynamic any interface
    object network inside-net
      nat (Inside,Outside) dynamic interface
    access-group INSIDE-IN in interface Inside
    access-group OUTSIDE-IN in interface Outside
    router rip
    network 10.0.0.0
    network 199.199.199.0
    version 2
    no auto-summary
    route Outside 0.0.0.0 0.0.0.0 199.199.199.113 1
    route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
    route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
    route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 0.0.0.0 0.0.0.0 Inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association pmtu-aging infinite
    crypto ca trustpool policy
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 Inside
    ssh timeout 60
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    username <redacted> password <redacted> encrypted privilege 15
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns migrated_dns_map_1
      parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns migrated_dns_map_1
      inspect ftp
      inspect h323 h225
      inspect h323 ras
       inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http
    https://tools.cisco.com/its/service/oddce/services/DDCEService
       destination address email
    [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
       subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    password encryption aes
    Cryptochecksum:
    <redacted>
    : end
    SH NAT:
    ASA5510# sh nat
    Manual NAT Policies (Section 1)
    1 (Inside) to (Outside) source dynamic any interface
        translate_hits = 0, untranslate_hits = 0
    Auto NAT Policies (Section 2)
    1 (Inside) to (Outside) source dynamic inside-net interface
         translate_hits = 0, untranslate_hits = 0
    SH RUN NAT:
    ASA5510# sh run nat
    nat (Inside,Outside) source dynamic any interface
    object network inside-net
    nat (Inside,Outside) dynamic interface
    SH RUN OBJECT:
    ASA5510(config)# sh run object
    object network inside-net
    subnet 10.0.0.0 255.255.255.0
    description Inside Network Object
    Hi all,Hello everyone, I need some help before my head explodes. Idddddddd

    Hello Mitchell,
    First of all how are you testing this:
    interface Ethernet0/0
    description LAN Interface
    nameif Inside
    security-level 100
    ip address 10.10.1.1 255.255.255.252
    Take in consideration that the netmask is /30
    The Twice NAT is good, ACLs are good.
    do the following and provide us the result
    packet-tracer input inside tcp 10.10.1.2 1025 4.2.2.2 80
    packet-tracer input inside tcp 192.168.1.100 1025 4.2.2.2 80
    And provide us the result!
    Looking for some Networking Assistance? 
    Contact me directly at [email protected]
    I will fix your problem ASAP.
    Cheers,
    Julio Carvajal Segura
    Note: Check my website, there is a video about this that might help you.
    http://laguiadelnetworking.com

  • ASA 5510 traffic from inside to outside

    Hello,
    I'm working on a basic configuration of a 5510 ASA.
    inside network of 192.168.23.0 /24
    outside network 141.0.x.0 /24
    config is as follows:
    interface Ethernet0/0
     nameif OUTSIDE
     security-level 0
     ip address 141.0.x.0 255.255.255.0
    interface Ethernet0/1
     nameif INSIDE
     security-level 50
     ip address 192.168.23.1 255.255.255.0
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    access-list OUTSIDE_access_in extended permit icmp any any
    access-list OUTSIDE_access_in extended permit tcp any interface OUTSIDE eq https
    access-list INSIDE_access_in extended permit icmp any any
    global (OUTSIDE) 1 interface
    nat (INSIDE) 1 192.168.23.0 255.255.255.0
    access-group OUTSIDE_access_in in interface OUTSIDE
    access-group INSIDE_access_in in interface INSIDE
    route OUTSIDE 0.0.0.0 0.0.0.0 141.0.x.57 1
    In the LAB When I plug a laptop into the outside interface with address 141.0.x.57 I can ping it from a laptop from the inside interface and I can even access the IIS page. However, when I connect the ISP's firewall into the outside interface with the same address that I used the testing laptop with, I cannot seem to be able to access the outside world.
    I can ping from the ASA's outside interface (x.58, to the ISP's x.57), but I cannot ping from the inside 192.168.23.x to it or access anything.
    So traffic between inside and outside interface is not going through when in live setup. However, when in the lab it works fine.
    Any ideas please?

    Version of FW:
    Cisco Adaptive Security Appliance Software Version 8.2(1)
    Device Manager Version 6.3(1)
    Output of Packet-Trace Command is:
    SDH-PUBLIC-ASA(config)# packet-tracer input INSIDE icmp 192.168.23.10 8 0 1xpacket-tracer input INSIDE icmp 192.168.23.10 8 0 141.$
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   141.0.x.0      255.255.255.0   OUTSIDE
    Phase: 4
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group INSIDE_access_in in interface INSIDE
    access-list INSIDE_access_in extended permit icmp any any
    Additional Information:
    Phase: 5
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 6
    Type: INSPECT
    Subtype: np-inspect
    Result: ALLOW
    Config:
    class-map inspection_default
     match default-inspection-traffic
    policy-map global_policy
     class inspection_default
      inspect icmp
    service-policy global_policy global
    Additional Information:
    Phase: 7
    Type: INSPECT
    Subtype: np-inspect
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: NAT
    Subtype:
    Result: ALLOW
    Config:
    nat (INSIDE) 0 192.168.23.0 255.255.255.0
      match ip INSIDE 192.168.23.0 255.255.255.0 OUTSIDE any
        identity NAT translation, pool 0
        translate_hits = 104, untranslate_hits = 0
    Additional Information:
    Dynamic translate 192.168.23.10/0 to 192.168.23.10/0 using netmask 255.255.255.255
    Phase: 9
    Type: NAT
    Subtype: host-limits
    Result: ALLOW
    Config:
    nat (INSIDE) 0 192.168.23.0 255.255.255.0
      match ip INSIDE 192.168.23.0 255.255.255.0 OUTSIDE any
        identity NAT translation, pool 0
        translate_hits = 107, untranslate_hits = 0
    Additional Information:
    Phase: 10
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 11
    Type: FLOW-CREATION
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    New flow created with id 141, packet dispatched to next module
    Result:
    input-interface: INSIDE
    input-status: up
    input-line-status: up
    output-interface: OUTSIDE
    output-status: up
    output-line-status: up
    Action: allow

  • Asa 5505 inside to outside ping ?

    Hello, for some reason I cannot ping from a host on my inside network to my outside network interface
    i.e. ping from 192.168.0.100 to 192.168.200.2
    Also vice versa, when I ping from the asa5505's outside interface to any inside network address it does not work.
    Can anyone see wht this is ? - it has to be something simple.
    Thanks kindly for any help.
    Result of the command: "show running-config"
    Result of the command: "show running-config"
    ASA Version 8.0(2)
    hostname philASA5505
    domain-name phil.home
    enable password ma.B/.HgoVfoLiCL encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.0.254 255.255.255.0
    ospf cost 10
    interface Vlan2
    no forward interface Vlan5
    nameif outside
    security-level 100
    ip address 192.168.200.2 255.255.255.0
    ospf cost 10
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    switchport access vlan 5
    passwd ma.B/.HgoVfoLiCL encrypted
    ftp mode passive
    clock timezone NZST 12
    clock summer-time NZDT recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
    dns server-group DefaultDNS
    domain-name phil.home
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network lan
    description lan
    network-object host 192.168.100.0
    access-list outside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.255.0
    access-list inside_access_in extended permit ip any any
    access-list outside_1_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
    access-list outside_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm errors
    mtu inside 1500
    mtu outside 1500
    ip local pool philpool 192.168.0.1-192.168.0.99 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    asdm image disk0:/asdm-602.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 192.168.0.0 255.255.255.0
    nat (outside) 0 access-list outside_nat0_outbound
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 192.168.200.1 1
    route outside 192.168.100.0 255.255.255.0 192.168.200.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication http console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    snmp-server enable traps syslog
    snmp-server enable traps ipsec start stop
    snmp-server enable traps entity config-change fru-insert fru-remove
    snmp-server enable traps remote-access session-threshold-exceeded
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set pfs
    crypto map outside_map 1 set peer 192.168.200.1
    crypto map outside_map 1 set transform-set ESP-3DES-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp enable inside
    crypto isakmp enable outside
    crypto isakmp policy 5
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 28800
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 28800
    no crypto isakmp nat-traversal
    telnet 192.168.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh 192.168.0.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd auto_config outside
    dhcpd address 192.168.0.100-192.168.0.120 inside
    dhcpd dns 8.8.8.8 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    class-map global-class
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global-policy
    class global-class
      inspect icmp
    service-policy global-policy global
    webvpn
    enable outside
    svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 1
    svc enable
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol IPSec l2tp-ipsec
    group-policy philtunnel internal
    group-policy philtunnel attributes
    dns-server value 4.2.2.2 8.8.8.8
    vpn-tunnel-protocol IPSec
    username phil password DfN1FSNE/PrGENWQ encrypted privilege 15
    tunnel-group 192.168.200.1 type ipsec-l2l
    tunnel-group 192.168.200.1 ipsec-attributes
    pre-shared-key *
    prompt hostname context
    Cryptochecksum:809d3cdfdada66715a76c3aa57905add
    : end

    I do not see in your config an entry for
    policy-map global-policy
    is there an entry for this that somehow did not get posted?
    and under that policy-map is there an entry for
    class global-class
    and under that is there an entry for
    inspect icmp
    If these are missing then I suggest that you add them to your config and see if the behavior changes.
    HTH
    Rick

  • ASA5505 Can't pass traffic between inside (private) & outside (private)

    10.15.50.0/24 <---> 10.15.50.254 (inside / ASA5505 \ outside) 10.60.15.253 <---> 10.60.15.254 <--- (cloud) ---> (eventual destination 10.15.60.0/24)
    Goal:
    10.15.50.0/24 traffic will communicate with 10.15.60.0/24 while block all other.  Current config is any/any for troubleshooting.
    Example:
    10.15.50.249 pings 10.60.15.253 (inside of ASA) and fails.  Running it thru ASDM Packet Tracer shows the Outside ASA interface blocking but I have any/any on that interface.
    Question:
    What am I doing wrong?
    : Saved
    ASA Version 8.2(5)
    hostname SJ-HostB-ASA
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.15.50.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 10.60.15.253 255.255.255.252
    boot system disk0:/asa825-k8.bin
    ftp mode passive
    dns domain-lookup inside
    dns domain-lookup outside
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    access-list outside_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-645.bin
    no asdm history enable
    arp timeout 14400
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 10.60.15.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication enable console LOCAL
    aaa authentication http console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    aaa authorization command LOCAL
    aaa authorization exec LOCAL
    http server enable
    http 0.0.0.0 0.0.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    no sysopt connection permit-vpn
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 1
    lifetime 86400
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 30
    ssh 0.0.0.0 0.0.0.0 inside
    ssh timeout 30
    console timeout 30
    management-access inside
    threat-detection basic-threat
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    ntp server 10.15.50.243 source inside
    webvpn
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http
      destination address email
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    : end
    asdm image disk0:/asdm-645.bin
    no asdm history enable

    Hi,
    You can only PING / ICMP an ASA interface from behind that same interface.
    So users behind "inside" can PING / ICMP the "inside" interface IP address and users behind "outside" can PING / ICMP the "outside" interface IP address. Users can't PING / ICMP the remote interface from their perspective. The only exception is when users are coming through VPN connection and you use the "management-access " command. But this doesnt apply to your situation.
    You seem to be simulating an ICMP send from behind "inside" to the "outside" interface IP address if what you say is true.
    So attempt the Packet Tracer using some remote network IP address in the 10.15.60.0/24 network.
    You dont seem to have "nat-control" enabled so all traffic should be able to pass through the ASA without translation. So NAT shouldnt be a problem.
    You can also add the following configurations
    policy-map global_policy
    class inspection_default
      inspect icmp
      inspect icmp error
    - Jouni

  • Google map inside the spry collapsible panel

    So this time I've bumped into interesting 'bug'. I've placed the google map inside the spry collapsible panel. Panel is set to the closed mode on load of page. When I open the tab, map appears, but address marker is hidden behind the top left corner. If I place the same map outside the collapsiple panel it renders all well.
    So my  question is whether there is any way around this issue. When I know where the marker is hidden I can simply move the map and see it, but customer who's not aware of the problem will see only blank map with not marked address which is not acceptable.
    cheers,
    Simon

    Sure mate. Here you go:
    <div id="CollapsiblePanel1" class="CollapsiblePanel">
                  <div class="CollapsiblePanelTab" tabindex="0">SHOW MAP</div>
                  <div class="CollapsiblePanelContent">
                  <cfmap  width="242" height="200" zoomlevel="12" name="mainMap" markercolor="333444" showscale="false"
    typecontrol="none"  showcentermarker="true" centeraddress="#get_event.event_address1#, #get_event.event_address2#, #get_event.event_city#,#get_event.event_county#, #get_event.event_postcode#, #get_event.event_country#  "
    ></cfmap>
                  </div>
                </div>
    And this bit goes at the bottom of the code :
    <script type="text/javascript">
    var CollapsiblePanel1 = new Spry.Widget.CollapsiblePanel("CollapsiblePanel1", {contentIsOpen:false});
      </script>
    And that would be the preview that I get once the panel is open:
    And that is the preview of how it should look:
    As you can see the map marker sticks to the top left corner. I was wondering whether there is any way to re-focus it once the panel is open.
    cheers,
    Simon

  • NAT outside to inside and inside to outside (in 8.4(2) version)

    Thanks a lot and i attached a diagram here
    Requirement:
    need to pass through traffic from outside to inside and inside to outside.
    I also attached a diagram with the ip 
    and also tell me one thing that natting is only for private to public or public to private.

    Hi,
    I think i replied on your post earlier as well.
    As per your query , you can NAT any kinds of IP(Public or Private) into any kind((Public or Private)).
    For Bidirectional traffic , you always need static NAT
    When you want Uni Directional Traffic , you can use Dynamic NAT/PAT.
    For the Inside to Outside Traffic , you can use this NAT:-
    object network LAN
    subnet 0 0
    nat (inside,outside) dynamic interface
    FOr Outside to Inside Traffic , you would only want access for certain Servers. Just like Internally hosted Web Servers
    For this , you can either use , Static PAT/NAT:-
    object network host
    host 10.10.10.10
    nat (inside,Outside) static interface service tcp 3389 3389
    access-list outside_inside permit tcp any host 10.10.10.10 eq 3389
    This will enable you to take the RDP access for your PC from the internet.
    Is this what you want ?
    Thanks and Regards,
    Vibhor Amrodia

  • NAT (INSIDE To OUTSIDE)

    I need Configuration of this topology
    At Outside Router
    int f0/0
    ip add 10.1.1.2 255.255.255.0
    At Inside Router
    int f0/0
    ip add 192.168.1.2 255.255.255.0
    At ASA
    int e0
    ip add 10.1.1.1 255.255.255.0
    int e1
    ip add 192.168.1.1 255.255.255.0
    I want NAT from inside to outside and also need ACL configuration and attached diagram.
    and version of ASA is 8.2
    Navaz       
    Message was edited by: Navaz Wattoo

    THIS MY ASA CONFIGURATION
    ciscoasa(config)# sh running-config
    : Saved
    ASA Version 8.0(2)
    hostname ciscoasa
    enable password 8Ry2YjIyt7RRXU24 encrypted
    names
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 10.1.1.1 255.255.255.0
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Ethernet0/4
    shutdown
    no nameif
    no security-level
    no ip address
    interface Ethernet0/5
    shutdown
    no nameif
    no security-level
    no ip address
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    access-list OUT extended permit tcp any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat-control
    global (outside) 1 interface
    nat (inside) 1 192.168.1.0 255.255.255.0
    static (inside,outside) 10.1.1.1 192.168.1.1 netmask 255.255.255.255
    access-group OUT in interface outside
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    no crypto isakmp nat-traversal
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    prompt hostname context
    Cryptochecksum:00000000000000000000000000000000
    : end
    ciscoasa(config)#
    THIS MY OUTSIDE ROUTER CONFIGURATION
    R1(config)#do sh run
    Building configuration...
    Current configuration : 877 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname R1
    boot-start-marker
    boot-end-marker
    no aaa new-model
    ip cef
    no ip domain lookup
    ip domain name lab.local
    multilink bundle-name authenticated
    interface FastEthernet0/0
    ip address 10.1.1.2 255.255.255.0
    duplex auto
    speed auto
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    ip route 192.168.1.0 255.255.255.0 10.1.1.1
    no ip http server
    no ip http secure-server
    logging alarm informational
    control-plane
    gatekeeper
    shutdown
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    stopbits 1
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    stopbits 1
    line vty 0 4
    login
    end
    R1(config)#
    THIS MY INSIDE ROUTER CONFIGURATION
    R2(config)#do sh run
    Building configuration...
    Current configuration : 880 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname R2
    boot-start-marker
    boot-end-marker
    no aaa new-model
    ip cef
    no ip domain lookup
    ip domain name lab.local
    multilink bundle-name authenticated
    interface FastEthernet0/0
    ip address 192.168.1.2 255.255.255.0
    duplex auto
    speed auto
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    ip route 10.1.1.0 255.255.255.0 192.168.1.1
    no ip http server
    no ip http secure-server
    logging alarm informational
    control-plane
    gatekeeper
    shutdown
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    stopbits 1
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    stopbits 1
    line vty 0 4
    login
    end
    R2(config)#
    Navaz

  • Controlling ASA outbound (inside to outside) traffic

    Hello There,
    I have been in trouble while controlling every traffic passing from inside to outside. We already have websnese integtared with ASA 5520. Please help me in providing the details on this
    1. Traditional method by putting ACL on inside port (what things need to be blocked)
    2. Any special/standard configuration of inside ACL
    3. What other ways or methods are implemented.
    Please help somebody.....  :-)

    What's is exactly what you want to do on the firewall with those Access-lists?
    Here's a link that explains how to use Access-lists on an ASA.
    http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/traffic.html

  • ASA 5505 unable to connect inside or outside

    Hello,
    I'm extremely new to router configurations, and am attempting to configure a backup ASA 5505 to use as a temporary access point in the event that our main ASA becomes unavailable. What I have done is loaded the running config from our main ASA onto the backup, and have made changes to necessary routes, IPs, etc. I can connect to it from a remote computer without problem, but I cannot access any of our servers, nor can I access the internet. I have also tried modifying the access list and NAT rules every which way from Sunday, but I still cannot get this thing to allow any information through. I keep getting "failed to locate egress interface for UDP from outside" errors.
    We are using Cisco AnyConnect to connect , and mind you, since the config for this backup ASA was taken from our main, it still has the original certificate info and profiles. I was told that this wouldn't matter, but I thought I should mention in case I need to remove any of it from the config.
    Here is part of the config file. I took out some information, but tried to keep it understandable. If anyone could point me in the right direction, it would be greatly appreciated!
    ciscoasa# show running-config
    : Saved
    : Serial Number: xxxxxxxxxxx
    : Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
    ASA Version 9.2(2)
    hostname ciscoasa
    domain-name domain
    enable password encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd encrypted
    names
    ip local pool pool1 x.x.9.22-x.x.9.254 mask 255.255.255.0
    interface Ethernet0/0
     switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
     nameif inside
     security-level 100
     ip address x.x.8.10 255.255.255.0
    interface Vlan2
     nameif outside
     security-level 0
     ip address x.x.x.237 255.255.255.248
    boot system disk0:/asa922-k8.bin
    boot config disk0:/startup-config
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns domain-lookup inside
    dns domain-lookup outside
    dns server-group Default
     name-server x.x.8.100
     domain-name domain
    same-security-traffic permit intra-interface
    object network obj_any
     subnet 0.0.0.0 0.0.0.0
    object network pool1
     subnet x.x.9.0 255.255.255.0
    object network outside-network
     host x.x.x.237
    object network Remote-Network
     subnet x.x.8.0 255.255.255.0
    object network local
    object network obj-x.x.9.24
     host x.x.9.24
    object-group network Outside-Network-Group
     description Outside Network Group
     network-object x.x.x.232 255.255.255.248
    object-group network Inside-Network-Group
     description Inside Network Group
     network-object x.x.8.0 255.255.255.0
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in extended permit ip any any
    access-list NONAT extended permit ip x.x.8.0 255.255.255.0 x.x.9.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffer-size 30000
    logging buffered debugging
    logging asdm informational
    no logging message 106015
    no logging message 313001
    no logging message 313008
    no logging message 106023
    no logging message 710003
    no logging message 106100
    no logging message 302015
    no logging message 302014
    no logging message 302013
    no logging message 302018
    no logging message 302017
    no logging message 302016
    no logging message 302021
    no logging message 302020
    flow-export destination inside x.x.8.132 2055
    flow-export template timeout-rate 1
    flow-export delay flow-create 50
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    asdm image disk0:/asdm-722.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static any any destination static pool1 pool1 no-proxy-arp route-lookup
    nat (inside,outside) source static any any destination static Remote-Network Remote-Network no-proxy-arp route-lookup
    nat (outside,outside) source dynamic pool1 interface
    object network obj_any
     nat (inside,outside) dynamic interface
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 x.x.x.232 1
    route inside x.x.11.0 255.255.255.0 x.x.11.1 1
    If you have any questions, or need any other information, please let me know.
    Thanks!

    Am I posting this in the wrong section? Anyone?

  • Problem of routing between inside and outside on ASA5505

    I have a ASA5505 with mostly factory default configuration. Its license allows only two vlan interfaces (vlan 1 and vlan 2). The default config has interface vlan 1 as inside (security level 100), and interface vlan 2 as outside (security level 0 and using DHCP).
    I only changed interface vlan 1 to IP 10.10.10.1/24. After I plugged in a few hosts to vlan 1 ports and connect port Ethernet0/0 (default in vlan 2) to a live network, here are a couple of issues I found:
    a) One host I plugged in is a PC, and another host is a WAAS WAE device. Both are in vlan 1 ports. I hard coded their IP to 10.10.10.250 and 10.10.10.101, /24 subnet mask, and gateway of 10.10.10.1. I can ping from the PC to WAE but not from WAE to the PC, although the WAE has 10.10.10.250 in its ARP table. They are in the same vlan and same subnet, how could it be? Here are the ping and WAE ARP table.
    WAE#ping 10.10.10.250
    PING 10.10.10.250 (10.10.10.250) from 10.10.10.101 : 56(84) bytes of data.
    --- 10.10.10.250 ping statistics ---
    5 packets transmitted, 0 packets received, 100% packet loss
    WAE#sh arp
    Protocol Address Flags Hardware Addr Type Interface
    Internet 10.10.10.250 Adj 00:1E:37:84:C9:CE ARPA GigabitEthernet1/0
    Internet 10.10.10.10 Adj 00:14:5E:85:50:01 ARPA GigabitEthernet1/0
    Internet 10.10.10.1 Adj 00:1E:F7:7F:6E:7E ARPA GigabitEthernet1/0
    b) None of the hosts in vlan 1 in 10.10.10.0/24 can ping interface vlan 2 (address in 172.26.18.0/24 obtained via DHCP). But on ASA routing table, it has both 10.10.10.0/24 and 172.26.18.0/24, and also a default route learned via DHCP. Is ASA able to route between vlan 1 and vlan 2? (inside and outside). Any changes I can try?
    Here are ASA routing table and config of vlan 1 and vlan 2 (mostly its default).
    ASA# sh route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
    * - candidate default, U - per-user static route, o - ODR
    P - periodic downloaded static route
    Gateway of last resort is 172.26.18.1 to network 0.0.0.0
    C 172.26.18.0 255.255.255.0 is directly connected, outside
    C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
    C 10.10.10.0 255.255.255.0 is directly connected, inside
    d* 0.0.0.0 0.0.0.0 [1/0] via 172.26.18.1, outside
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.10.10.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address dhcp setroute
    interface Ethernet0/0
    switchport access vlan 2
    All other ports are in vlan 1 by default.

    I should have made the config easier to read. So here is what's on the ASA and the problems I have. The ASA only allows two VLAN interfaces configured (default to Int VLAN 1 - nameif inside, and Int VLAN 2 - nameif outside)
    port 0: in VLAN 2 (outside). DHCP configured. VLAN 2 pulled IP in 172.26.18.0/24, default gateway 172.26.18.1
    port 1-7: in VLAN 1 (inside). VLAN 1 IP is 10.10.10.1. I set all devices IP in VLAN 1 to 10.10.10.0/24, default gateway 10.10.10.1
    I have one PC in port 1 and one WAE device in port 2. PC IP set to 10.10.10.250 and WAE set to 10.10.10.101. PC can ping WAE but WAE can't ping PC. Both can ping default gateway.
    If I can't ping from inside interface to outside interface on ASA, how can I verify inside hosts can get to outside addresses and vise versa? I looked at ASA docs, but didn't find out how to set the routing between inside and outside. They are both connected interfaces, should they route between each other already?
    Thanks a lot

  • Set up a Foscam wireless webcam through BaseStation 7.71 inside and outside of my home network.

    I bought a X10 wireless Security Camera last year and it took me months to figure out how to set it up to access the video both inside my home and through my iPhone remotely, even on my Mac at my office.  I thought I would provide my process of getting this done to help those trying something similar.  Yes the X10 camera works as a Foscam Camera.  I am very happy with the result.  The biggest  challenge was Port Forwarding the Apple Basestation but now that I figured it out, it is easy.
    "How I set up a Foscam wireless webcam through Apple Hardware and software to work inside and outside of my home network seemlessly."
    What you need:
    -Foscam or compatible camera, (iPad or iPhone or Mac or better all three)!
    -Service Provider Router.
    -Apple Base Station, Extreme or Express. 7.71
    -'ip scanner' (software for Mac, app for iPad/iPhone.
    -CCTV Camera pros port scanner app for iPhone.
    First REMOTE ACCESS
    Go to www.dyndns.org and set up an account. For about $20/yr you can have 30 host websites.  Write down the user name and password as you will need it later.
    You need  this service to have a stable website to see your camera outside your network later as 'ip' addresses can change but this site will remain stable.
    Then after you log back in, create a 'host website' from the menu.  When you are creating the host site, dyndns will give you lots of web address choices or you can create your own. Just pick one. Also, you will need the 'ip' of the server where the camera will be. Luckily the dyndns website tells you this, just select it. Write down the web address, click create and you are done this part.
    Next you need to set up the camera.
    CAMERA SET UP
    Using an Ethernet cable, connect your Apple Base Station to your web cam.
    You will need to run 'ip scanner' to see the 'ip' address for the web cam. Write down the 'ip'. Select it, then select "open device in".  Pick browser.
    A web page will be launched and you are given 3 choices. I picked the middle, 'push browser'.  You are then asked for the user name and password for the camera. By default the user is 'administrator' and there is no password. Just click log in. You now will see a menu along the left, at the bottom it should say 'device management'. Select that. Another page will show and there are several important things to do here.
    1. Alias - give a name to the camera.
    2. Set the time from a server.
    3. Users - set a user and password. Write this down as you will need it.
    4. Basic network. Either check to 'Obtain IP from DHCP Server' or specify an IP you want to stay the same. You need the subnet and main DNS server and the Gateway (same thing like 192.168.0.?or 10.0.0.? or 172.16.0.?)
    Decide on a port you want use. Write this down. The camera will reboot, you will need to log in. In the browser enter IP then : the port#.  Like 192.168.0.?:80 you will need the camera user name and password.
    5. Wireless-scan for the nearby network list. Pick your network, enter your password, click submit. It will reboot.
    6. UPnP-check to use.
    7. DDNS Service (this allows remote viewing) pick DynDns.org
    Enter your DynDns user name and password.
    Enter the long DynDns Host website you wrote down. Click Submit. It will reboot. 
    APPLE Basestation set up
    Run Airport Utility on Mac or iPad or iPhone.
    Tap basestation, tap edit, tap advanced, tap Port Settings, tap 'new entry', in description enter a name, enter HTTP port number you picked when setting up the camera in all 4 spots: public and private UDP and TCP. Enter the IP address you picked in the camera setup. Click done and again until the Basestation updates.
    Run the CCTV app, pick 'tools', pick 'Port forwarding Checker'. Enter the port you selected to see if it shows open then you are good. If not go back through the steps.
    Set up Foscam App on the iPad and iPhone.
    Run App, tap Add Camera,
    Label- enter a name
    User- Camera user name
    Password- Camera
    Local camera address-the IP address eg 192.168.0.?
    Port- the one you specified.
    If it connects you will see the chain turn green.
    Remote address- the long one from DynDns.
    Port- the one you specified.
    If it connects you will see the chain turn green.
    Tap done.
    If everything is entered correctly it will all work.
    Trouble shooting, make sure the IP address for the camera is listed correctly in the Apple Router.  If it changes on the network, just go into the Airport Utility and update that.  Also make sure the dyndns address is correctly listed in the Camera set up.
    If questions, just let me know.

    Ok.. you have to work out the way you are going to access the TC..
    There are basically three methods..
    1. Direct access using AFP.. you need a static public IP and the TC as the main internet router.. then you need to turn on internet access and password the hard disk. The college has to have port 548 open.
    If you do not have a static public IP then you can use ddns service but there is no client in the TC.. so you will have to figure out a way to update the service.
    2. Use BTMM with icloud. This is the Apple method. It actually uses vpn..(the vpn is locked to apple use only but it is not available to end user).. The requirements are 7.6.1 firmware and lion or ML on a Mac computer. I am not sure of the ports because the link to the Apple cloud is separate from the vpn to your home system.
    3. VPN.. that means you need to bridge the TC and use a decent quality vpn modem / router or combo thereof.
    VPN are not for the faint of heart.. it can take a lot of work to get running but offers the best security.. you will need to change the network equipment in your house more than likely.. using a pc / mac as a vpn server is possible.. but messy.
    There are also easy ways to at least access the home computer.. teamviewer for example. This is likely blocked by the college though.
    Double NAT is where you put a router on a private IP behind another router on a private IP.. that makes port forwarding close to impossible.

  • Multiple Crypto Maps on Single Outside Interface

    Hi, I had the following crypto map configured on my ASA5505 to allow Cisco IPSec VPN clients to connect from the outside:
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    I'm trying now to set up an additional crypto map - a static configuration to establish a tunnel with Windows Azure services. The configuration they gave me is:
    crypto map azure-crypto-map 10 match address azure-vpn-acl
    crypto map azure-crypto-map 10 set peer XXX.XXX.XXX.XXX (obfuscated)
    crypto map azure-crypto-map 10 set transform-set azure-ipsec-proposal-set
    crypto map azure-crypto-map interface outside
    However, when I apply that configuration, my Cisco IPSec clients can no longer connect. I believe my problem is that last line:
    crypto map azure-crypto-map interface outside
    which blows away my original line:
    crypto map outside_map interface outside
    It seems I'm stuck with picking just one of the maps to apply to the outside interface. Is there a way to apply both of these maps to the outside interface to allow both IPSec tunnels to be created? We're running ASA version 8.4(7)3.

    Hi,
    You can use the same "crypto map"
    Just add
    crypto map outside_map 10 match address azure-vpn-acl
    crypto map outside_map 10 set peer XXX.XXX.XXX.XXX (obfuscated)
    crypto map outside_map 10 set transform-set azure-ipsec-proposal-set
    Your dynamic VPN Clients will continue to work just fine as their "crypto map" statements are with the lowest priority/order in the "crypto map" configurations (65535) and the L2L VPN is higher (10)
    And what I mean with the above is that when a L2L VPN connections is formed from the remote end it will naturally match the L2L VPN configurations you have with "crypto map" configurations using the number "10". Then when a VPN Client connects it will naturally not match the number "10" specific configurations and will move to the next entry and will match it (65535)
    If you would happen to configure a new L2L VPN connection then you could give it the number "11" for example and everything would still be fine.
    Hope this helps
    - Jouni

  • I am writing a book and need to have the margins alternating left and right pages, so that there is sufficient margin for the binding. I have tried different inside and outside margins, the same inside and outside margins, facing pages, changing the maste

    I am writing a book and need to have the margins alternating left and right pages, so that there is sufficient margin for the binding. I have tried different inside and outside margins, the same inside and outside margins, facing pages, changing the master, and I cannot get the margins to alternate at print time. The larger margin is always on the left. Can anyone please help me on this, as I have spent hours and lots of ink.

    Set up as facing pages with a larger inside margin.

Maybe you are looking for

  • How do i move an app from one page to another

    how do i move an app from one page to another? When I upgraded to the latest software on my 4s, the camera went to the last page rather than remaining on the home page

  • How do I download a picture from my Macbook Pro to a website?

    OK, maybe I'm missing something obvious, but I can't figure it out.  I was updating my medical information, which is a website, and there is a place to download a picture of myself.  I clicked on browse and it opened up Finder.  So far, so good.  I t

  • Can I listen to podcasts etc. on my work computer?

    I have iTunes set up on my home PC and have various playlists etc. on it. Is there anyway I can listen to them at work without recreating them on my work PC? Ron

  • Button action is not working

    Hi all, I am using JDev10g created jspx page. in backing bean i written this code. I created commandButton. I add following code     public String Login_action()         // Add event code here...                             if(this.getInputText11()!=

  • Problems with text in overlays

    Hi All and sorry if this is a basic question, but really rushed to meet a client's deadline. I created a simple SD menu at 16x9. My client wants the entire title of the video tracks highlighted when the pointer rolls over it or selects it. Problem is