PRSM Offbox Enable CX Traffic Redirection

Similar Messages

• Traffic Redirection tab not visible in PRSM single device mode

  I am using a 5515-X in single device mode.  Software is  version 9.2.1.2-69.
  I noticed a couple things that I am not sure are a problem or not.  When I go to the configuration overview tab PRSM shows mode of the ASA CX as "unknown".  Also the User Guide says I should see a "traffic redirection" tab under configuration policies/settings but I don't see that.
  I guess I can configure traffic redirection with ASDM but just wondering if this is normal, or cosmetic bug or something else?
  Thanks,
  Diego

  If you're running single device mode (on-box PRSM) you cannot manage the ASA configuration like you can with the off-box PRSM. Note this section of the user guide which states:
  "Traffic Redirection—(ASA, Multiple Device mode only.) Configure traffic redirection from the ASA to its CX module."

• Guest Wireless traffic redirect to Proxy Server

  I have Guest WLAN and i want to redirect all the traffice to Proxy Server. We use Cisco Ironport.
  Cisco proxy Ironport has the ip 10.X.X.X.
  We also have NCS Server. Can anybody tells me where i can configure this
  best regards and thanks in advance

  Muzaffar:
  If you have web-auth configured you may have problems with the redirection if the users are using manual proxy server configured.
  For that, you better enable WebAuth proxy redirection on wireless controller.
  Here is the config example
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b8a909.shtml
  HTH
  Amjad

• Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

  Hi All,
  I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
  2811 having C2800NM-ADVIPSERVICESK9-M
  2811 router connects to the Internet SW then connects to the Internet router.
  Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
  Below is router config for VPN & NAT
  crypto keyring ISR_Keyring
    pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp keepalive 10
  crypto isakmp profile isa-profile
     keyring ISR_Keyring
     self-identity user-fqdn [email protected]
     match identity user vpn-proxy.websense.net
  crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
  crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
  set peer vpn.websense.net dynamic
  set transform-set ESP-NULL-SHA
  set isakmp-profile isa-profile
  match address 101
  interface FastEthernet0/1
  description connected to Internet
  ip address 216.222.208.101 255.255.255.128
  ip access-group HVAC_Public in
  ip nat outside
  ip virtual-reassembly
  duplex full
  speed 100
  no cdp enable
  crypto map GUEST_WEB_FILTER
  access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
  access-list 103 permit ip 192.168.8.0 0.0.3.255 any
  ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
  ip nat inside source list 103 interface FastEthernet0/1 overload
  ip nat inside source route-map nonat pool mypool overload

  How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
  Check
  show crypto isakmp sa
  show crypto ipsec sa
  show crypto session
  You'd better remove the preshared key from your post.

• Service Insertion/Service Graphs & Policy based traffic redirection

  Hi,
  My question is to use policy based service insertion/service graphs between the EPGs communications to redirect traffic to ASA firewall & F5 slb.
  Below are Cisco ACI components:
  1- Spines & Leafs
  2- APIC Controllers
  3- Cisco ASA Firewall attached to the APIC via device package
  4- F5 SLB attached to the APIC via device package
  I have the below scenario for the communication between the EPGs e.g:
  WEB-EPG (consumer)
  APP EPG (provider) (consumer for DB)
  DB (provider)
  I want to use contract that includes filter on port 80 to permit and action for service insertion to provide SLB (F5) service between the WEB & APP communications.
  I want to use contract that includes filter on port any* to permit and action for service insertion to provide firewall (ASA) service between the APP & DB communications.
  Can I do policy based "traffic redirection" through service graphs in the contract's service insertion?
  Is it supported in version 1.0(3i)?
  I believe, NSH (Network services header) will add in the VXLAN header before reaching the dest VNID and redirect the traffic to the clusters of the services node i.e. SLB or FW, Then traffic will reach the destination address after striping all services.  
  Regards,
  Anser

  Hello Muhammad, 
  traffic redirection is not supported on 1.0(3i) , while NSH is still submitted to IETF as a draft from industry vendors , I think try to avoid waiting for it.
  Regards
  Mohammed ElSherbiny

• Enabling SAML V2 redirection to target application

  Hi Gurus,
  I have been facing to issues for which I cannot find any relevant information. I have been trying to enable SSO SAML 2 on our SAP Netweaver Platform and I am not able to configure everything.
  I followed the step by step implementation described here:
  http://wiki.scn.sap.com/wiki/display/Security/Single+Sign-On+with+SAML+2.0+and+ABAP+Systems+Supporting+SAP+Logon+Tickets
  The only difference lays in the fact that the provider is an external one and not hosted by NW.
  The SAML V2 is activated and the SAML backbone  of my customer redirects to the endpoint URL I gave for a test (our java portal address). So this is more or less fine.
  But my business case is different as redirecting to a fixed URL: I want to allow any user to run any BEx queries to be authenticated via SAML 2 backbone and to be redirected to the initially targetted query.
  Meaning:
  A user is accessing the following URL:
  http://<server_name>/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.pct!2fplatform_add_ons!2fcom.sap.ip.bi!2fiViews!2fcom.sap.ip.bi.bex?QUERY=<query_id>
  The actual situation: the user is getting redirected to the SSO backbone and back to the endpoint I gave meaning:
  http://<server_name>/irj/portal
  What I would like to have as a behaviour is to:
  1- the user request any URL hosted on our Java (it can be BEx query as well as a Web Dynpro application called)
  2- he is getting authenticated by the SSO Backbone and redirected to the original URL
  I am not an admin and it is hard for me to find the relevant information.
  Thanks for helping me!
  Cheers,
  Cyril.

  Hello,
  although an answer to my question was provided it doesn't really solve the problem because in order to be able to get the patch that fixes the flaw it requires as described at the bottom of the page of My Oracle Support website that "This site is intended solely for use by authorized Oracle customers, partners, and employees."
  I'm not currently part of any of this groups so access to such resources is denied for me. So, i would kindly request from someone to explain to me the purpose of this kind of policy. Oracle Apex and Oracle Database XE are suppossed to be free products. Why are patches of discovered bugs on these products require special privileges to access them ? I say this because now i have to wait for several weeks or even months for the next release of APEX to be able to continue my study.
  I would really love to hear a comment on this issue.
  Thank you very much.

• WRVS4400N traffic redirection depend on host header

  Hello,
  I have a question related to WRVS4400N. Do you plan adding feature, in short described  as:
  - related to specific port , for  example port 80/HTTP
  - depend on the host header, router  to forward the traffic to internal IP1, IP2 and so on. Example - if i have Internet site A that i host on internal IP1, and Internet site B that i host on  internal IP2, router automatically to redirect the traffic to the necessary IPs  depend on the site names.
  And the s second question - do you  have such feature already made in other  products?

  While you can set up Single Port Forwarding to map incoming HTTP requests to a particular NAT IP on the LAN side of the Router, I dont see a way we can read the hostname out of the HTTP message and map to a particular device on the subnet, no.  Since your WebSite will DNS resolve to the WAN IP of the router, it would seem like we would be limited to one Webserver sitting behind that WAN IP.
  Adding a second Router will resolve this, and may be preferable if traffic rates will be high (more bandwidth per web host)

• How can I enable Firefox to redirect to another part of the site I use regularly without asking permission

  I use a website about 2 or 3 times a week. After logging onto the website, it needs to redirect me to another page but always asks for my permission to allow.
  Where in the Tools, Options does it allow me to give automatic permission to be redirected. Otherwise, I sit looking at the screen waiting for it to change, having not noticed ther bar at the top of the page, waiting!!
  Thanks

  Go to the Advance panel of the Options dialog, in the General tab there is a setting "Warn me when web sites try to redirect or reload the page"

• Cisco RV120W traffic redirect

  I have a RV 120W VPN where I wish to route HTTP traffic from local host to remote proxy server. How can i do it.

  I have a RV 120W VPN where I wish to route HTTP traffic from local host to remote proxy server. How can i do it.

• HTTPS traffic redirection

  How can I redirect the https requests to my CE. Would it work's in transparent mode? Could anyone send me a sample config?
  Thanks!

  Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
  If anyone else in the forum has some advice, please reply to this thread.
  Thank you for posting.

• WLC - Web Traffic redirection without using Web Auth?

  Hi there,
  I am in need of solution to integrate it to WLC where the Guest Users can use the wireless access and then be redirected to the company's website once they open a browser.
  This is where the guest users will no longer click any buttons (or accept any certificates). Once the browser is hit it will automatically go to the companys website.

  You can use pfsense or monowall (there are others, but these are the top two open source splash screen portals) or a commercial offering as the gateway
  pfsense is bsd based and has more features than monowall.  The splash can be http or https and is fully customizable.

• Web traffic redirecting

  hi
  i use many rangs of ip in my network , and i need to config my router; if a client have a web request from this source address 192.168.20.0/24 to any ,should be redirect to a specific web page .
  the web server is in my network and our client can ping it now.
  thanks

  how can i redirect it?

• Enabling AFP traffic through firewall

  I have set the access for specific services and applications in the firewall settings. I frequently enable AFP-filesharing. Even though the AFP protocol appears in the list for allowed services when enabled, connections are not possible until I disable firewall altogether. This, however, is laborious and undesirable security-wise. Is it possible to use AFP while the firewall is still running?

  Yes it is -- I do. How is Sys Prefs > Sharing > File Sharing > Shared Folders and Users (for each shared folder) set up? (You will need to unlock the padlock to show users and their permissions).
  In the interim, is this computer confined to a residential network? Do you implicitly trust all the other users on your home network? If wireless (who isn't?), are you using WPA2 with a strong password? If so, then if the home router has NAT enabled and its port-based firewall is keeping all the riffraff out, I wouldn't be too overly concerned while you are trying to get this working the way that it should.

• How to enable VLAN traffic in Mac book Pro

  Hi
  i am running Yosemite OS on MACBOOK PRO 13" also windows 8.1 running on parallel V10 (the latest one).
  in my line of work, we use custom tools to communicate with our products, all the tools are based on windows and running in layer 2.
  some of the tools transmits with VLAN ID, i can see that the packets are sent with VLAN but nothing is returned, deeper inspection i found that the retuned packet , that it is also tagged with VLAN, is simply dropped and doesn't reach the windows.
  on a regular windows machine, i can control the VLAN setting in the NIC configuration and typically what the NIC is doing is decapsulation the VLAN.
  How do i do the same on a MAC?
  Please help.
  thanks

  iPhoto does NOT come with the OS. It is a separate App. Yes it is included on every Mac when new.
  Since you are running Snow Leopard 10.6.8 you got 2 DVDs witrh your system. One is for installing the operating system, OS X, and the other is for reinstalling the iLife Apps that come with every Mac.
  So find your original system discs and the Applications disc in particular. Delete, "Move To Trash", the current iPhoto app then reinstall from that Applications disc. Then use Software update to update it to the most current version.

• Enable WebAuth on WLC to intercept https (or https redirection) for authentication

  Hi all
  My company is using WLC with Guest access feature, and use Layer 3 security authentication to permit only Guests who provided valid user/password to access.
  But we met a issue that, when guests connect to Guest SSID successful, on PC they have to open web browser and access to 1 website by http, after that WLC will intercept and redirect to authentication page.
  If customer access to https (as google, gmail, ...) WLC cannot intercept and redirect to authentication. Because almost customers access to https://google.com at first by their habit.
  On my firewall, I can do intercept by both http and https, so I wonder on WLC I can enable intercepting and redirecting to authentication of https also
  If possible, please advice us how to enable this feature.
  Regards
  Hai Dao Tuan

  Thanks all
  I also just found a link that mentions about this case clearly and commands to enable it
  https://supportforums.cisco.com/document/12398536/understanding-https-redirect-over-web-auth
  (WLC)> config wlan security web-auth enable <wlan-id>
  (WLC)> config network web-auth https-redirect enable