Public Server on 2 external interfaces

Similar Messages

• ASA 5510 Anyconnect VPN question-"Hairpin" vpn connection on same external interface

  I have a Cisco ASA 5510, I want to allow a VPN connection to be established by a client on one of the inside interfaces(10.20.x.x) to be able to go out the single External interface and get authenticated by the ASA to create a VPN tunnel to the other inside interface (10.0.X.X) and access resources on that subnet.
  Basically want clients on a WLAN to be able to VPN back in to the LAN with the ASA in the middle to get to company resources,
  Is this possible?
  Thanks,
  Tommy

  When we connect any VPN on a device then it is always a TO THE DEVICE connection and I am afraid we can connect only to the local / nearest interface where user is connected in a network with respect to ASA.
  I have seen this scenario working though earlier with one of my clients wherein he has configured his DNS server accordingly so that depending upon the source of the DNS request an appropriate IP address was provided for same DNS name. For example if user from IP address range 192.168.0.0 range connects to abc.com then it will get IP address 192.168.1.1 and if a user from range IP address10.0.0.0 connects then it will get 10.1.1.1.
  If we configure the same scenario as well then your requirement will be fulfiled with same name however VPN has to be enabled on wireless interface again. If not, then as you have described configuring a new domain name for VPN connection only for wireless users should do the deal.
  Regards,
  Anuj

• Port Forwarding on OSX 10.5 Server using Dynamic External IP Address

  I have been able to get Port Forwarding to work properly on OSX Server by following the documentation and following discussion:
  http://discussions.apple.com/thread.jspa?messageID=6700460
  The problem however, is that you specify a static ip address on the natd.plist file.
  I do not have a static ip address, and sometimes it changes. When this happens, of course all the port forwarding configuration will not work, and I need to replace the old external ip with the new external ip address.
  This is an easy task to be accomplished, however having the internal network down just for the change of ip address is a hassle.
  Is there any way the string entry can be updated with the ip address of the external interface (en0), instead of applying an ip address?
  <key>aliasIP</key>
  <string>17.128.128.128</string>
  I would like to have the ip address (ex: 17.128.128.128) to be updated automatically from my interface ip address. So if my external ip address changes to 17.128.30.30, the natd.plist file will be automatically updated with correct values.
  If I could do the following would be great but doesn't work
  <key>aliasIP</key>
  <string>en0</string>
  Any ideas on how to get this accomplished?
  Or better yet, can it be accomplished as of now?
  I know I can use IPNetRouterX (www.sustworks.com) and that will work just fine. Have tested using the trial and it works, however I do not want to spend $100 for the software either, and I bet there should be a way this can be done on OSX 10.5 Server.
  Thanks a lot!!!

  This would be best reposted in the appropriate Leopard server forum
  http://discussions.apple.com/category.jspa?categoryID=96

• Problem adding CSA external interface in IPS 6

  I configured my AIP-SSM sensor running IPS 6 to connect to the CSA MC, but I get a connection failure. The sensor is showing the following error when trying to connect:
  evError: eventId=1168311248090659938 severity=warning vendor=Cisco
  originator:
  hostId: os-ips
  appName: externalProductInterface
  appInstanceId: 317
  time: 2007/01/20 02:50:22 2007/01/19 20:50:22 GMT-06:00
  errorMessage: name=errNotAvailable Failure opening a subscription on the Management Center for Cisco Security Agents external interface at 1.1.1.1: Parse response found a different element when expecting the SOAP Envelope element

  The interface is currently disabled, but I think you'll get the picture.
  cisco-security-agents-mc-settings (min: 0, max: 2, current: 1)
  ip-address: 1.1.1.1
  interface-type: extended-sdee
  enabled: no default: yes
  url: /csamc/sdee-server
  port: 443
  use-ssl
  always-yes: yes
  username: adminuser
  password:
  host-posture-settings
  enabled: yes default: yes
  allow-unreachable-postures: yes
  posture-acls (ordered min: 0, max: 10, current: 1 - 1 active, 0 inactive)
  ACTIVE list-contents
  NAME: 1-subnet
  network-address: 192.168.1.0/24
  action: permit
  watchlist-address-settings
  enabled: yes
  manual-rr-increase: 25
  session-rr-increase: 25
  packet-rr-increase: 10

• Creating PO in SRM through external interface

  Is there a way to create a PO in SRM through an external interface without creating a shopping cart?  I see that we can create a shopping cart through BBP_PD_SC_CREATE_EXTERNAL.  But we need to create a PO in the SRM system without the shopping cart.  Is this possible?  It's neither the classic nor extended classic nor the standalone SRM scenarios that all have the shopping cart generate the PO.  Is there a way to create the PO without the shopping cart?  Is there a BAPI to do this?
  Right now, we generate an XI ABAP server proxy which allows us to push the PO information from an external system through XI into SRM, but we do not know what SRM function we need to invoke.
  Any help would be appreciated.
  Thanks,
  Jay
  SAP Integration Consultant

  I can give you the technical example of how to create a PO. You can get the sample logic of creating PO's from the program MBT_PO_MASS_CREATE.
  Regards,
  Mani

• Using External Interface on local content

  We're using External Interface for interfacing between Flash
  and
  JavaScript on the HTML page. All works fine online. When we
  try to
  localize the pages though (so that a Salesperson can have a
  CD full of
  demos), none of them seem to work.
  Is this an over-sensitive Flash security issue? We already
  have
  allowscriptaccess='always' and swliveconnect=true in the
  object/embed tags.
  What can we do that doesn't require changes on each
  individual machine
  to set trust paths or any other kind of browser
  configuration? Not only
  do we want to have this content working on the machine of a
  salesperson,
  we may get clients that want to deploy content offline
  (kiosks, machines
  without any network access).
  ~dd

  I believe you also need to have the user add the Flash file's location as a trusted
  source in the Flash Player settings.
  This is obviously an enormous pain. To get around this, you can run a temporary server from the CD. My team has used the Flying Ant server (http://www.wrensoft.com/flyingant/) and it worked quite well, and it runs on Mac, Windows, and Linux.
  Alternatively, you could create an installable AIR app to get around the security sandbox issue. If you don't want to have the customer install anything or have to go through loads of instructions to change Flash Player settings, go with the server solution.

• Configuring a5505 setup public server + DMZ

  Please bear with me, as am I utter new to the a5505 and Cisco products in general.
  Setup:
  LAN (192.168.1.X, with .3 as gateway)
  DMZ (192.168.2.X with .1 as gateway)
  WAN (X.X.X.146 as primary public IP, .145 as gateway and .147-150 as additional public IPs)
  I want to set it up so that X.146 is where all my outbound traffic appears to originate.
  I want tcp HTTPS and SMTP to be allowed from the WAN (via the X.147 IP) to a specific server (192.168.1.11) on the LAN.
  Also, HTTP traffic to X.148, X.149 and X.150 should go to DMZ and 192.168.2.8, 192.168.2.15 and 192.168.2.18 respectively, but I haven't added that to my config yet. Looking to get the HTTPS and SMTP ones working first, then I'll fix the others (one step at a time)
  I've got contact with the outside world when I've configured it using the ASDMs "Public Server" interface, but it refuses to properly establish the connection, I get a "SYN timeout".
  I'm sure it is a simple mistake I've made someplace, but some of this stuff is greek to me sofar, I must admit..
  My config:
  : Saved
  ASA Version 8.2(5)
  hostname kcisco
  enable password X encrypted
  passwd X encrypted
  names
  name X.X.X.144 outside-network
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport access vlan 5
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.3 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address X.X.X.146 255.255.255.248
  interface Vlan5
  description DMZ interface
  no forward interface Vlan1
  nameif DMZ
  security-level 50
  ip address 192.168.2.1 255.255.255.0
  ftp mode passive
  clock timezone GMT 0
  object-group service DM_INLINE_SERVICE_0
  service-object gre
  service-object tcp eq pptp
  service-object udp eq isakmp
  service-object udp eq 1701
  service-object udp eq 1723
  service-object udp eq 4500
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq https
  port-object eq smtp
  object-group service DM_INLINE_TCP_3 tcp
  port-object eq https
  port-object eq smtp
  access-list outside_access extended permit tcp any object-group DM_INLINE_TCP_3 host X.X.X.147 object-group DM_INLINE_TCP_1 
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu DMZ 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) X.X.X.147 192.168.1.11 netmask 255.255.255.255
  access-group outside_access in interface outside
  route outside 0.0.0.0 0.0.0.0 X.X.X.145 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:cc8458013e545e2e7ba1e2c0caa3dd6a
  : end
  no asdm history enable

  Thanks, fixed that at least.
  But still no further in getting the connection to be established.
  I see this in my logs:
  6 Oct 09 2012 15:29:22  Z.Z.Z.Z 42061 192.168.1.11 443 Built inbound TCP connection 1064 for outside:Z.Z.Z.Z/42061 (Z.Z.Z.Z/42061) to inside:192.168.1.11/443 (X.X.X.147/443)
  6 Oct 09 2012 15:29:52  Z.Z.Z.Z 42061 192.168.1.11 443 Teardown TCP connection 1064 for outside:Z.Z.Z.Z/42061 to inside:192.168.1.11/443 duration 0:00:30 bytes 0 SYN Timeout
  (Z.Z.Z.Z is the outside host I am testing from)
  (I've connected the mailserver to the firewall and configured it to use the FW gateway (192.168.1.3)

• Delete Intransit from APO which Loaded by PI from external interface

  Hi all,
  I am facinf a problem in deleting the Order created by External Interface.
  We are loading Inransit as PO Mamo (ATP Category AH). Now we need to delete all the Record with AH ATP categoy before we reload new intransit to APO.
  Problem is we are not able to delete those order as those are not in Live Cache.
  We try using transaction /n/sapapo/bp2 but every time its throwing error "SAP APO system Q51CLNT100 has been declared as an SAP R/3 system.
  and even i try deleting from /SAPAPO/RLCDEL. but its not deleting those order.
  Can some one suggest what to do.
  What all the option that we can try to delete the intransit.
  Thanks & Regards,
  Amit Sharma

  Hi Amit,
  You can use BAPI to delete AH ATP Category.
  1. Read all Purchase Documents from BAPI_POSRVAPS_GETLIST3 for product u2013 location for AH Type ATP Category only.
  2.Get the ORDID on the selection made.
  3.Call BAPI_POSRVAPS_REMOVEITEMS and load the list of order no. and then delete it.
  Please try this.
  Thanks,
  Dipankar

• Is anyone using the Calendar Server to send external invites?

  Is anyone using the Calendar Server to send external invites?
  We have a Mountain Lion server running DNS, Open Directory, File Sharing and VPN. We have recently stood up the Calendar server and it is working very well. Internal invites work fine and are instantaneous to computer, iPhone, iPad. We have the ports working so that calendar items created outside the network work fine as well. Only problem is we cannot invite anyone with an external e-mail address. Each time we do the Calendar Error Log populates with:
  2013-04-15 13:11:03-0500 [-] [mailgateway] 2013-04-15 13:11:03-0500 [Uninitialized] SMTP Client retrying server. Retry: 5 
  2013-04-15 13:11:03-0500 [-] [mailgateway] 2013-04-15 13:11:03-0500 [Uninitialized] SMTP Client retrying server. Retry: 4
  2013-04-15 13:11:03-0500 [-] [mailgateway] 2013-04-15 13:11:03-0500 [Uninitialized] SMTP Client retrying server. Retry: 3
  2013-04-15 13:11:03-0500 [-] [mailgateway] 2013-04-15 13:11:03-0500 [Uninitialized] SMTP Client retrying server. Retry: 2
  2013-04-15 13:11:03-0500 [-] [mailgateway] 2013-04-15 13:11:03-0500 [Uninitialized] SMTP Client retrying server. Retry: 1
  2013-04-15 13:11:03-0500 [-] [mailgateway] 2013-04-15 13:11:03-0500 [Uninitialized] [twistedcaldav.mail.MailHandler#error] Mail gateway failed to send message <[email protected]> from [email protected] to mailto:[email protected] (Reason: Failure with multiple causes.)
  We have set up an internal e-mail address. I have confined that it works fine. I have tried more than one internal account. I have also verified the settings through the command line by typing "sudo serveradmin settings calendar" The iMIP sending and receiving information is correct. There is no authentication type setting listed in the command line output even though there's a place to choose it in the Enable invitations by email - Edit button on the third screen. No matter what I choose it goes back to "login" and still doesn't work.
  The command line settings mention a port number 62310 as being the MailGatewayPort but opening that port on the network's firewall makes no difference. As I said external set up works fine from Mac/iPhone/iPad and push notification works fine as well.
  Is anyone using this functionality?

  I'm sorry. I forgot to add Mail to the list of services. I AM using mail on that server. Here's the iMIP portion of my settings output from Terminal.
  calendar:Scheduling:iMIP:Sending:Server = "boardwalkserver.kuhnwitt.com"
  calendar:Scheduling:iMIP:Sending:UseSSL = yes
  calendar:Scheduling:iMIP:Sending:Username = "calendarserver"
  calendar:Scheduling:iMIP:Sending:Address = "[email protected]"
  calendar:Scheduling:iMIP:Sending:Password = "password"
  calendar:Scheduling:iMIP:Sending:Port = 465
  calendar:Scheduling:iMIP:Enabled = yes
  calendar:Scheduling:iMIP:MailGatewayPort = 62310
  calendar:Scheduling:iMIP:Receiving:Server = "boardwalkserver.kuhnwitt.com"
  calendar:Scheduling:iMIP:Receiving:UseSSL = yes
  calendar:Scheduling:iMIP:Receiving:Username = "calendarserver"
  calendar:Scheduling:iMIP:Receiving:PollingSeconds = 30
  calendar:Scheduling:iMIP:Receiving:Type = "imap"
  calendar:Scheduling:iMIP:Receiving:Password = "password"
  calendar:Scheduling:iMIP:Receiving:Port = 993
  calendar:Scheduling:iMIP:AddressPatterns:_array_index:0 = "mailto:.*"
  calendar:Scheduling:iMIP:MailGatewayServer = "localhost"
  So Add mail to the services being used. Since Calendar is running on the mail server one would assume that it could communicate with it fairly easily.

• File transfer from a FTP server to another External FTP server

  Hi,
  I have one FTP server , I need to transfer a file from this FTP server to aother external FTP server. Could any one please help me how to write a batch file on FTP server so that my file is transfered to another FTP server by executing the Batch file. I don't want to use SAP server for this.
  best regards
  bobby

  CREATE CONTROLFILE
  Caution:
  Oracle recommends that you perform a full backup of all files in the database before using this statement. For more information, see Oracle9i User-Managed Backup and Recovery Guide.
  Purpose
  Use the CREATE CONTROLFILE statement to re-create a control file in one of the following cases:
  All copies of your existing control files have been lost through media failure.
  You want to change the name of the database.
  You want to change the maximum number of redo log file groups, redo log file members, archived redo log files, datafiles, or instances that can concurrently have the database mounted and open.
  Note:
  If it is necessary to use the CREATE CONTROLFILE statement, do not include in the DATAFILE clause any datafiles in temporary or read-only tablespaces. You can add these types of files to the database later.
  An alternative to the CREATE CONTROLFILE statement is ALTER DATABASE BACKUP CONTROLFILE TO TRACE, which generates a SQL script in the trace file to re-create the controlfile. If your database contains any read-only or temporary tablespaces, that SQL script will also contain all the necessary SQL statements to add those files back into the database.
  http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/statements_54a.htm#SQLRF01203

• ASA 5505 external interface dying

  Hi,
  We have an ASA 5505 ( version 9.1(2) ) that frequently stopped functioning ie the external interface refuses to pass any traffic , ASDM wont connect,etc.
  The internal interface does continue to function and if we SSH into the unit and do a reload , everything springs back into life again.
  What are the best steps to troubleshooting and finding a fix to this problem?
  Chris

  Hi Amrin,
  you can configure SLA monitoring on ASA and that woudl work fine for you:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
  Hope that helps.
  Thanks,
  Varun

• External interface.call is not working

  hi, i am trying to call one java script function in
  actionscript by using External interface.call method. but its not
  working .can u pls tell me why this happend

  "angadala" <[email protected]> wrote in
  message
  news:gmpc58$g9p$[email protected]..
  > skill status.mxml
  >
  >
  > <mx:Script>
  > <![CDATA[
  > if (ExternalInterface.available) {
  > ExternalInterface.call(getDataFromXml);
  > }
  >
  > it is javascript
  > <script type="javascript">
  > var data = new Array();
  > data[0]=[1,2,3];
  > function getData()
  > {
  > return data;
  > }
  > </script>
  > </head>
  > <body>
  > <div id="SkillStatus">
  > <p>Alternative content</p>
  > </div>
  >
  > </body>
  > </HTML>
  >
  1) Your JavaScript function name and the function name you
  are calling
  don't match.
  2) On the Flex side, you are calling a JS function that I
  think you are
  expecting to return a value, but not assigning the result of
  the value to a
  function.

• Is there a way to run an existing PS-JS script using external interface

  I have several previously written Photoshop JS scripts which I'd like to run through buttons on PS panels, much like the example for the HelloWorld introduction. I assume that--using external interface--I'll somehow be able to fire off these script files. Is this a correct assumption?
  Thanks!

  Certainly, but not with external interface.
  Have a look at the cookbooks. There are examples of how to use the root host object to call directly into extendscript.

• Memory leak in external interface SetReturnValue?

  I'm having trouble with a memory leak in my application. I'm
  hoping someone out there can help me find a fix or workaround, or
  tell me what I'm doing wrong.
  The leak seems to be coming from the flash external
  interface; specifically, IShockwaveFlash.SetReturnValue(String). My
  application is written in Visual Basic 2008, connecting to Flash
  9.0.124.0 (activex version).
  I've written a fairly simple flash/VB program pair to
  illustrate the problem.
  The SWF contains a button, 2 dynamic text fields, and the
  ActionScript 2 code below.
  The VB project contains a Form with a AxShockwaveFlash object
  and the VB code below.
  When this program is run, and the button is clicked a lot
  (10's of thousands of times), the application's memory creeps up
  and never seems to fall back down. If the string passed to
  SetReturnValue is longer, memory is consumed faster. But if the
  call to SetReturnValue is commented-out, the application's memory
  usage remains stable.
  If anyone has any suggestions on how to proceed, I'd be
  grateful.
  (By the way: I'm using a freeware program called DoItAgain to
  automate the button pressing.)

  I have developed two simple Java and corresponding
  C++ classes. Use code tags when you post your code.
  You are missing a lot of error checking. JNI calls, every single one, will usually be followed by some sort of error checking. Any that access classes, methods, fields or allocate object must be followed by checks for java exceptions.
  You will need to reduce your code to a smaller sample. Otherwise it is unlikely anyone will look at it.
  You also need to specify how you know that a memory leak is occurring.

• Two external interfaces; one to be used for outboud; second to be used for incoming VPN\Web traffic.

  I'm configuring our ASA and we have two AT&T circuits which we're only using one with our current Juniper firewall. I know the ASA doesn't support policy based routing so I'm wondering if the following hypothetical "config" is possible.
  External Interfaces:
  OUT_01 - 12.133.X.X
  OUT_02 - 201.61.X.X
  I would route all internal traffic to go out through OUT_01.
  We have over 5 site-to-site VPN and 30 external facing servers.  Could I use OUT_2 to configure all the inbound connections for the VPN and NAT rules?

  You can configure the ASA to allow asynchronous routing, as you are describing, by configuring TCP bypass.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_tcpstatebypass.html
  What this will do is you will still need to send traffic out one interface but the ASA will accept return traffic on either of the outside interfaces.  Configuring this can be a security risk as the ASA will ignor the state table.
  Or you could wait until ASA version 9.4 which will have support for PBR.  Ofcourse this is the first version that will support it, so don't be suprised if it has a few bugs.
  Please remember to select a correct answer and rate helpful posts