R/3 to R/3(Outside the firewall)
I need to send an IDOC outside our Firewall to one of our vendor and they are receiving the data, in an IDOC.
How should I approach this scenario.
On the Sender side I need to use the IDOC adapter (No Configuration is needed)
on the receiver side what adapter I need to use, because the receiving system is outside the firewall, any special points I need to keep in mind?>
thanks
Hi Mohan,
you can use saprouter SNC to create a secure tunnel
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e24ef6211d3a6510000e835363f/content.htm
as shown on the picture
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e24ef6211d3a6510000e835363f/ADDONSEC_image004.gif
to connect two R3 systems
but probably your basis team will handle this connection
Regards,
michal
Similar Messages
-
Creative Cloud update fails with "the download appears to be corrupted" when tried through our company's firewall, but succeeds if the computer is taken outside the firewall. The IT guys have opened up the ports and URL's specified in the Adobe documentation. I have also captured the network traffic of both the failed and successful downloads for IT to examine (using Little Snitch), however they can find nothing to account for the problem. Adobe just seems to "give up and die" after about 2-3 minutes. Why is this? How can I or IT fix this?
Can I send the above log files to someone familiar with these issues for examination?Hi Gveo,
Please follow the article: Creative Cloud Help | About Creative Cloud Packager which will help you to get your issue fixed.
Thanks,
Ratandeep Arora -
An application on both sides of the firewall
Hi,
we are building an Apex application that is mainly to be used in-house (behind the firewall). However, some reports and forms need to be available to users outside the firewall. These users will log in, there are no public users.
Keeping the "outside" forms/reports up to date with changes can be made manually, but the outside users should be created on the inside and mirrored out.
The outside users will enter small amount of data and this must be lifted inside.
We have been looking at Streams. Would a full schema replication work? For instance sessions and things...
Or would it be better to just replicate the user tables to the outside?
We plan to use the same database link Streams use to have the inside database fetch any updates made by the outside users.
Has anyone done anything similar?
Kind regards
Tomas Albinsson
Stockholm, SwedenWhile holding down your shift key you can click on the dock's divider and drag it to either side of your screen. From an Apple Pro Tip-of-the-Week found here.
Best regards, Andrew99
iMac 1 GHz Flat Panel 15" PPC 768 MB RAM Mac OS X (10.4.9) -
Accessing HTMLDB application outside of firewall....
If I develop an HTMLDB application on my database server that is inside my corporate firewall, how do I have people outside the firewall access it. Do I need to open one or more ports on the firewall? Using the same situation, is it possible to access this application externally from a Portal page?
Thanks,
BrettAs already mentioned this issue is not really an Apex issue, but an issue between your webserver ports and your InfoSec firewall folks. You also want to consider whether the data is sensitive enough to warrant HTTPS with SSL encrypted traffic rather than straight HTTP. At our institution we generally require HTTPS for corporate data but since the encryption requires a lot of processing it affects your application server performance. We have gone to a BigIP switch for all our HTTPS public ports, then from BIgIP to the app server we are behind the firewall and run http. So the Public Portal URL is https to the BigIP which then negotiates with the App servers. Our Network BigIP engineer works out the fiewall rules with our InfoSec folks. This approach offloads all the encryption processing to a dedicated hardware switch rather than to the app server. BigIp also allows for additional rules that can be set up to force certain URLs to require a VPN, for example.
Pat -
Should I place a weblogic server outside my firewall?
I am looking at setting up an app server running an HR application. I want employees to be able to access it from home and internally at work. One option is to set up two app servers one internally and one externally outside the firewall. Another option someone suggested was to just set up some kind of external apache server that just redirects traffic to the internal app server through an open port in the firewall. I'm not sure what is best or what is most secure. I have a lot of reading to do. Can anyone advise on the pros and cons or suggest some good reading material? I will be using the most recent version of weblogic. Thanks.
You can set up reverse proxy and allow external users to access it via the reverse proxy.
Internal users will anyways have access to WLS. -
Scripted movie won't run outside of firewall...open multiple ports?
I'm new to Flash and AS3, but with the help of many examples I have managed to created a scripted movie using some time lapse photography. I load the images from an XML file and use an event listener to add each image as a child of a movie clip. As the number of children grew, it caused the frame rate to slow, so I figured out that I could remove them after they were viewed and just keep looping through the array.
This works great on the local machine and when served up from the web server behind the firewall. However, if I try to access the file from outside the firewall, it loads the first image or two very slowly (if at all) then hangs. I've performed a net stat from the server and noticed that it is opening an inordinate number of connections to the remote client on various client ports (from 6 to 60+).
Any help would be greatly appreciated! The code I'm using is below...
// Input Parameters
var ssxml:String = "myfile.xml"; // file containing images & dates
// Stage settings
var swfStage:Stage = this.stage;
var swfFrameRate:int = 10;
swfStage.scaleMode = StageScaleMode.NO_SCALE;
// Movie Clip
var mc:MovieClip = new MovieClip(); // initiate movie clip
mc.x = 25; // starting point X
mc.y = 50; // starting point Y
// Text Field
var tf:TextField = this.dtsText;
// Cropping Rectangle
var cr:Sprite = new Sprite();
cr.graphics.beginFill(0x057072);
cr.graphics.drawRect(25,50,550,7);
cr.graphics.endFill();
// Read Flash Variables
try {
var keyStr:String;
var valueStr:String;
var paramObj:Object = LoaderInfo(this.root.loaderInfo).parameters;
for (keyStr in paramObj) {
valueStr = String(paramObj[keyStr]);
if (keyStr == "srcFile") {
ssxml = valueStr;
if (keyStr == "swfFrameRate") {
swfFrameRate = int(valueStr);
swfStage.frameRate = swfFrameRate;
} catch (error:Error) {
trace (error.message);
* Configure a loader to import the list of images and date
* time stamps from an XML file. The list of variables will
* be stored in arrays.
var photos_xml:XML
var xmlLdr:URLLoader = new URLLoader();
xmlLdr.addEventListener(Event.COMPLETE, completeHandler);
xmlLdr.load(new URLRequest(ssxml));
var img_array:Array = new Array(); // images
var dts_array:Array = new Array(); // date time stamps
var img_count:int = 0;
function completeHandler(event:Event):void {
try {
photos_xml = new XML(event.target.data);
var imgs:XMLList = photos_xml.img;
var dtss:XMLList = photos_xml.dts;
img_count = imgs.length();
for (var i=0;i<img_count;i++) {
img_array.push({src:imgs[i].text()});
dts_array.push({src:dtss[i].text()});
} catch(error:Error){
trace(error.message);
var nextImg:int = 0;
var imgLdr:Loader = new Loader();
imgLdr.contentLoaderInfo.addEventListener(Event.COMPLETE, doneLoad);
imgLdr.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, loadError);
imgLdr.contentLoaderInfo.addEventListener(ProgressEvent.PROGRESS, updateInfo);
stage.addEventListener(Event.ENTER_FRAME, enterFrameHandler);
function enterFrameHandler(event:Event):void {
try {
if (img_array.length > 0 ) {
loadInitialImage();
} catch(error:Error){
trace(error.message);
function loadInitialImage():void {
imgLdr.load(new URLRequest(img_array[nextImg].src));
function doneLoad(event:Event):void {
var theImage:DisplayObject = event.target.content;
imgLdr.unload();
var bm:Bitmap = theImage as Bitmap;
mc.addChild(bm);
mc.scaleX = 550/640;
mc.scaleY = mc.scaleX;
addChild(mc);
addChild(cr);
tf.text = dts_array[nextImg].src;
if (mc.numChildren > 1){
mc.removeChildAt(0);
nextImg = (nextImg+1)%img_count;
function loadError($event:IOErrorEvent):void {
tf.text = "Loading Data.....Please Stand By...........";
// Loader Progress
var swfTF:TextField = new TextField();
swfTF.autoSize = TextFieldAutoSize.LEFT;
swfTF.border = false;
addChild(swfTF);
//swfTF.text = "srcFile: " + ssxml + " FR: " + swfFrameRate;
function updateInfo($event:ProgressEvent):void {
swfTF.text = "srcFile: " + ssxml + " FR: " + swfFrameRate
+ " Loading: " + img_array[nextImg].src + " "
+ Math.floor($event.bytesLoaded/1024)
+ " KB of "
+ Math.floor($event.bytesTotal/1024)
+ " KB.";OK I figured it out. Apparently, the ENTER_FRAME event continues firing even as the image loader is processing. Outside the firewall, where it was taking longer to load the images, this was causing loadInitialImage() to request the same image over and over again which resulted in the port behavior I was seeing on the server as well as the client "locking up". The simple fix was to add a variable called currentImg (initialized to -1) which I set equal nextImg in loadInitialImage(). I then modified the if statement in enterFrameHandler() to only call loadInitialImage() if nextImg != currentImage.
-
Portal Installation from behind the Firewall
Hi
I'm tryin to install portal but my db is behind the firewall , how to aolve this problem ???? i cant use tns connect string
here is what i have in my tnsnames.ora
IDB =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = tcp)(PORT = 1610)(HOST = 192.168.0.2))
(ADDRESS = (PROTOCOL = tcp)(PORT = 1521)(HOST = 172.16.10.49))
(CONNECT_DATA =
(SID = dolphin)
(SOURCE_ROUTE = yes)
)Hi
My firewall support SQL , because I can connect to my database from 9ias server outside the firewall but my problem is only with Portal Installation , because I cant use tns connect string , I can only use the server name and the port , and I can only connect using tns connect string because
I have added to entries one for my firewall
and the other one is for db ...
any help please -
Restricting roles outside a firewall
Hello we are currently implementing Campus Solutions - our first Peoplesoft application. I have many question but firstly I would like to ask whether there was a possibility of restricting the scope of the Campus Solution application when it is accessed outside our firewall. In our current implementation of Oracle E-Business suite we offer Staff and Manager self-service to all users in all locations. To support this we have a dedicated application tier and a seperate URL that will only ever allow the Staff and Manager responsibilities to be displayed and used, irrespective of whether a user has additional responsibilities. Is it possible to implement CS in a way so that internally to the domain all roles are available but externally only Student and Staff self service roles can be accessed?
Hi,
Im not clear why the SP level is a problem here. Could you please clarify?
It should'nt be a problem because, you would be implementing this solution at the OS level. XI has nothing to do with this right? So, SP level does not come into picture here.
The script at the OS level, will pick the files from the target outside the firewall, and put a minimum number of files(say 100 files)every 5 mins or so into a directory where XI is polling. Only when the files are in this XI directory, file adapter etc. come into picture. So where is the dependency with the SP level?
Regards,
Smitha. -
Picking files outside a firewall
Hi,
I have a scenario where XI needs to pick files from a dropzone outside a firewall.We are using shell scripts to do this.The shell script is triggered from a dummy mapping(in SP12).
Assuming that there are a large number of files to be picked up,there is an issue that the file adapter is not able to process such a huge file load, and hence we have messages getting stuck in the queue.So, there are times when we need to deactivate the adapter, and run the scripts manually.
Is there any way the script can be changed, so that this problem can be worked around?
cheers
PrashanthHi,
Im not clear why the SP level is a problem here. Could you please clarify?
It should'nt be a problem because, you would be implementing this solution at the OS level. XI has nothing to do with this right? So, SP level does not come into picture here.
The script at the OS level, will pick the files from the target outside the firewall, and put a minimum number of files(say 100 files)every 5 mins or so into a directory where XI is polling. Only when the files are in this XI directory, file adapter etc. come into picture. So where is the dependency with the SP level?
Regards,
Smitha. -
Blocking unsolicited echo-reply from the outside of firewall
What is the easiest way to stop unsolicited icmp echo-reply packets coming from the outside of an Cisco ASA 5500 firewall?
Hi,
The firewall should now allow any ICMP Echo replys through the firewall if it hasnt seen a Echo for that same reply.
Instead of allowing Inbound ICMP from the WAN with an ACL you should configure ICMP Inspection
In a very default ASA configuration they would be added in the following way
policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error
Hope this helps
- Jouni -
Cannot Video Conference or Lync call with users outside of the Firewall
I am having the following issues:
Internal users can video conf and call each other fine.
User A internally can Lync call user B externally and voice is ok
User B externally calls user A and user A sees no toast or anything
User A internal tries to video call user B External but it says starting video
User B external tries to video call user A internal and no toast appears
I have eliminated the firewall to my external edge interface as I have temporarily added an ANY rule to make sure no ports are being blocked.
I have 1 public IP with
AV edge using 443
Web Conf using 444
and SIP using 5061
because I cannot "toast" and internal user from external with
either video call or lync voice call the common traffic is:
A/V Edge ICE/STUN:443 Stun/UDP:3478
A/V Edge SRTP:443,3478 TCP 50,000-59,999
Does anyone have any ideas what the issue might be or what I can do to test?
1 Lync 2010 Edge Server 1 Lync 2013 FE Server
***Don't forget to mark helpful or answer***The traffic is getting to the front end server as I monitored SIP stack on the front end and got this from the log after initiating the call request...
TL_INFO(TF_PROTOCOL) [1]131C.2280::05/15/2014-15:41:51.239.00000020 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[4195629786]
$$begin_record
Trace-Correlation-Id: 4195629786
Instance-Id: 30A7
Direction: outgoing
Peer: 10.1.5.98:58292
Message-Type: request
Start-Line: INVITE sip:10.1.5.98:58292;transport=tls;ms-opaque=69ab187213;ms-received-cid=15400 SIP/2.0
From: "Mitch King"<sip:[email protected]>;tag=de00273c69;epid=0bf6878c0e
To: <sip:[email protected]>;epid=2c737c11a8
Call-ID: e5bf68f84e0643839d3fc3524bf0a925
CSeq: 1 INVITE
Contact: <sip:[email protected];opaque=user:epid:K2EhWwgpmFyEPyRPWajS8wAA;gruu>
Via: SIP/2.0/TLS 10.1.3.106:5061;branch=z9hG4bKEAAC5ABA.63098DB96B0459CF;branched=FALSE;ms-internal-info="ccNiK2JF2ymTwz69iEJ-Koh9KulADFeojTs5M7Oy7Yteq5jQljcydysgAA"
Via: SIP/2.0/TLS 172.16.4.5:49216;branch=z9hG4bK0A64EEE1.72E873C44EADB9CF;branched=FALSE;ms-received-port=49216;ms-received-cid=14D00
Via: SIP/2.0/TLS 172.20.10.7:49185;received=213.205.233.99;ms-received-port=47938;ms-received-cid=1500
Record-Route: <sip:JNBSKV06.domain.co.uk:5061;transport=tls;opaque=state:T:F:Ci.R15400;lr;ms-route-sig=fas5y5A_Hi8kKMcMSekbcP058TEzxR0PC0fCKvEXCZO8S5jQljkAzQcAAA>;tag=A4CC2A746138BB8B2479B24FCDD3009C
Max-Forwards: 68
Content-Length: 4662
Content-Type: multipart/alternative;boundary="----=_NextPart_000_001F_01CF705C.920384C0"
Message-Body: ------=_NextPart_000_001F_01CF705C.920384C0
Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-ID: <[email protected]>
Content-Dis; handling=optional; ms-proxy-2007fallback
v=0
o=- 0 0 IN IP4 181.39.65.34
s=session
c=IN IP4 181.39.65.34
b=CT:99980
t=0 0
m=audio 59182 RTP/SAVP 114 9 112 111 0 8 116 115 4 97 13 118 101
a=candidate:RbmFhQT26e8jfmCHHNDiiSm4NNjv3BrThjDipLYc9fQ 1 lW66uiImb0jhBi7NTpWyFg UDP 0.830 172.20.10.7 12252
a=candidate:RbmFhQT26e8jfmCHHNDiiSm4NNjv3BrThjDipLYc9fQ 2 lW66uiImb0jhBi7NTpWyFg UDP 0.830 172.20.10.7 12253
a=candidate:a1v6y+uA7x0DXU+4yO610jGEhZlHstMX+bFcj3G9/JY 1 iLWi/RPFsw/i/z5MX2n6+w TCP 0.190 181.39.65.34 54566
a=candidate:a1v6y+uA7x0DXU+4yO610jGEhZlHstMX+bFcj3G9/JY 2 iLWi/RPFsw/i/z5MX2n6+w TCP 0.190 181.39.65.34 54566
a=candidate:lJEokTFI5l/qLQ4yb72D2US/uQtgJN9F5UNNlN+wsYU 1 5iW2Mv+VRFVMpZVS6glc6Q UDP 0.490 181.39.65.34 59182
a=candidate:lJEokTFI5l/qLQ4yb72D2US/uQtgJN9F5UNNlN+wsYU 2 5iW2Mv+VRFVMpZVS6glc6Q UDP 0.490 181.39.65.34 51845
a=candidate:u2uHk5L+RctPvbqIA6asJAT5h0kjBj0L06I8bKwUr9I 1 6y3UI2Y5SmfiROa+dCxgDA TCP 0.250 213.205.233.99 10012
a=candidate:u2uHk5L+RctPvbqIA6asJAT5h0kjBj0L06I8bKwUr9I 2 6y3UI2Y5SmfiROa+dCxgDA TCP 0.250 213.205.233.99 10012
a=candidate:WawePotOSAKzTE3UjFxrFaULbrWoKE+8azhkahUlBvQ 1 L0TZQvD2nRP1kIR6SFEbMQ UDP 0.550 213.205.233.99 10015
a=candidate:WawePotOSAKzTE3UjFxrFaULbrWoKE+8azhkahUlBvQ 2 L0TZQvD2nRP1kIR6SFEbMQ UDP 0.550 213.205.233.99 10016
a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:gtklU/YbidFvHH7yktIG1IgAJYmdEQfpOKCbhs1t|2^31|1:1
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:dKGa1f82DCYMtzMzQFYr/c2HYvpWHCkkSSBZTDzw|2^31|1:1
a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:JjNTaKZwo9xX+ebB4bXV1n+JkKDWaLk98qjfH+uB|2^31
a=maxptime:200
a=rtcp:51845
a=rtpmap:114 x-msrta/16000
a=fmtp:114 bitrate=29000
a=rtpmap:9 G722/8000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:111 SIREN/16000
a=fmtp:111 bitrate=16000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:116 AAL2-G726-32/8000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:4 G723/8000
a=rtpmap:97 RED/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=encryption:required
------=_NextPart_000_001F_01CF705C.920384C0
Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-ID: <[email protected]>
Content-Dis; handling=optional
v=0
o=- 0 0 IN IP4 181.39.65.34
s=session
c=IN IP4 181.39.65.34
b=CT:99980
t=0 0
m=audio 57869 RTP/SAVP 114 9 112 111 0 8 116 115 4 97 13 118 101
a=ice-ufrag:V8SO
a=ice-pwd:cPfWCmdBZf5ok2wzZmhGw4iJ
a=candidate:1 1 UDP 2130706431 172.20.10.7 22964 typ host
a=candidate:1 2 UDP 2130705918 172.20.10.7 22965 typ host
a=candidate:2 1 TCP-PASS 6556159 181.39.65.34 50574 typ relay raddr 213.205.233.99 rport 10013
a=candidate:2 2 TCP-PASS 6556158 181.39.65.34 50574 typ relay raddr 213.205.233.99 rport 10013
a=candidate:3 1 UDP 16648703 181.39.65.34 57869 typ relay raddr 213.205.233.99 rport 10014
a=candidate:3 2 UDP 16648702 181.39.65.34 57495 typ relay raddr 213.205.233.99 rport 10017
a=candidate:4 1 UDP 1694235647 213.205.233.99 10014 typ srflx raddr 172.20.10.7 rport 20732
a=candidate:4 2 UDP 1694234110 213.205.233.99 10017 typ srflx raddr 172.20.10.7 rport 20733
a=candidate:5 1 TCP-ACT 7076351 181.39.65.34 50574 typ relay raddr 213.205.233.99 rport 10013
a=candidate:5 2 TCP-ACT 7075838 181.39.65.34 50574 typ relay raddr 213.205.233.99 rport 10013
a=candidate:6 1 TCP-ACT 1684797439 213.205.233.99 10013 typ srflx raddr 172.20.10.7 rport 25165
a=candidate:6 2 TCP-ACT 1684796926 213.205.233.99 10013 typ srflx raddr 172.20.10.7 rport 25165
a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:gtklU/YbidFvHH7yktIG1IgAJYmdEQfpOKCbhs1t|2^31|1:1
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:dKGa1f82DCYMtzMzQFYr/c2HYvpWHCkkSSBZTDzw|2^31|1:1
a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:JjNTaKZwo9xX+ebB4bXV1n+JkKDWaLk98qjfH+uB|2^31
a=maxptime:200
a=rtcp:57495
a=rtpmap:114 x-msrta/16000
a=fmtp:114 bitrate=29000
a=rtpmap:9 G722/8000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:111 SIREN/16000
a=fmtp:111 bitrate=16000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:116 AAL2-G726-32/8000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:4 G723/8000
a=rtpmap:97 RED/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=encryption:required
------=_NextPart_000_001F_01CF705C.920384C0--
$$end_record
***Don't forget to mark helpful or answer*** -
STATIC IP issues from outside of firewall
Hi
I’m having one issue, we have static IP and we NAT the same to some local IP for our internal needs. Whenever we tried to reach the static IP from outside of firewall(some other network), it is working properly. But when we try to ping or use that static IP in internal LAN that is not working.
192.168.0.149 is internal LAN I have NAT to 202.xxx.xxx.xxx static IP with port 80.
Please help me on this.
here is the device running configuration
Result of the command: "show running-config"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool clientpool 192.168.0.20-192.168.0.50 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 202.53.82.98 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group PW
name-server 202.53.64.202
name-server 202.53.72.13
name-server 192.168.0.16
name-server 192.168.0.8
same-security-traffic permit intra-interface
object network PW-LAN
subnet 192.168.0.0 255.255.255.0
object network USA
subnet 192.168.2.0 255.255.255.0
object network 202.53.82.110
host 202.53.82.110
object network PWHYD
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.151
host 192.168.0.151
object network 192.168.0.154
host 192.168.0.154
object network 192.168.0.156
host 192.168.0.156
object network 192.168.0.158
host 192.168.0.158
object network 192.168.0.159
host 192.168.0.159
object network 192.168.0.149
host 192.168.0.149
object network Rackspace
subnet 10.176.0.0 255.240.0.0
object network NETWORK_OBJ_10.176.0.0_12
subnet 10.176.0.0 255.240.0.0
object network 192.168.0.147_http
host 192.168.0.147
object service http
service tcp source eq www destination eq www
object network 192.168.0.14
host 192.168.0.14
object network 192.168.0.14_iCA
host 192.168.0.14
object network 192.168.0.159_http
host 192.168.0.159
object network 192.168.0.159_50100
host 192.168.0.159
object network 202.53.82.101
host 202.53.82.101
object network 192.168.0.159_8001
host 192.168.0.159
object network 192.168.0.192
host 192.168.0.192
object network 192.168.0.159_any
host 192.168.0.159
object network clientpool
range 192.168.0.20 192.168.0.50
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.192_DEV
host 192.168.0.192
object-group network PW-All-Sites
network-object 192.168.0.0 255.255.255.0
network-object object PWHYD
network-object object USA
network-object object clientpool
access-list 100 extended permit ip any any
access-list 100 extended permit icmp any any
access-list l2l-list extended permit ip object-group PW-All-Sites 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group PW-All-Sites 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.2.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 10.176.0.0 255.240.0.0
access-list outside_cryptomap_3 extended permit ip object-group PW-All-Sites object Rackspace
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static PW-LAN PW-LAN destination static Rackspace Rackspace
nat (inside,outside) source static PW-LAN PW-LAN destination static PWHYD PWHYD
nat (inside,outside) source static PW-LAN PW-LAN destination static USA USA
nat (inside,outside) source dynamic PW-LAN interface
nat (any,inside) source dynamic clientpool interface
object network 192.168.0.151
nat (any,any) static 202.53.82.102 service tcp 3200 3200
object network 192.168.0.154
nat (any,any) static 202.53.82.104 service tcp 3201 3201
object network 192.168.0.156
nat (any,any) static 202.53.82.107 service tcp 3201 3201
object network 192.168.0.158
nat (any,any) static 202.53.82.109 service tcp 3222 3222
object network 192.168.0.159
nat (any,any) static 202.53.82.101 service tcp 3201 3201
object network 192.168.0.149
nat (inside,outside) static 202.53.82.100 service tcp www www
object network 192.168.0.147_http
nat (any,any) static 202.53.82.110 service tcp www www
object network 192.168.0.14
nat (any,any) static 202.53.82.99 service tcp https https
object network 192.168.0.14_iCA
nat (any,any) static 202.53.82.99 service tcp citrix-ica citrix-ica
object network 192.168.0.159_50100
nat (any,any) static 202.53.82.101 service tcp 50100 50100
object network 192.168.0.159_8001
nat (any,any) static 202.53.82.101 service tcp 8001 8001
object network 192.168.0.192_DEV
nat (any,any) static 202.53.82.106 service tcp 3201 3201
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.53.82.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PW protocol radius
aaa-server PW (inside) host 192.168.0.16
key *****
user-identity default-domain LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set pwset esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set pwsethyd esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RackspaceSet esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal RackSpaceSecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal pwhydsetsecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal secure
protocol esp encryption aes 3des des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outsidemap 1 match address l2l-list
crypto map outsidemap 1 set peer 63.82.1.98
crypto map outsidemap 1 set ikev1 transform-set pwset
crypto map outsidemap 1 set ikev2 ipsec-proposal secure
crypto map outsidemap 2 match address outside_cryptomap
crypto map outsidemap 2 set pfs
crypto map outsidemap 2 set peer 115.119.186.194
crypto map outsidemap 2 set ikev1 transform-set pwsethyd
crypto map outsidemap 3 match address outside_cryptomap_3
crypto map outsidemap 3 set peer 67.192.250.53
crypto map outsidemap 3 set ikev1 transform-set RackspaceSet
crypto map outsidemap 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outsidemap interface outside
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
fqdn vpn.processweaver.com
subject-name CN=vpn.processweaver.com,OU=PWIT,O="ProcessWeaver,Inc",C=US,St=California,L=Fremont
keypair ciscovpn.key
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 47869fe5
3082046a 30820352 a0030201 02020447 869fe530 0d06092a 864886f7 0d010105
05003048 310b3009 06035504 06130255 53312030 1e060355 040a1317 53656375
72655472 75737420 436f7270 6f726174 696f6e31 17301506 03550403 130e5365
63757265 54727573 74204341 301e170d 30383132 32323233 34373339 5a170d32
38313232 32323334 3733395a 3081ae31 0b300906 03550406 13025553 3111300f
06035504 08130849 6c6c696e 6f697331 10300e06 03550407 13074368 69636167
6f312130 1f060355 040a1318 54727573 74776176 6520486f 6c64696e 67732c20
496e632e 31363034 06035504 03132d54 72757374 77617665 204f7267 616e697a
6174696f 6e205661 6c696461 74696f6e 2043412c 204c6576 656c2032 311f301d
06092a86 4886f70d 01090116 10636140 74727573 74776176 652e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e814
eea0da97 bd89bd0c cc8ddf08 fb060983 a823515b 013f34da 1f1f6ec1 e35865cb
0af9f387 c8c8faa1 ccf574e2 b8ae2d06 8480286f 5ac1225c 929442cd 1902125c
10627ea2 44fb165e 9c72b1ac ea04e615 aa99e85a f858b987 24e875cd 2588e258
925e8683 7f8a2353 ae8ae8a3 217e83af 40091849 afe1d05a b04f6fe2 31adf4f1
371fc92a e18bd68c 1231d427 1adfea6b 9e7853ed 9a19b0ce 45445b1b ef645921
fac7b7d1 d30c1ecb 88dafd23 3ff4ac2b a04d61d3 becade19 616124f1 f69cb496
bd9deb17 9f243978 e92350d3 015077d8 52642f3e 194f75b9 17b1da8d e0d0eddb
3713dc2f e05f8068 d7f487ba c11f1278 d0082717 7a98a69f d221ba4e 87bf0203
010001a3 81f43081 f1300f06 03551d13 0101ff04 05300301 01ff301d 0603551d
0e041604 145dd996 9a40c727 cb2c9ba2 eccf19ab c8afcc86 48301f06 03551d23
04183016 80144232 b616fa04 fdfe5d4b 7ac3fdf7 4c401d5a 43af300b 0603551d
0f040403 02010630 34060355 1d1f042d 302b3029 a027a025 86236874 74703a2f
2f63726c 2e736563 75726574 72757374 2e636f6d 2f535443 412e6372 6c305b06
03551d20 04543052 300c060a 2b060104 0181ed18 03003042 060f2b06 01040181
ed180303 03030404 03302f30 2d06082b 06010505 07020116 21687474 703a2f2f
7777772e 73656375 72657472 7573742e 636f6d2f 6c656761 6c2f300d 06092a86
4886f70d 01010505 00038201 010053f1 c8a017ec 6c8882b1 c024afd1 0858b32c
6f7bc15c 89926f88 fc4bc002 50932f5a 419859b6 e37f8c14 63777d45 3c88505e
a6815200 c8c5fe48 ee1f5dad de440b42 589ce167 5c43b6a0 8598ff16 d41a28be
76e12fe1 84f47eb9 27aa77cb 36b3fec3 fad217f6 e1624ed3 ccccb319 65d34ba8
e8b3d54c eaf64eae cbae3448 1f60cc58 e7e774c9 0135fd6a e0588ad2 16ebece9
3ebbf01d cfb6ff1e 0cb7bb39 e9b7981b c05221eb 3a3d7838 8ca9195f 27a4d07f
3661ab24 7e9ff82d 3f922963 becb10db 0d403602 a0d417a2 8d7f7e7c 99af455a
40cda26b 5cbe0ef3 d387fca1 10caaa33 b7ba4bc0 3da4218c 179ccfd8 bfe657fe
cdebfa30 1ad5fee8 2597a9be 3bea
quit
certificate 0649f9a965553e7df2709c06c4da1b09e17cd9
30820510 308203f8 a0030201 02021306 49f9a965 553e7df2 709c06c4 da1b09e1
7cd9300d 06092a86 4886f70d 01010505 003081ae 310b3009 06035504 06130255
53311130 0f060355 04081308 496c6c69 6e6f6973 3110300e 06035504 07130743
68696361 676f3121 301f0603 55040a13 18547275 73747761 76652048 6f6c6469
6e67732c 20496e63 2e313630 34060355 0403132d 54727573 74776176 65204f72
67616e69 7a617469 6f6e2056 616c6964 6174696f 6e204341 2c204c65 76656c20
32311f30 1d06092a 864886f7 0d010901 16106361 40747275 73747761 76652e63
6f6d301e 170d3134 30363131 30353330 33355a17 0d313530 32323331 31333033
355a3070 311e301c 06035504 030c1576 706e2e70 726f6365 73737765 61766572
2e636f6d 31163014 06035504 0a0c0d50 726f6365 73735765 61766572 31143012
06035504 070c0b53 616e7461 20436c61 72613113 30110603 5504080c 0a43616c
69666f72 6e696131 0b300906 03550406 13025553 30820122 300d0609 2a864886
f70d0101 01050003 82010f00 3082010a 02820101 00cc194c fbdd63f5 0b49141a
9d21063f a13136df e524cef9 c55e9331 e6c5bc67 43361421 cafb7dc1 d244942e
6fd02ee7 198e7f7e 48ca62c2 1c8e1a8e 20431d42 b24103f1 5fad9287 9f9dc2da
5002e0b4 cf14b414 31e0e691 26cfbc0c 1ee09d6d 8176a63d 6ad81c30 b2b69dbe
59ce7092 44c09e62 27f20c58 8bd8e38a a3d75a94 94bbca6f 7ad87b93 3892ddb0
3f00a693 e05b5fe8 7a71d36c 223e1ded 8afb8ee4 1eea579c 53d964df 467694e9
b7ffe4f9 22c6dd5e 33d0ffee 9fd57fed 621c62f1 4dc6f14e 6518de53 c2fd7d5d
b37913b8 69211fe5 e194a6bf f60bc88a 343a93dc 34526931 b41566e3 f38f219f
9a6cefd5 d6d60002 2442b3e5 b4096717 2ffea23d b1020301 0001a382 01623082
015e300b 0603551d 0f040403 0205a030 1d060355 1d250416 30140608 2b060105
05070302 06082b06 01050507 0301301d 0603551d 0e041604 14cd47cf 646a8932
7cecb024 9fd2a31a b54d73dc c0301f06 03551d23 04183016 80145dd9 969a40c7
27cb2c9b a2eccf19 abc8afcc 86483048 0603551d 20044130 3f303d06 0f2b0601
040181ed 18030303 03040403 302a3028 06082b06 01050507 0201161c 68747470
733a2f2f 73736c2e 74727573 74776176 652e636f 6d2f4341 30370603 551d1104
30302e82 1576706e 2e70726f 63657373 77656176 65722e63 6f6d8215 7774732e
70726f63 65737377 65617665 722e636f 6d303506 03551d1f 042e302c 302aa028
a0268624 68747470 3a2f2f63 726c2e74 72757374 77617665 2e636f6d 2f4f5643
415f4c32 2e63726c 30360608 2b060105 05070101 042a3028 30260608 2b060105
05073001 861a6874 74703a2f 2f6f6373 702e7472 75737477 6176652e 636f6d2f
300d0609 2a864886 f70d0101 05050003 82010100 0785070e 045d6201 3ffc49b5
88808587 b6418d0e 87dc7ae8 3204563b 6e51ff93 25e8ad7a 9a11d439 2439a533
768477ca 902fdfbe f0c58a04 e15bf6a5 63829d4b a36c7ccc 0af9532b f39ec31d
21cd6b74 d3adffc2 5f8ee1c4 92c07ac6 ab547346 c740f477 857a82fd 897029d5
1cfa9b55 b1064ab7 1274556c 6a14f7a8 b8705cd4 51d6b7f4 0a024f6d 1818918c
0cb15bc5 cd301684 38c2dcb8 2585b44c 18808e1b 823a6043 28da0194 280fa6c9
80831cbc 1179be24 fc391e54 965761e5 e51031e1 0c76c65f 187922d0 96be80c9
3de9a56e 41d0fd3f 76afaf49 4bc4ff4c 213aa474 60a742ba 2a8fb3bd c9349da3
1ac96b24 7b99cba5 a28c6647 7803cf2c ee70540c
quit
crypto ikev2 policy 10
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 28800
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.5.2-192.168.5.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint2 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_PWSSL internal
group-policy GroupPolicy_PWSSL attributes
wins-server none
dns-server value 192.168.0.16
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain value processw.local
webvpn
anyconnect keep-installer none
group-policy GroupPolicy_115.119.186.194 internal
group-policy GroupPolicy_115.119.186.194 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_67.192.250.53 internal
group-policy GroupPolicy_67.192.250.53 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy pw internal
group-policy pw attributes
dns-server value 192.168.0.16
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain none
username rajuvaradha password 6biM7HbMtaadT82k encrypted
username e172 password E1abOIw/eu.DKO/y encrypted
username e150 password dJMsBQfrQRISuR8n encrypted
username e134 password bLBixKKCoH5Udlk9 encrypted
username e182 password mirFopEi/OG0LT4d encrypted
username e192 password u2P6WXLa1k8.kA1w encrypted
username e184 password Rpt/S1N6et6Xwi7W encrypted
username u033 password pS5QN8QLvYFHJfoK encrypted
username u011 password HGFsDnR5XiFAzrcE encrypted
username u010 password 5R8mktMpyUYPCpTO encrypted
username u032 password rst8O1b/yrXsKVmu encrypted
username u002 password .u2izEtqOIC5D2fT encrypted
username admin password eY/fQXw7Ure8Qrz7 encrypted
username u012 password JClYI3r7x0T/ed26 encrypted
username u015 password 6tNvtB4hPcUNDyhE encrypted
username u014 password Wy6x8dPcSnMcAT1v encrypted
username u017 password xahCXrBaZWzW8aEp encrypted
username u006 password BCEOAmlRL6CbQfTV encrypted
username e006 password DG96SZQ2gBqIXEYv encrypted
username e034 password 1sG72DUjsY7nt81V encrypted
username u007 password vtcK6xerueHvqZJZ encrypted
username u016 password pZgySMnraNBlTTnL encrypted
username u025 password ulAXIX1u2.UD/KvT encrypted
username u008 password G4vmDF.mv3rXWa7h encrypted
username u019 password NxlycJwroZrzCSJ3 encrypted
username e019 password E9NaUPs18c0.PBnd encrypted
username u018 password 33CghGQSMjbWDfdb encrypted
username u009 password uaaSLEu55XXbD5Sr encrypted
username u028 password UMFMzXMs6He7.zR8 encrypted
username e097 password .UawdlGNiYnRHnzF encrypted
username e314 password ye2/LpVufAXvAUJ6 encrypted
username e327 password 6mKef3HGlnyb6hnu encrypted
username e343 password 0g33Wbvzi.NL1PjH encrypted
username e222 password e0.SFEwm1RqC6lLj encrypted
username e289 password /YrO2mEvMUr9zxq3 encrypted
username e201 password Eox2TB.HgdkKLuec encrypted
username e265 password fTk7Vxw0Z06AAbHi encrypted
username e251 password 6y7YjKQO1rP3nAQG encrypted
username e219 password p049Lf7jFLisN6UJ encrypted
username e269 password v7oFefIpmPGd307D encrypted
tunnel-group 63.82.1.98 type ipsec-l2l
tunnel-group 63.82.1.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group pw type remote-access
tunnel-group pw general-attributes
address-pool clientpool
default-group-policy pw
tunnel-group pw ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 115.119.186.194 type ipsec-l2l
tunnel-group 115.119.186.194 general-attributes
default-group-policy GroupPolicy_115.119.186.194
tunnel-group 115.119.186.194 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 67.192.250.53 type ipsec-l2l
tunnel-group 67.192.250.53 general-attributes
default-group-policy GroupPolicy_67.192.250.53
tunnel-group 67.192.250.53 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group PWSSL type remote-access
tunnel-group PWSSL general-attributes
address-pool clientpool
authentication-server-group PW LOCAL
default-group-policy GroupPolicy_PWSSL
tunnel-group PWSSL webvpn-attributes
group-alias PWSSL enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:80663f0c45d0a6736344cf989a7af706
: endHi Marius,
Thanks for your suggestion
i have followed the same, but i'm still not able to access the static IP internal LAN. here is the running config out put.
Result of the command: "show running-config"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool clientpool 192.168.0.20-192.168.0.50 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 202.53.82.98 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group PW
name-server 202.53.64.202
name-server 202.53.72.13
name-server 192.168.0.16
name-server 192.168.0.8
same-security-traffic permit intra-interface
object network PW-LAN
subnet 192.168.0.0 255.255.255.0
object network USA
subnet 192.168.2.0 255.255.255.0
object network 202.53.82.110
host 202.53.82.110
object network PWHYD
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.151
host 192.168.0.151
object network 192.168.0.154
host 192.168.0.154
object network 192.168.0.156
host 192.168.0.156
object network 192.168.0.158
host 192.168.0.158
object network 192.168.0.159
host 192.168.0.159
object network 192.168.0.149
host 192.168.0.149
object network Rackspace
subnet 10.176.0.0 255.240.0.0
object network NETWORK_OBJ_10.176.0.0_12
subnet 10.176.0.0 255.240.0.0
object network 192.168.0.147_http
host 192.168.0.147
object service http
service tcp source eq www destination eq www
object network 192.168.0.14
host 192.168.0.14
object network 192.168.0.14_iCA
host 192.168.0.14
object network 192.168.0.159_http
host 192.168.0.159
object network 192.168.0.159_50100
host 192.168.0.159
object network 202.53.82.101
host 202.53.82.101
object network 192.168.0.159_8001
host 192.168.0.159
object network 192.168.0.192
host 192.168.0.192
object network 192.168.0.159_any
host 192.168.0.159
object network clientpool
range 192.168.0.20 192.168.0.50
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.192_DEV
host 192.168.0.192
object network 202.53.82.100
host 202.53.82.100
object network 149
host 192.168.0.149
object-group network PW-All-Sites
network-object 192.168.0.0 255.255.255.0
network-object object PWHYD
network-object object USA
network-object object clientpool
access-list 100 extended permit ip any any
access-list 100 extended permit icmp any any
access-list l2l-list extended permit ip object-group PW-All-Sites 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group PW-All-Sites 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.2.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 10.176.0.0 255.240.0.0
access-list outside_cryptomap_3 extended permit ip object-group PW-All-Sites object Rackspace
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static PW-LAN PW-LAN destination static Rackspace Rackspace
nat (inside,outside) source static PW-LAN PW-LAN destination static PWHYD PWHYD
nat (inside,outside) source static PW-LAN PW-LAN destination static USA USA
nat (inside,outside) source dynamic PW-LAN interface
nat (any,inside) source dynamic clientpool interface
nat (inside,inside) source static PW-LAN PW-LAN destination static 192.168.0.149 202.53.82.100
object network 192.168.0.151
nat (any,any) static 202.53.82.102 service tcp 3200 3200
object network 192.168.0.154
nat (any,any) static 202.53.82.104 service tcp 3201 3201
object network 192.168.0.156
nat (any,any) static 202.53.82.107 service tcp 3201 3201
object network 192.168.0.158
nat (any,any) static 202.53.82.109 service tcp 3222 3222
object network 192.168.0.159
nat (any,any) static 202.53.82.101 service tcp 3201 3201
object network 192.168.0.147_http
nat (any,any) static 202.53.82.110 service tcp www www
object network 192.168.0.14
nat (any,any) static 202.53.82.99 service tcp https https
object network 192.168.0.14_iCA
nat (any,any) static 202.53.82.99 service tcp citrix-ica citrix-ica
object network 192.168.0.159_50100
nat (any,any) static 202.53.82.101 service tcp 50100 50100
object network 192.168.0.159_8001
nat (any,any) static 202.53.82.101 service tcp 8001 8001
object network 192.168.0.192_DEV
nat (any,any) static 202.53.82.106 service tcp 3201 3201
object network 149
nat (any,any) static 202.53.82.100 service tcp www www
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.53.82.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PW protocol radius
aaa-server PW (inside) host 192.168.0.16
key *****
user-identity default-domain LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set pwset esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set pwsethyd esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RackspaceSet esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal RackSpaceSecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal pwhydsetsecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal secure
protocol esp encryption aes 3des des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outsidemap 1 match address l2l-list
crypto map outsidemap 1 set peer 63.82.1.98
crypto map outsidemap 1 set ikev1 transform-set pwset
crypto map outsidemap 1 set ikev2 ipsec-proposal secure
crypto map outsidemap 2 match address outside_cryptomap
crypto map outsidemap 2 set pfs
crypto map outsidemap 2 set peer 115.119.186.194
crypto map outsidemap 2 set ikev1 transform-set pwsethyd
crypto map outsidemap 3 match address outside_cryptomap_3
crypto map outsidemap 3 set peer 67.192.250.53
crypto map outsidemap 3 set ikev1 transform-set RackspaceSet
crypto map outsidemap 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outsidemap interface outside
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
fqdn vpn.processweaver.com
subject-name CN=vpn.processweaver.com,OU=PWIT,O="ProcessWeaver,Inc",C=US,St=California,L=Fremont
keypair ciscovpn.key
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 47869fe5
3082046a 30820352 a0030201 02020447 869fe530 0d06092a 864886f7 0d010105
05003048 310b3009 06035504 06130255 53312030 1e060355 040a1317 53656375
72655472 75737420 436f7270 6f726174 696f6e31 17301506 03550403 130e5365
63757265 54727573 74204341 301e170d 30383132 32323233 34373339 5a170d32
38313232 32323334 3733395a 3081ae31 0b300906 03550406 13025553 3111300f
06035504 08130849 6c6c696e 6f697331 10300e06 03550407 13074368 69636167
6f312130 1f060355 040a1318 54727573 74776176 6520486f 6c64696e 67732c20
496e632e 31363034 06035504 03132d54 72757374 77617665 204f7267 616e697a
6174696f 6e205661 6c696461 74696f6e 2043412c 204c6576 656c2032 311f301d
06092a86 4886f70d 01090116 10636140 74727573 74776176 652e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e814
eea0da97 bd89bd0c cc8ddf08 fb060983 a823515b 013f34da 1f1f6ec1 e35865cb
0af9f387 c8c8faa1 ccf574e2 b8ae2d06 8480286f 5ac1225c 929442cd 1902125c
10627ea2 44fb165e 9c72b1ac ea04e615 aa99e85a f858b987 24e875cd 2588e258
925e8683 7f8a2353 ae8ae8a3 217e83af 40091849 afe1d05a b04f6fe2 31adf4f1
371fc92a e18bd68c 1231d427 1adfea6b 9e7853ed 9a19b0ce 45445b1b ef645921
fac7b7d1 d30c1ecb 88dafd23 3ff4ac2b a04d61d3 becade19 616124f1 f69cb496
bd9deb17 9f243978 e92350d3 015077d8 52642f3e 194f75b9 17b1da8d e0d0eddb
3713dc2f e05f8068 d7f487ba c11f1278 d0082717 7a98a69f d221ba4e 87bf0203
010001a3 81f43081 f1300f06 03551d13 0101ff04 05300301 01ff301d 0603551d
0e041604 145dd996 9a40c727 cb2c9ba2 eccf19ab c8afcc86 48301f06 03551d23
04183016 80144232 b616fa04 fdfe5d4b 7ac3fdf7 4c401d5a 43af300b 0603551d
0f040403 02010630 34060355 1d1f042d 302b3029 a027a025 86236874 74703a2f
2f63726c 2e736563 75726574 72757374 2e636f6d 2f535443 412e6372 6c305b06
03551d20 04543052 300c060a 2b060104 0181ed18 03003042 060f2b06 01040181
ed180303 03030404 03302f30 2d06082b 06010505 07020116 21687474 703a2f2f
7777772e 73656375 72657472 7573742e 636f6d2f 6c656761 6c2f300d 06092a86
4886f70d 01010505 00038201 010053f1 c8a017ec 6c8882b1 c024afd1 0858b32c
6f7bc15c 89926f88 fc4bc002 50932f5a 419859b6 e37f8c14 63777d45 3c88505e
a6815200 c8c5fe48 ee1f5dad de440b42 589ce167 5c43b6a0 8598ff16 d41a28be
76e12fe1 84f47eb9 27aa77cb 36b3fec3 fad217f6 e1624ed3 ccccb319 65d34ba8
e8b3d54c eaf64eae cbae3448 1f60cc58 e7e774c9 0135fd6a e0588ad2 16ebece9
3ebbf01d cfb6ff1e 0cb7bb39 e9b7981b c05221eb 3a3d7838 8ca9195f 27a4d07f
3661ab24 7e9ff82d 3f922963 becb10db 0d403602 a0d417a2 8d7f7e7c 99af455a
40cda26b 5cbe0ef3 d387fca1 10caaa33 b7ba4bc0 3da4218c 179ccfd8 bfe657fe
cdebfa30 1ad5fee8 2597a9be 3bea
quit
certificate 0649f9a965553e7df2709c06c4da1b09e17cd9
30820510 308203f8 a0030201 02021306 49f9a965 553e7df2 709c06c4 da1b09e1
7cd9300d 06092a86 4886f70d 01010505 003081ae 310b3009 06035504 06130255
53311130 0f060355 04081308 496c6c69 6e6f6973 3110300e 06035504 07130743
68696361 676f3121 301f0603 55040a13 18547275 73747761 76652048 6f6c6469
6e67732c 20496e63 2e313630 34060355 0403132d 54727573 74776176 65204f72
67616e69 7a617469 6f6e2056 616c6964 6174696f 6e204341 2c204c65 76656c20
32311f30 1d06092a 864886f7 0d010901 16106361 40747275 73747761 76652e63
6f6d301e 170d3134 30363131 30353330 33355a17 0d313530 32323331 31333033
355a3070 311e301c 06035504 030c1576 706e2e70 726f6365 73737765 61766572
2e636f6d 31163014 06035504 0a0c0d50 726f6365 73735765 61766572 31143012
06035504 070c0b53 616e7461 20436c61 72613113 30110603 5504080c 0a43616c
69666f72 6e696131 0b300906 03550406 13025553 30820122 300d0609 2a864886
f70d0101 01050003 82010f00 3082010a 02820101 00cc194c fbdd63f5 0b49141a
9d21063f a13136df e524cef9 c55e9331 e6c5bc67 43361421 cafb7dc1 d244942e
6fd02ee7 198e7f7e 48ca62c2 1c8e1a8e 20431d42 b24103f1 5fad9287 9f9dc2da
5002e0b4 cf14b414 31e0e691 26cfbc0c 1ee09d6d 8176a63d 6ad81c30 b2b69dbe
59ce7092 44c09e62 27f20c58 8bd8e38a a3d75a94 94bbca6f 7ad87b93 3892ddb0
3f00a693 e05b5fe8 7a71d36c 223e1ded 8afb8ee4 1eea579c 53d964df 467694e9
b7ffe4f9 22c6dd5e 33d0ffee 9fd57fed 621c62f1 4dc6f14e 6518de53 c2fd7d5d
b37913b8 69211fe5 e194a6bf f60bc88a 343a93dc 34526931 b41566e3 f38f219f
9a6cefd5 d6d60002 2442b3e5 b4096717 2ffea23d b1020301 0001a382 01623082
015e300b 0603551d 0f040403 0205a030 1d060355 1d250416 30140608 2b060105
05070302 06082b06 01050507 0301301d 0603551d 0e041604 14cd47cf 646a8932
7cecb024 9fd2a31a b54d73dc c0301f06 03551d23 04183016 80145dd9 969a40c7
27cb2c9b a2eccf19 abc8afcc 86483048 0603551d 20044130 3f303d06 0f2b0601
040181ed 18030303 03040403 302a3028 06082b06 01050507 0201161c 68747470
733a2f2f 73736c2e 74727573 74776176 652e636f 6d2f4341 30370603 551d1104
30302e82 1576706e 2e70726f 63657373 77656176 65722e63 6f6d8215 7774732e
70726f63 65737377 65617665 722e636f 6d303506 03551d1f 042e302c 302aa028
a0268624 68747470 3a2f2f63 726c2e74 72757374 77617665 2e636f6d 2f4f5643
415f4c32 2e63726c 30360608 2b060105 05070101 042a3028 30260608 2b060105
05073001 861a6874 74703a2f 2f6f6373 702e7472 75737477 6176652e 636f6d2f
300d0609 2a864886 f70d0101 05050003 82010100 0785070e 045d6201 3ffc49b5
88808587 b6418d0e 87dc7ae8 3204563b 6e51ff93 25e8ad7a 9a11d439 2439a533
768477ca 902fdfbe f0c58a04 e15bf6a5 63829d4b a36c7ccc 0af9532b f39ec31d
21cd6b74 d3adffc2 5f8ee1c4 92c07ac6 ab547346 c740f477 857a82fd 897029d5
1cfa9b55 b1064ab7 1274556c 6a14f7a8 b8705cd4 51d6b7f4 0a024f6d 1818918c
0cb15bc5 cd301684 38c2dcb8 2585b44c 18808e1b 823a6043 28da0194 280fa6c9
80831cbc 1179be24 fc391e54 965761e5 e51031e1 0c76c65f 187922d0 96be80c9
3de9a56e 41d0fd3f 76afaf49 4bc4ff4c 213aa474 60a742ba 2a8fb3bd c9349da3
1ac96b24 7b99cba5 a28c6647 7803cf2c ee70540c
quit
crypto ikev2 policy 10
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 28800
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.5.2-192.168.5.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint2 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_PWSSL internal
group-policy GroupPolicy_PWSSL attributes
wins-server none
dns-server value 192.168.0.16
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain value processw.local
webvpn
anyconnect keep-installer none
group-policy GroupPolicy_115.119.186.194 internal
group-policy GroupPolicy_115.119.186.194 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_67.192.250.53 internal
group-policy GroupPolicy_67.192.250.53 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy pw internal
group-policy pw attributes
dns-server value 192.168.0.16
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain none
username rajuvaradha password 6biM7HbMtaadT82k encrypted
username e172 password E1abOIw/eu.DKO/y encrypted
username e150 password dJMsBQfrQRISuR8n encrypted
username e134 password bLBixKKCoH5Udlk9 encrypted
username e182 password mirFopEi/OG0LT4d encrypted
username e192 password u2P6WXLa1k8.kA1w encrypted
username e184 password Rpt/S1N6et6Xwi7W encrypted
username u033 password pS5QN8QLvYFHJfoK encrypted
username u011 password HGFsDnR5XiFAzrcE encrypted
username u010 password 5R8mktMpyUYPCpTO encrypted
username u032 password rst8O1b/yrXsKVmu encrypted
username u002 password .u2izEtqOIC5D2fT encrypted
username admin password eY/fQXw7Ure8Qrz7 encrypted
username u012 password JClYI3r7x0T/ed26 encrypted
username u015 password 6tNvtB4hPcUNDyhE encrypted
username u014 password Wy6x8dPcSnMcAT1v encrypted
username u017 password xahCXrBaZWzW8aEp encrypted
username u006 password BCEOAmlRL6CbQfTV encrypted
username e006 password DG96SZQ2gBqIXEYv encrypted
username e034 password 1sG72DUjsY7nt81V encrypted
username u007 password vtcK6xerueHvqZJZ encrypted
username u016 password pZgySMnraNBlTTnL encrypted
username u025 password ulAXIX1u2.UD/KvT encrypted
username u008 password G4vmDF.mv3rXWa7h encrypted
username u019 password NxlycJwroZrzCSJ3 encrypted
username e019 password E9NaUPs18c0.PBnd encrypted
username u018 password 33CghGQSMjbWDfdb encrypted
username u009 password uaaSLEu55XXbD5Sr encrypted
username u028 password UMFMzXMs6He7.zR8 encrypted
username e097 password .UawdlGNiYnRHnzF encrypted
username e314 password ye2/LpVufAXvAUJ6 encrypted
username e327 password 6mKef3HGlnyb6hnu encrypted
username e343 password 0g33Wbvzi.NL1PjH encrypted
username e222 password e0.SFEwm1RqC6lLj encrypted
username e289 password /YrO2mEvMUr9zxq3 encrypted
username e201 password Eox2TB.HgdkKLuec encrypted
username e265 password fTk7Vxw0Z06AAbHi encrypted
username e251 password 6y7YjKQO1rP3nAQG encrypted
username e219 password p049Lf7jFLisN6UJ encrypted
username e269 password v7oFefIpmPGd307D encrypted
tunnel-group 63.82.1.98 type ipsec-l2l
tunnel-group 63.82.1.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group pw type remote-access
tunnel-group pw general-attributes
address-pool clientpool
default-group-policy pw
tunnel-group pw ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 115.119.186.194 type ipsec-l2l
tunnel-group 115.119.186.194 general-attributes
default-group-policy GroupPolicy_115.119.186.194
tunnel-group 115.119.186.194 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 67.192.250.53 type ipsec-l2l
tunnel-group 67.192.250.53 general-attributes
default-group-policy GroupPolicy_67.192.250.53
tunnel-group 67.192.250.53 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group PWSSL type remote-access
tunnel-group PWSSL general-attributes
address-pool clientpool
authentication-server-group PW LOCAL
default-group-policy GroupPolicy_PWSSL
tunnel-group PWSSL webvpn-attributes
group-alias PWSSL enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:3b6339b71a4cf924c7b30056a3e6fc31
: end -
FTP adapter to connect to SFTP server that sits outside of firewall
We have a firewall between soa server and ftp server. There is no proxy server configured on the firewall. We tried two configuration as listed below both were not working. ANy guidance would be greatly appreciated! Thanks!
We are able to do sftp through command prompt from soa server to ftp server.
Kathar
First configuration:
host
port - 22
username
password
sftp - true
transport mode - socket
authenticationType - PASSWORD
Error Received
[2013-05-23T09:05:27.619-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-000000000005a46f,1:30571] [APP: soa-infra] FTP Adapter FTPTestProject [[
BINDING.JCA-11445
The SSH API threw an exception.
The SSH API threw an exception.
The SSH API threw an exception.
Maverick has not been setup properly. Please correct the setup.
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.setUpPasswordSocketConnection(SSHSessionImpl.java:206)
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.<init>(SSHSessionImpl.java:128)
at oracle.tip.adapter.ftp.SshImpl.SshImplFactory.getSshImpl(SshImplFactory.java:26)
at oracle.tip.adapter.ftp.SFTPManagedConnection.setupSftpConnection(SFTPManagedConnection.java:154)
at oracle.tip.adapter.ftp.SFTPManagedConnection.<init>(SFTPManagedConnection.java:67)
at oracle.tip.adapter.ftp.FTPManagedConnectionFactory.createManagedConnection(FTPManagedConnectionFactory.java:180)
at weblogic.connector.security.layer.AdapterLayer.createManagedConnection(AdapterLayer.java:803)
at weblogic.connector.outbound.ConnectionFactory.createResource(ConnectionFactory.java:91)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1310)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResourceInternal(ResourcePoolImpl.java:419)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:344)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:323)
at weblogic.connector.outbound.ConnectionPool.reserveResource(ConnectionPool.java:620)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:317)
at weblogic.connector.outbound.ConnectionManagerImpl.getConnectionInfo(ConnectionManagerImpl.java:380)
at weblogic.connector.outbound.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:129)
at oracle.tip.adapter.ftp.FTPConnectionFactory.getConnection(FTPConnectionFactory.java:102)
at oracle.tip.adapter.ftp.SFTPAgent.preCall(SFTPAgent.java:1192)
at oracle.tip.adapter.ftp.SFTPAgent.validateInputDir(SFTPAgent.java:758)
at oracle.tip.adapter.ftp.inbound.FTPSource.revalidatePollingError(FTPSource.java:1357)
at oracle.tip.adapter.file.inbound.PollWork.onAlert(PollWork.java:476)
at oracle.tip.adapter.file.inbound.PollWork.run(PollWork.java:357)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused by: com.maverick.ssh.SshException: Failed to negotiate a transport component [aes192-cbc] [aes256-ctr]
at com.maverick.ssh2.TransportProtocol.A(Unknown Source)
at com.maverick.ssh2.TransportProtocol.C(Unknown Source)
at com.maverick.ssh2.TransportProtocol.processMessage(Unknown Source)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(Unknown Source)
at com.maverick.ssh2.Ssh2Client.connect(Unknown Source)
at com.maverick.ssh.SshConnector.connect(Unknown Source)
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.setUpPasswordSocketConnection(SSHSessionImpl.java:194)
... 24 more
Second configuration:
host
port - 22
username
password
sftp - true
transport mode - http
authenticationType - PASSWORD
Below error indicates it expects proxy configuration, but we don't have any
Error
Proxy Host: Proxy Port: -1 Proxy UserName: Connection Type: http
[2013-05-23T09:00:42.837-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-0000000000059c8e,1:30566] [APP: soa-infra] FTP Adapter FTPTestProject Exception while setting up session
[2013-05-23T09:00:42.837-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-0000000000059c8e,1:30566] [APP: soa-infra] FTP Adapter FTPTestProject [[
BINDING.JCA-11443
Adapter internal error.
Adapter internal error.
The adapter has become unstable. This could be because of incorrect parameters supplied to the adapter. The parameter: [Ljava.lang.String;@19062d06 had value: [Ljava.lang.String;@19062d0c
Please make sure that SFTP has been setup correctly.
Edited by: Kathar on May 23, 2013 12:25 PMHi,
We have a firewall between soa server and ftp server. There is no proxy server configured on the firewall...
We are able to do sftp through command prompt from soa server to ftp server...Some facts above look discordant... My understanding is you have to use http to access a ftp server running outside a firewall and socket if it's inside a firewall...
However, you seem to have access with socket from FtpAdapter and also are able to do sftp via command prompt (without using a proxy!)... Those facts make me believe that the connection is actually not going through the firewall... Is the Ftp server in the internal network? Is the soa server running on Windows or Linux?
Recheck your configuration according to steps on the document bellow and do some further investigation to assure that the connection from soa server to the ftp server is actually going through the firewall... Ask for the network administrator to close the SFTP port on the firewall and see if you still can connect to it...
http://docs.oracle.com/cd/E28280_01/integration.1111/e10231/adptr_file.htm#CACDFFFB
Cheers,
Vlad -
Cisco Unity Connection not relaying voicemails outside the organization
Hi all, we are running Cisco Unity Connection version: 8.6.2ES25.21900-25. It has been set up to accept voicemails for Exchange 2010 users (in other words email messages with WAV attachments) and deliver these to their inboxes; this works with no problem.
I have two users who would like to receive these emails at their outside account, however the messages are never sent. I have tried the following:
Changed the users corporate email addresses from "[email protected]" to "[email protected]"
Unchecked the option to "Generate SMTP Proxy Address From Corporate Email Address."
On the "Message Actions" page for their account I have configured voicemail and email to "Relay the message" and entered their external SMTP addresses.
Confirmed the smart host setup is OK (points to our Exchange 2010 CAS which has firewall rules in place to permit it to send mail outside the organization.
Confirmed the Exchange 2010 CAS will accept SMTP messages from the subnet the Unity Connection server resides in.
If I switch the user SMTP settings BACK to their original internal SMTP addresses for my company the messages are then immediately delivered properly to these addresses. This signifies to me that Unity is periodically trying to send these items but they just aren't going out. No sign of the messages in any user report I ran in Unity nor message tracking in Exchange.
I also tried setting up an Outlook rule to forward these voicemail messages to the recipients external addresses but this did not work and after doing some research I see that the way in which Unity delivers the messages to these recipients internally (via EWS) is the reason why. I wonder if this is the same reason these are not going out to their external SMTP addresses.
Thanks for any assistance provided!Look at the transfer options for that particular user and make sure it's set to ring the phone, that configuration is PER user.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk -
HI friends i am facing issue regarding the hosting of an application on the firewall .
Dear friends i configure public ip on firewall interface ,and i have one more public ip for hosting of the sqp application publicly,so please how can i do this can any one let me know configuration is below.
THE BELOW ARE THE IP ADD FOR THE SERVER HOSTING ,AND CONFIGURATION OF THE FIREWALL AND ROUTER FOLLLOW BELOW.
PC IP : 72.93.232.66
Subnet Mask: 255.255.255.252
Gate Way ( Router IP ) : 72.93.232.65
Domain Name : www.hrmstadrees.com
Server Local IP for Application: http://10.10.10.4/MenaITech/Mename/
ASA-CONFIG
ASA Version 8.2(5)
domain-name RAQ.com
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description Connected to TAD-Router G0/1
nameif outside
security-level 0
ip address 72.93.19.174 255.255.255.252
interface Ethernet0/1
description Connected to Cisco SMB Switch G1
nameif inside
security-level 100
ip address 10.15.1.1 255.255.255.248
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
no ip address
management-only
banner login ******** RAQ FIREWALL ********
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 84.22.224.11
name-server 84.22.224.12
domain-name tadrees.com
access-list split-tunnel standard permit 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.1.1.0 255.255.255.0
access-list Mename-Access extended permit tcp any host 72.93.19.174 eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool sslvpnpool 10.1.1.1-10.1.1.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-702.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.10.10.4 www netmask 255.255.255.255
access-group Mename-Access in interface outside
router rip
network 10.0.0.0
version 2
route outside 0.0.0.0 0.0.0.0 72.93.19.173 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TAD-AD protocol nt
aaa-server TAD-AD (inside) host 10.10.10.1
aaa authentication ssh console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 2
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
no anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy sslvpn internal
group-policy sslvpn attributes
wins-server none
dns-server none
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value tadrees.com
group-policy DfltGrpPolicy attributes
webvpn
svc ask enable default webvpn timeout 30
username admin password s8Vngsgpp8NmOJP7 encrypted privilege 15
username cisco password HWFflA1bzYiq7Uut encrypted privilege 15
tunnel-group TAD-SSLV type remote-access
tunnel-group TAD-SSLV general-attributes
address-pool sslvpnpool
authentication-server-group TAD-AD LOCAL
default-group-policy sslvpn
tunnel-group TAD-SSLV webvpn-attributes
group-alias ssl enable
group-url https://72.93.19.174/ssl enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c23556bcb54d60cbd598593f6429d106
: end
ROUTER CONFIGURATION
RAQ-Router#sho run
Building configuration...
Current configuration : 5623 bytes
! Last configuration change at 13:59:42 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname TAD-Router
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
no aaa new-model
no ipv6 cef
ip source-route
no ip cef
ip domain name yourdomain.com
ip name-server 8.8.8.8
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1513054491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1513054491
revocation-check none
rsakeypair TP-self-signed-1513054491
crypto pki certificate chain TP-self-signed-1513054491
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353133 30353434 3931301E 170D3132 30393236 31363239
33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313330
35343439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AADE 6F39CF31 6832A80B DBCC6E4D 82AA4F8A B71E7118 50B53E0E FD94E7E9
A6557FD6 30A099C0 D44E36BA 92CBE1EB 1C2789B6 A1260D38 B24637A5 255F18D7
0B6F2B70 44CF0583 DADB7687 E4102B24 4FA18CDA 36A7CA2A 96F78C1C B92214D8
087DC6D5 240F7449 DBC4AD01 17FBDC0A 9ECC24DF C7D57E33 9C9CF327 27F2A905
78470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D06F56 4B82A937 E11730CB BDEECF51 BDAE337F 98301D06
03551D0E 04160414 D06F564B 82A937E1 1730CBBD EECF51BD AE337F98 300D0609
2A864886 F70D0101 05050003 8181005A 297C5954 817B8D56 1443D1D5 B21DBA42
F7EC486D B82CBA55 C2953C0E 756FAC1F B04C48C3 D208E4AF DE412F1C C4A97B38
856AC4F2 A664C6CB 3E241FB6 4AD2DC4B BE5B4809 DE6269CC 0826E822 33F853B3
3FE1E0E9 AA125902 C632B6E6 BE2EC625 0F7F2259 F408844B 9813429F 422EDBE0
ADE0EA0D A2138291 D806C4F1 72C4A9
quit
license udi pid CISCO2911/K9 sn FCZ1633771T
username bciscoadmin password 0 tadreesadmin
username cisco privilege 15 password 0 c1sc0
ip ssh version 1
track 1 interface Dialer0 ip routing
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Connected to Internet Temp
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 72.93.19.173 255.255.255.252
ip tcp adjust-mss 1452
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
pvc 0/99
pppoe-client dial-pool-number 1
interface Dialer0
no ip address
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 0 123456
ppp pap sent-username [email protected] password 0 123456
no cdp enable
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
banner login ^CC
** TADREES PRIVATE NETWORK ..... AUTHORIZED USERS ONLY **
***************************************************************^C
banner motd ^CC
==================
WARNING
==================
If you are an unauthorized user LOG OFF NOW, all unauthorized access will be prosecuted to the full extent of the law
This is a Private Network Device. This resource including all related equipment, networks and network devices, are provided for authorized Private use. Private systems are monitored for all lawful purposes, including ensuring authorized use, for manageme
The monitoring on this system may include audits by authorized personnel to test or verify the validity, security and survivability of this system. During monitoring information may be examined, recorded, copied and used for authorized purposes. All
Use of this system, constitutes consent to this policy and the policies and procedures set forth by the company
Evidence of unauthorized use collected during monitoring will be used for criminal prosecution by staff, legal counsel and law enforcement agencies.^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endLet me get this correctly, you want to access the server over the public IP?
Maybe you are looking for
-
Am considering purchase of a 520W for my small business office; a few questions
1. Is the product now stable as a basic firewall (SPI/NAT/DHCP)? 2. Does it live up to its WAN to LAN thruput claims? 3. Is there any limit to the number of concurrent DHCP leases from the basic unit (ie, does CISCO require (like Sonicwall) an upchar
-
ORA-04030: out of process memory when trying ....
Hi! Environment: Oracle Database 10.2.0.5.0 on Windows Server 2003 SP1. Memory: 4GB Ram. /3GB and PAE not set in boot.ini There is a job that runs at night that triggered this message. We assume that not enough OS memory was free for this process? An
-
Hello, I need to meke or organize an standard to my company Java developing team and I would know some references for Java Programming Standars, could be an URL (web site), books, magazines or articules. I would apreciate your collaboration Leivi
-
How can i delay the using period of certificate when i start ssl in ims
i enabled https and imaps in ims52,but i found the period of validity of the certificate is 1 year by default. how can i delay it to 5 years or more? does it specify during generation of CERTIFICATE REQUEST ? thx! Message was edited by: giant.sala
-
I was trying to evaluate the difference between the Creative Inspire T5400 and the newer T5900 5.1 speaker systems. At first I was led to believe that the *only* difference is that they have placed the centre speaker on it's side for the newer T5900'