Restricting roles outside a firewall
Hello we are currently implementing Campus Solutions - our first Peoplesoft application. I have many question but firstly I would like to ask whether there was a possibility of restricting the scope of the Campus Solution application when it is accessed outside our firewall. In our current implementation of Oracle E-Business suite we offer Staff and Manager self-service to all users in all locations. To support this we have a dedicated application tier and a seperate URL that will only ever allow the Staff and Manager responsibilities to be displayed and used, irrespective of whether a user has additional responsibilities. Is it possible to implement CS in a way so that internally to the domain all roles are available but externally only Student and Staff self service roles can be accessed?
Hi,
Im not clear why the SP level is a problem here. Could you please clarify?
It should'nt be a problem because, you would be implementing this solution at the OS level. XI has nothing to do with this right? So, SP level does not come into picture here.
The script at the OS level, will pick the files from the target outside the firewall, and put a minimum number of files(say 100 files)every 5 mins or so into a directory where XI is polling. Only when the files are in this XI directory, file adapter etc. come into picture. So where is the dependency with the SP level?
Regards,
Smitha.
Similar Messages
-
Creative Cloud update fails with "the download appears to be corrupted" when tried through our company's firewall, but succeeds if the computer is taken outside the firewall. The IT guys have opened up the ports and URL's specified in the Adobe documentation. I have also captured the network traffic of both the failed and successful downloads for IT to examine (using Little Snitch), however they can find nothing to account for the problem. Adobe just seems to "give up and die" after about 2-3 minutes. Why is this? How can I or IT fix this?
Can I send the above log files to someone familiar with these issues for examination?Hi Gveo,
Please follow the article: Creative Cloud Help | About Creative Cloud Packager which will help you to get your issue fixed.
Thanks,
Ratandeep Arora -
STATIC IP issues from outside of firewall
Hi
I’m having one issue, we have static IP and we NAT the same to some local IP for our internal needs. Whenever we tried to reach the static IP from outside of firewall(some other network), it is working properly. But when we try to ping or use that static IP in internal LAN that is not working.
192.168.0.149 is internal LAN I have NAT to 202.xxx.xxx.xxx static IP with port 80.
Please help me on this.
here is the device running configuration
Result of the command: "show running-config"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool clientpool 192.168.0.20-192.168.0.50 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 202.53.82.98 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group PW
name-server 202.53.64.202
name-server 202.53.72.13
name-server 192.168.0.16
name-server 192.168.0.8
same-security-traffic permit intra-interface
object network PW-LAN
subnet 192.168.0.0 255.255.255.0
object network USA
subnet 192.168.2.0 255.255.255.0
object network 202.53.82.110
host 202.53.82.110
object network PWHYD
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.151
host 192.168.0.151
object network 192.168.0.154
host 192.168.0.154
object network 192.168.0.156
host 192.168.0.156
object network 192.168.0.158
host 192.168.0.158
object network 192.168.0.159
host 192.168.0.159
object network 192.168.0.149
host 192.168.0.149
object network Rackspace
subnet 10.176.0.0 255.240.0.0
object network NETWORK_OBJ_10.176.0.0_12
subnet 10.176.0.0 255.240.0.0
object network 192.168.0.147_http
host 192.168.0.147
object service http
service tcp source eq www destination eq www
object network 192.168.0.14
host 192.168.0.14
object network 192.168.0.14_iCA
host 192.168.0.14
object network 192.168.0.159_http
host 192.168.0.159
object network 192.168.0.159_50100
host 192.168.0.159
object network 202.53.82.101
host 202.53.82.101
object network 192.168.0.159_8001
host 192.168.0.159
object network 192.168.0.192
host 192.168.0.192
object network 192.168.0.159_any
host 192.168.0.159
object network clientpool
range 192.168.0.20 192.168.0.50
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.192_DEV
host 192.168.0.192
object-group network PW-All-Sites
network-object 192.168.0.0 255.255.255.0
network-object object PWHYD
network-object object USA
network-object object clientpool
access-list 100 extended permit ip any any
access-list 100 extended permit icmp any any
access-list l2l-list extended permit ip object-group PW-All-Sites 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group PW-All-Sites 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.2.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 10.176.0.0 255.240.0.0
access-list outside_cryptomap_3 extended permit ip object-group PW-All-Sites object Rackspace
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static PW-LAN PW-LAN destination static Rackspace Rackspace
nat (inside,outside) source static PW-LAN PW-LAN destination static PWHYD PWHYD
nat (inside,outside) source static PW-LAN PW-LAN destination static USA USA
nat (inside,outside) source dynamic PW-LAN interface
nat (any,inside) source dynamic clientpool interface
object network 192.168.0.151
nat (any,any) static 202.53.82.102 service tcp 3200 3200
object network 192.168.0.154
nat (any,any) static 202.53.82.104 service tcp 3201 3201
object network 192.168.0.156
nat (any,any) static 202.53.82.107 service tcp 3201 3201
object network 192.168.0.158
nat (any,any) static 202.53.82.109 service tcp 3222 3222
object network 192.168.0.159
nat (any,any) static 202.53.82.101 service tcp 3201 3201
object network 192.168.0.149
nat (inside,outside) static 202.53.82.100 service tcp www www
object network 192.168.0.147_http
nat (any,any) static 202.53.82.110 service tcp www www
object network 192.168.0.14
nat (any,any) static 202.53.82.99 service tcp https https
object network 192.168.0.14_iCA
nat (any,any) static 202.53.82.99 service tcp citrix-ica citrix-ica
object network 192.168.0.159_50100
nat (any,any) static 202.53.82.101 service tcp 50100 50100
object network 192.168.0.159_8001
nat (any,any) static 202.53.82.101 service tcp 8001 8001
object network 192.168.0.192_DEV
nat (any,any) static 202.53.82.106 service tcp 3201 3201
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.53.82.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PW protocol radius
aaa-server PW (inside) host 192.168.0.16
key *****
user-identity default-domain LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set pwset esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set pwsethyd esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RackspaceSet esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal RackSpaceSecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal pwhydsetsecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal secure
protocol esp encryption aes 3des des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outsidemap 1 match address l2l-list
crypto map outsidemap 1 set peer 63.82.1.98
crypto map outsidemap 1 set ikev1 transform-set pwset
crypto map outsidemap 1 set ikev2 ipsec-proposal secure
crypto map outsidemap 2 match address outside_cryptomap
crypto map outsidemap 2 set pfs
crypto map outsidemap 2 set peer 115.119.186.194
crypto map outsidemap 2 set ikev1 transform-set pwsethyd
crypto map outsidemap 3 match address outside_cryptomap_3
crypto map outsidemap 3 set peer 67.192.250.53
crypto map outsidemap 3 set ikev1 transform-set RackspaceSet
crypto map outsidemap 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outsidemap interface outside
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
fqdn vpn.processweaver.com
subject-name CN=vpn.processweaver.com,OU=PWIT,O="ProcessWeaver,Inc",C=US,St=California,L=Fremont
keypair ciscovpn.key
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 47869fe5
3082046a 30820352 a0030201 02020447 869fe530 0d06092a 864886f7 0d010105
05003048 310b3009 06035504 06130255 53312030 1e060355 040a1317 53656375
72655472 75737420 436f7270 6f726174 696f6e31 17301506 03550403 130e5365
63757265 54727573 74204341 301e170d 30383132 32323233 34373339 5a170d32
38313232 32323334 3733395a 3081ae31 0b300906 03550406 13025553 3111300f
06035504 08130849 6c6c696e 6f697331 10300e06 03550407 13074368 69636167
6f312130 1f060355 040a1318 54727573 74776176 6520486f 6c64696e 67732c20
496e632e 31363034 06035504 03132d54 72757374 77617665 204f7267 616e697a
6174696f 6e205661 6c696461 74696f6e 2043412c 204c6576 656c2032 311f301d
06092a86 4886f70d 01090116 10636140 74727573 74776176 652e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e814
eea0da97 bd89bd0c cc8ddf08 fb060983 a823515b 013f34da 1f1f6ec1 e35865cb
0af9f387 c8c8faa1 ccf574e2 b8ae2d06 8480286f 5ac1225c 929442cd 1902125c
10627ea2 44fb165e 9c72b1ac ea04e615 aa99e85a f858b987 24e875cd 2588e258
925e8683 7f8a2353 ae8ae8a3 217e83af 40091849 afe1d05a b04f6fe2 31adf4f1
371fc92a e18bd68c 1231d427 1adfea6b 9e7853ed 9a19b0ce 45445b1b ef645921
fac7b7d1 d30c1ecb 88dafd23 3ff4ac2b a04d61d3 becade19 616124f1 f69cb496
bd9deb17 9f243978 e92350d3 015077d8 52642f3e 194f75b9 17b1da8d e0d0eddb
3713dc2f e05f8068 d7f487ba c11f1278 d0082717 7a98a69f d221ba4e 87bf0203
010001a3 81f43081 f1300f06 03551d13 0101ff04 05300301 01ff301d 0603551d
0e041604 145dd996 9a40c727 cb2c9ba2 eccf19ab c8afcc86 48301f06 03551d23
04183016 80144232 b616fa04 fdfe5d4b 7ac3fdf7 4c401d5a 43af300b 0603551d
0f040403 02010630 34060355 1d1f042d 302b3029 a027a025 86236874 74703a2f
2f63726c 2e736563 75726574 72757374 2e636f6d 2f535443 412e6372 6c305b06
03551d20 04543052 300c060a 2b060104 0181ed18 03003042 060f2b06 01040181
ed180303 03030404 03302f30 2d06082b 06010505 07020116 21687474 703a2f2f
7777772e 73656375 72657472 7573742e 636f6d2f 6c656761 6c2f300d 06092a86
4886f70d 01010505 00038201 010053f1 c8a017ec 6c8882b1 c024afd1 0858b32c
6f7bc15c 89926f88 fc4bc002 50932f5a 419859b6 e37f8c14 63777d45 3c88505e
a6815200 c8c5fe48 ee1f5dad de440b42 589ce167 5c43b6a0 8598ff16 d41a28be
76e12fe1 84f47eb9 27aa77cb 36b3fec3 fad217f6 e1624ed3 ccccb319 65d34ba8
e8b3d54c eaf64eae cbae3448 1f60cc58 e7e774c9 0135fd6a e0588ad2 16ebece9
3ebbf01d cfb6ff1e 0cb7bb39 e9b7981b c05221eb 3a3d7838 8ca9195f 27a4d07f
3661ab24 7e9ff82d 3f922963 becb10db 0d403602 a0d417a2 8d7f7e7c 99af455a
40cda26b 5cbe0ef3 d387fca1 10caaa33 b7ba4bc0 3da4218c 179ccfd8 bfe657fe
cdebfa30 1ad5fee8 2597a9be 3bea
quit
certificate 0649f9a965553e7df2709c06c4da1b09e17cd9
30820510 308203f8 a0030201 02021306 49f9a965 553e7df2 709c06c4 da1b09e1
7cd9300d 06092a86 4886f70d 01010505 003081ae 310b3009 06035504 06130255
53311130 0f060355 04081308 496c6c69 6e6f6973 3110300e 06035504 07130743
68696361 676f3121 301f0603 55040a13 18547275 73747761 76652048 6f6c6469
6e67732c 20496e63 2e313630 34060355 0403132d 54727573 74776176 65204f72
67616e69 7a617469 6f6e2056 616c6964 6174696f 6e204341 2c204c65 76656c20
32311f30 1d06092a 864886f7 0d010901 16106361 40747275 73747761 76652e63
6f6d301e 170d3134 30363131 30353330 33355a17 0d313530 32323331 31333033
355a3070 311e301c 06035504 030c1576 706e2e70 726f6365 73737765 61766572
2e636f6d 31163014 06035504 0a0c0d50 726f6365 73735765 61766572 31143012
06035504 070c0b53 616e7461 20436c61 72613113 30110603 5504080c 0a43616c
69666f72 6e696131 0b300906 03550406 13025553 30820122 300d0609 2a864886
f70d0101 01050003 82010f00 3082010a 02820101 00cc194c fbdd63f5 0b49141a
9d21063f a13136df e524cef9 c55e9331 e6c5bc67 43361421 cafb7dc1 d244942e
6fd02ee7 198e7f7e 48ca62c2 1c8e1a8e 20431d42 b24103f1 5fad9287 9f9dc2da
5002e0b4 cf14b414 31e0e691 26cfbc0c 1ee09d6d 8176a63d 6ad81c30 b2b69dbe
59ce7092 44c09e62 27f20c58 8bd8e38a a3d75a94 94bbca6f 7ad87b93 3892ddb0
3f00a693 e05b5fe8 7a71d36c 223e1ded 8afb8ee4 1eea579c 53d964df 467694e9
b7ffe4f9 22c6dd5e 33d0ffee 9fd57fed 621c62f1 4dc6f14e 6518de53 c2fd7d5d
b37913b8 69211fe5 e194a6bf f60bc88a 343a93dc 34526931 b41566e3 f38f219f
9a6cefd5 d6d60002 2442b3e5 b4096717 2ffea23d b1020301 0001a382 01623082
015e300b 0603551d 0f040403 0205a030 1d060355 1d250416 30140608 2b060105
05070302 06082b06 01050507 0301301d 0603551d 0e041604 14cd47cf 646a8932
7cecb024 9fd2a31a b54d73dc c0301f06 03551d23 04183016 80145dd9 969a40c7
27cb2c9b a2eccf19 abc8afcc 86483048 0603551d 20044130 3f303d06 0f2b0601
040181ed 18030303 03040403 302a3028 06082b06 01050507 0201161c 68747470
733a2f2f 73736c2e 74727573 74776176 652e636f 6d2f4341 30370603 551d1104
30302e82 1576706e 2e70726f 63657373 77656176 65722e63 6f6d8215 7774732e
70726f63 65737377 65617665 722e636f 6d303506 03551d1f 042e302c 302aa028
a0268624 68747470 3a2f2f63 726c2e74 72757374 77617665 2e636f6d 2f4f5643
415f4c32 2e63726c 30360608 2b060105 05070101 042a3028 30260608 2b060105
05073001 861a6874 74703a2f 2f6f6373 702e7472 75737477 6176652e 636f6d2f
300d0609 2a864886 f70d0101 05050003 82010100 0785070e 045d6201 3ffc49b5
88808587 b6418d0e 87dc7ae8 3204563b 6e51ff93 25e8ad7a 9a11d439 2439a533
768477ca 902fdfbe f0c58a04 e15bf6a5 63829d4b a36c7ccc 0af9532b f39ec31d
21cd6b74 d3adffc2 5f8ee1c4 92c07ac6 ab547346 c740f477 857a82fd 897029d5
1cfa9b55 b1064ab7 1274556c 6a14f7a8 b8705cd4 51d6b7f4 0a024f6d 1818918c
0cb15bc5 cd301684 38c2dcb8 2585b44c 18808e1b 823a6043 28da0194 280fa6c9
80831cbc 1179be24 fc391e54 965761e5 e51031e1 0c76c65f 187922d0 96be80c9
3de9a56e 41d0fd3f 76afaf49 4bc4ff4c 213aa474 60a742ba 2a8fb3bd c9349da3
1ac96b24 7b99cba5 a28c6647 7803cf2c ee70540c
quit
crypto ikev2 policy 10
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 28800
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.5.2-192.168.5.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint2 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_PWSSL internal
group-policy GroupPolicy_PWSSL attributes
wins-server none
dns-server value 192.168.0.16
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain value processw.local
webvpn
anyconnect keep-installer none
group-policy GroupPolicy_115.119.186.194 internal
group-policy GroupPolicy_115.119.186.194 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_67.192.250.53 internal
group-policy GroupPolicy_67.192.250.53 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy pw internal
group-policy pw attributes
dns-server value 192.168.0.16
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain none
username rajuvaradha password 6biM7HbMtaadT82k encrypted
username e172 password E1abOIw/eu.DKO/y encrypted
username e150 password dJMsBQfrQRISuR8n encrypted
username e134 password bLBixKKCoH5Udlk9 encrypted
username e182 password mirFopEi/OG0LT4d encrypted
username e192 password u2P6WXLa1k8.kA1w encrypted
username e184 password Rpt/S1N6et6Xwi7W encrypted
username u033 password pS5QN8QLvYFHJfoK encrypted
username u011 password HGFsDnR5XiFAzrcE encrypted
username u010 password 5R8mktMpyUYPCpTO encrypted
username u032 password rst8O1b/yrXsKVmu encrypted
username u002 password .u2izEtqOIC5D2fT encrypted
username admin password eY/fQXw7Ure8Qrz7 encrypted
username u012 password JClYI3r7x0T/ed26 encrypted
username u015 password 6tNvtB4hPcUNDyhE encrypted
username u014 password Wy6x8dPcSnMcAT1v encrypted
username u017 password xahCXrBaZWzW8aEp encrypted
username u006 password BCEOAmlRL6CbQfTV encrypted
username e006 password DG96SZQ2gBqIXEYv encrypted
username e034 password 1sG72DUjsY7nt81V encrypted
username u007 password vtcK6xerueHvqZJZ encrypted
username u016 password pZgySMnraNBlTTnL encrypted
username u025 password ulAXIX1u2.UD/KvT encrypted
username u008 password G4vmDF.mv3rXWa7h encrypted
username u019 password NxlycJwroZrzCSJ3 encrypted
username e019 password E9NaUPs18c0.PBnd encrypted
username u018 password 33CghGQSMjbWDfdb encrypted
username u009 password uaaSLEu55XXbD5Sr encrypted
username u028 password UMFMzXMs6He7.zR8 encrypted
username e097 password .UawdlGNiYnRHnzF encrypted
username e314 password ye2/LpVufAXvAUJ6 encrypted
username e327 password 6mKef3HGlnyb6hnu encrypted
username e343 password 0g33Wbvzi.NL1PjH encrypted
username e222 password e0.SFEwm1RqC6lLj encrypted
username e289 password /YrO2mEvMUr9zxq3 encrypted
username e201 password Eox2TB.HgdkKLuec encrypted
username e265 password fTk7Vxw0Z06AAbHi encrypted
username e251 password 6y7YjKQO1rP3nAQG encrypted
username e219 password p049Lf7jFLisN6UJ encrypted
username e269 password v7oFefIpmPGd307D encrypted
tunnel-group 63.82.1.98 type ipsec-l2l
tunnel-group 63.82.1.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group pw type remote-access
tunnel-group pw general-attributes
address-pool clientpool
default-group-policy pw
tunnel-group pw ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 115.119.186.194 type ipsec-l2l
tunnel-group 115.119.186.194 general-attributes
default-group-policy GroupPolicy_115.119.186.194
tunnel-group 115.119.186.194 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 67.192.250.53 type ipsec-l2l
tunnel-group 67.192.250.53 general-attributes
default-group-policy GroupPolicy_67.192.250.53
tunnel-group 67.192.250.53 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group PWSSL type remote-access
tunnel-group PWSSL general-attributes
address-pool clientpool
authentication-server-group PW LOCAL
default-group-policy GroupPolicy_PWSSL
tunnel-group PWSSL webvpn-attributes
group-alias PWSSL enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:80663f0c45d0a6736344cf989a7af706
: endHi Marius,
Thanks for your suggestion
i have followed the same, but i'm still not able to access the static IP internal LAN. here is the running config out put.
Result of the command: "show running-config"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool clientpool 192.168.0.20-192.168.0.50 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 202.53.82.98 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group PW
name-server 202.53.64.202
name-server 202.53.72.13
name-server 192.168.0.16
name-server 192.168.0.8
same-security-traffic permit intra-interface
object network PW-LAN
subnet 192.168.0.0 255.255.255.0
object network USA
subnet 192.168.2.0 255.255.255.0
object network 202.53.82.110
host 202.53.82.110
object network PWHYD
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.151
host 192.168.0.151
object network 192.168.0.154
host 192.168.0.154
object network 192.168.0.156
host 192.168.0.156
object network 192.168.0.158
host 192.168.0.158
object network 192.168.0.159
host 192.168.0.159
object network 192.168.0.149
host 192.168.0.149
object network Rackspace
subnet 10.176.0.0 255.240.0.0
object network NETWORK_OBJ_10.176.0.0_12
subnet 10.176.0.0 255.240.0.0
object network 192.168.0.147_http
host 192.168.0.147
object service http
service tcp source eq www destination eq www
object network 192.168.0.14
host 192.168.0.14
object network 192.168.0.14_iCA
host 192.168.0.14
object network 192.168.0.159_http
host 192.168.0.159
object network 192.168.0.159_50100
host 192.168.0.159
object network 202.53.82.101
host 202.53.82.101
object network 192.168.0.159_8001
host 192.168.0.159
object network 192.168.0.192
host 192.168.0.192
object network 192.168.0.159_any
host 192.168.0.159
object network clientpool
range 192.168.0.20 192.168.0.50
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network 192.168.0.192_DEV
host 192.168.0.192
object network 202.53.82.100
host 202.53.82.100
object network 149
host 192.168.0.149
object-group network PW-All-Sites
network-object 192.168.0.0 255.255.255.0
network-object object PWHYD
network-object object USA
network-object object clientpool
access-list 100 extended permit ip any any
access-list 100 extended permit icmp any any
access-list l2l-list extended permit ip object-group PW-All-Sites 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group PW-All-Sites 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.1.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 192.168.2.0 255.255.255.0
access-list PW-VPN-Tunnel-ACL standard permit 10.176.0.0 255.240.0.0
access-list outside_cryptomap_3 extended permit ip object-group PW-All-Sites object Rackspace
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static PW-LAN PW-LAN destination static Rackspace Rackspace
nat (inside,outside) source static PW-LAN PW-LAN destination static PWHYD PWHYD
nat (inside,outside) source static PW-LAN PW-LAN destination static USA USA
nat (inside,outside) source dynamic PW-LAN interface
nat (any,inside) source dynamic clientpool interface
nat (inside,inside) source static PW-LAN PW-LAN destination static 192.168.0.149 202.53.82.100
object network 192.168.0.151
nat (any,any) static 202.53.82.102 service tcp 3200 3200
object network 192.168.0.154
nat (any,any) static 202.53.82.104 service tcp 3201 3201
object network 192.168.0.156
nat (any,any) static 202.53.82.107 service tcp 3201 3201
object network 192.168.0.158
nat (any,any) static 202.53.82.109 service tcp 3222 3222
object network 192.168.0.159
nat (any,any) static 202.53.82.101 service tcp 3201 3201
object network 192.168.0.147_http
nat (any,any) static 202.53.82.110 service tcp www www
object network 192.168.0.14
nat (any,any) static 202.53.82.99 service tcp https https
object network 192.168.0.14_iCA
nat (any,any) static 202.53.82.99 service tcp citrix-ica citrix-ica
object network 192.168.0.159_50100
nat (any,any) static 202.53.82.101 service tcp 50100 50100
object network 192.168.0.159_8001
nat (any,any) static 202.53.82.101 service tcp 8001 8001
object network 192.168.0.192_DEV
nat (any,any) static 202.53.82.106 service tcp 3201 3201
object network 149
nat (any,any) static 202.53.82.100 service tcp www www
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.53.82.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PW protocol radius
aaa-server PW (inside) host 192.168.0.16
key *****
user-identity default-domain LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set pwset esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set pwsethyd esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RackspaceSet esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal RackSpaceSecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal pwhydsetsecure
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal secure
protocol esp encryption aes 3des des
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outsidemap 1 match address l2l-list
crypto map outsidemap 1 set peer 63.82.1.98
crypto map outsidemap 1 set ikev1 transform-set pwset
crypto map outsidemap 1 set ikev2 ipsec-proposal secure
crypto map outsidemap 2 match address outside_cryptomap
crypto map outsidemap 2 set pfs
crypto map outsidemap 2 set peer 115.119.186.194
crypto map outsidemap 2 set ikev1 transform-set pwsethyd
crypto map outsidemap 3 match address outside_cryptomap_3
crypto map outsidemap 3 set peer 67.192.250.53
crypto map outsidemap 3 set ikev1 transform-set RackspaceSet
crypto map outsidemap 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outsidemap interface outside
crypto ca trustpoint ASDM_TrustPoint0
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
fqdn vpn.processweaver.com
subject-name CN=vpn.processweaver.com,OU=PWIT,O="ProcessWeaver,Inc",C=US,St=California,L=Fremont
keypair ciscovpn.key
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 47869fe5
3082046a 30820352 a0030201 02020447 869fe530 0d06092a 864886f7 0d010105
05003048 310b3009 06035504 06130255 53312030 1e060355 040a1317 53656375
72655472 75737420 436f7270 6f726174 696f6e31 17301506 03550403 130e5365
63757265 54727573 74204341 301e170d 30383132 32323233 34373339 5a170d32
38313232 32323334 3733395a 3081ae31 0b300906 03550406 13025553 3111300f
06035504 08130849 6c6c696e 6f697331 10300e06 03550407 13074368 69636167
6f312130 1f060355 040a1318 54727573 74776176 6520486f 6c64696e 67732c20
496e632e 31363034 06035504 03132d54 72757374 77617665 204f7267 616e697a
6174696f 6e205661 6c696461 74696f6e 2043412c 204c6576 656c2032 311f301d
06092a86 4886f70d 01090116 10636140 74727573 74776176 652e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e814
eea0da97 bd89bd0c cc8ddf08 fb060983 a823515b 013f34da 1f1f6ec1 e35865cb
0af9f387 c8c8faa1 ccf574e2 b8ae2d06 8480286f 5ac1225c 929442cd 1902125c
10627ea2 44fb165e 9c72b1ac ea04e615 aa99e85a f858b987 24e875cd 2588e258
925e8683 7f8a2353 ae8ae8a3 217e83af 40091849 afe1d05a b04f6fe2 31adf4f1
371fc92a e18bd68c 1231d427 1adfea6b 9e7853ed 9a19b0ce 45445b1b ef645921
fac7b7d1 d30c1ecb 88dafd23 3ff4ac2b a04d61d3 becade19 616124f1 f69cb496
bd9deb17 9f243978 e92350d3 015077d8 52642f3e 194f75b9 17b1da8d e0d0eddb
3713dc2f e05f8068 d7f487ba c11f1278 d0082717 7a98a69f d221ba4e 87bf0203
010001a3 81f43081 f1300f06 03551d13 0101ff04 05300301 01ff301d 0603551d
0e041604 145dd996 9a40c727 cb2c9ba2 eccf19ab c8afcc86 48301f06 03551d23
04183016 80144232 b616fa04 fdfe5d4b 7ac3fdf7 4c401d5a 43af300b 0603551d
0f040403 02010630 34060355 1d1f042d 302b3029 a027a025 86236874 74703a2f
2f63726c 2e736563 75726574 72757374 2e636f6d 2f535443 412e6372 6c305b06
03551d20 04543052 300c060a 2b060104 0181ed18 03003042 060f2b06 01040181
ed180303 03030404 03302f30 2d06082b 06010505 07020116 21687474 703a2f2f
7777772e 73656375 72657472 7573742e 636f6d2f 6c656761 6c2f300d 06092a86
4886f70d 01010505 00038201 010053f1 c8a017ec 6c8882b1 c024afd1 0858b32c
6f7bc15c 89926f88 fc4bc002 50932f5a 419859b6 e37f8c14 63777d45 3c88505e
a6815200 c8c5fe48 ee1f5dad de440b42 589ce167 5c43b6a0 8598ff16 d41a28be
76e12fe1 84f47eb9 27aa77cb 36b3fec3 fad217f6 e1624ed3 ccccb319 65d34ba8
e8b3d54c eaf64eae cbae3448 1f60cc58 e7e774c9 0135fd6a e0588ad2 16ebece9
3ebbf01d cfb6ff1e 0cb7bb39 e9b7981b c05221eb 3a3d7838 8ca9195f 27a4d07f
3661ab24 7e9ff82d 3f922963 becb10db 0d403602 a0d417a2 8d7f7e7c 99af455a
40cda26b 5cbe0ef3 d387fca1 10caaa33 b7ba4bc0 3da4218c 179ccfd8 bfe657fe
cdebfa30 1ad5fee8 2597a9be 3bea
quit
certificate 0649f9a965553e7df2709c06c4da1b09e17cd9
30820510 308203f8 a0030201 02021306 49f9a965 553e7df2 709c06c4 da1b09e1
7cd9300d 06092a86 4886f70d 01010505 003081ae 310b3009 06035504 06130255
53311130 0f060355 04081308 496c6c69 6e6f6973 3110300e 06035504 07130743
68696361 676f3121 301f0603 55040a13 18547275 73747761 76652048 6f6c6469
6e67732c 20496e63 2e313630 34060355 0403132d 54727573 74776176 65204f72
67616e69 7a617469 6f6e2056 616c6964 6174696f 6e204341 2c204c65 76656c20
32311f30 1d06092a 864886f7 0d010901 16106361 40747275 73747761 76652e63
6f6d301e 170d3134 30363131 30353330 33355a17 0d313530 32323331 31333033
355a3070 311e301c 06035504 030c1576 706e2e70 726f6365 73737765 61766572
2e636f6d 31163014 06035504 0a0c0d50 726f6365 73735765 61766572 31143012
06035504 070c0b53 616e7461 20436c61 72613113 30110603 5504080c 0a43616c
69666f72 6e696131 0b300906 03550406 13025553 30820122 300d0609 2a864886
f70d0101 01050003 82010f00 3082010a 02820101 00cc194c fbdd63f5 0b49141a
9d21063f a13136df e524cef9 c55e9331 e6c5bc67 43361421 cafb7dc1 d244942e
6fd02ee7 198e7f7e 48ca62c2 1c8e1a8e 20431d42 b24103f1 5fad9287 9f9dc2da
5002e0b4 cf14b414 31e0e691 26cfbc0c 1ee09d6d 8176a63d 6ad81c30 b2b69dbe
59ce7092 44c09e62 27f20c58 8bd8e38a a3d75a94 94bbca6f 7ad87b93 3892ddb0
3f00a693 e05b5fe8 7a71d36c 223e1ded 8afb8ee4 1eea579c 53d964df 467694e9
b7ffe4f9 22c6dd5e 33d0ffee 9fd57fed 621c62f1 4dc6f14e 6518de53 c2fd7d5d
b37913b8 69211fe5 e194a6bf f60bc88a 343a93dc 34526931 b41566e3 f38f219f
9a6cefd5 d6d60002 2442b3e5 b4096717 2ffea23d b1020301 0001a382 01623082
015e300b 0603551d 0f040403 0205a030 1d060355 1d250416 30140608 2b060105
05070302 06082b06 01050507 0301301d 0603551d 0e041604 14cd47cf 646a8932
7cecb024 9fd2a31a b54d73dc c0301f06 03551d23 04183016 80145dd9 969a40c7
27cb2c9b a2eccf19 abc8afcc 86483048 0603551d 20044130 3f303d06 0f2b0601
040181ed 18030303 03040403 302a3028 06082b06 01050507 0201161c 68747470
733a2f2f 73736c2e 74727573 74776176 652e636f 6d2f4341 30370603 551d1104
30302e82 1576706e 2e70726f 63657373 77656176 65722e63 6f6d8215 7774732e
70726f63 65737377 65617665 722e636f 6d303506 03551d1f 042e302c 302aa028
a0268624 68747470 3a2f2f63 726c2e74 72757374 77617665 2e636f6d 2f4f5643
415f4c32 2e63726c 30360608 2b060105 05070101 042a3028 30260608 2b060105
05073001 861a6874 74703a2f 2f6f6373 702e7472 75737477 6176652e 636f6d2f
300d0609 2a864886 f70d0101 05050003 82010100 0785070e 045d6201 3ffc49b5
88808587 b6418d0e 87dc7ae8 3204563b 6e51ff93 25e8ad7a 9a11d439 2439a533
768477ca 902fdfbe f0c58a04 e15bf6a5 63829d4b a36c7ccc 0af9532b f39ec31d
21cd6b74 d3adffc2 5f8ee1c4 92c07ac6 ab547346 c740f477 857a82fd 897029d5
1cfa9b55 b1064ab7 1274556c 6a14f7a8 b8705cd4 51d6b7f4 0a024f6d 1818918c
0cb15bc5 cd301684 38c2dcb8 2585b44c 18808e1b 823a6043 28da0194 280fa6c9
80831cbc 1179be24 fc391e54 965761e5 e51031e1 0c76c65f 187922d0 96be80c9
3de9a56e 41d0fd3f 76afaf49 4bc4ff4c 213aa474 60a742ba 2a8fb3bd c9349da3
1ac96b24 7b99cba5 a28c6647 7803cf2c ee70540c
quit
crypto ikev2 policy 10
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 28800
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.5.2-192.168.5.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint2 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_PWSSL internal
group-policy GroupPolicy_PWSSL attributes
wins-server none
dns-server value 192.168.0.16
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain value processw.local
webvpn
anyconnect keep-installer none
group-policy GroupPolicy_115.119.186.194 internal
group-policy GroupPolicy_115.119.186.194 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_67.192.250.53 internal
group-policy GroupPolicy_67.192.250.53 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy pw internal
group-policy pw attributes
dns-server value 192.168.0.16
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PW-VPN-Tunnel-ACL
default-domain none
username rajuvaradha password 6biM7HbMtaadT82k encrypted
username e172 password E1abOIw/eu.DKO/y encrypted
username e150 password dJMsBQfrQRISuR8n encrypted
username e134 password bLBixKKCoH5Udlk9 encrypted
username e182 password mirFopEi/OG0LT4d encrypted
username e192 password u2P6WXLa1k8.kA1w encrypted
username e184 password Rpt/S1N6et6Xwi7W encrypted
username u033 password pS5QN8QLvYFHJfoK encrypted
username u011 password HGFsDnR5XiFAzrcE encrypted
username u010 password 5R8mktMpyUYPCpTO encrypted
username u032 password rst8O1b/yrXsKVmu encrypted
username u002 password .u2izEtqOIC5D2fT encrypted
username admin password eY/fQXw7Ure8Qrz7 encrypted
username u012 password JClYI3r7x0T/ed26 encrypted
username u015 password 6tNvtB4hPcUNDyhE encrypted
username u014 password Wy6x8dPcSnMcAT1v encrypted
username u017 password xahCXrBaZWzW8aEp encrypted
username u006 password BCEOAmlRL6CbQfTV encrypted
username e006 password DG96SZQ2gBqIXEYv encrypted
username e034 password 1sG72DUjsY7nt81V encrypted
username u007 password vtcK6xerueHvqZJZ encrypted
username u016 password pZgySMnraNBlTTnL encrypted
username u025 password ulAXIX1u2.UD/KvT encrypted
username u008 password G4vmDF.mv3rXWa7h encrypted
username u019 password NxlycJwroZrzCSJ3 encrypted
username e019 password E9NaUPs18c0.PBnd encrypted
username u018 password 33CghGQSMjbWDfdb encrypted
username u009 password uaaSLEu55XXbD5Sr encrypted
username u028 password UMFMzXMs6He7.zR8 encrypted
username e097 password .UawdlGNiYnRHnzF encrypted
username e314 password ye2/LpVufAXvAUJ6 encrypted
username e327 password 6mKef3HGlnyb6hnu encrypted
username e343 password 0g33Wbvzi.NL1PjH encrypted
username e222 password e0.SFEwm1RqC6lLj encrypted
username e289 password /YrO2mEvMUr9zxq3 encrypted
username e201 password Eox2TB.HgdkKLuec encrypted
username e265 password fTk7Vxw0Z06AAbHi encrypted
username e251 password 6y7YjKQO1rP3nAQG encrypted
username e219 password p049Lf7jFLisN6UJ encrypted
username e269 password v7oFefIpmPGd307D encrypted
tunnel-group 63.82.1.98 type ipsec-l2l
tunnel-group 63.82.1.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group pw type remote-access
tunnel-group pw general-attributes
address-pool clientpool
default-group-policy pw
tunnel-group pw ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 115.119.186.194 type ipsec-l2l
tunnel-group 115.119.186.194 general-attributes
default-group-policy GroupPolicy_115.119.186.194
tunnel-group 115.119.186.194 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 67.192.250.53 type ipsec-l2l
tunnel-group 67.192.250.53 general-attributes
default-group-policy GroupPolicy_67.192.250.53
tunnel-group 67.192.250.53 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group PWSSL type remote-access
tunnel-group PWSSL general-attributes
address-pool clientpool
authentication-server-group PW LOCAL
default-group-policy GroupPolicy_PWSSL
tunnel-group PWSSL webvpn-attributes
group-alias PWSSL enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:3b6339b71a4cf924c7b30056a3e6fc31
: end -
FTP adapter to connect to SFTP server that sits outside of firewall
We have a firewall between soa server and ftp server. There is no proxy server configured on the firewall. We tried two configuration as listed below both were not working. ANy guidance would be greatly appreciated! Thanks!
We are able to do sftp through command prompt from soa server to ftp server.
Kathar
First configuration:
host
port - 22
username
password
sftp - true
transport mode - socket
authenticationType - PASSWORD
Error Received
[2013-05-23T09:05:27.619-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-000000000005a46f,1:30571] [APP: soa-infra] FTP Adapter FTPTestProject [[
BINDING.JCA-11445
The SSH API threw an exception.
The SSH API threw an exception.
The SSH API threw an exception.
Maverick has not been setup properly. Please correct the setup.
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.setUpPasswordSocketConnection(SSHSessionImpl.java:206)
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.<init>(SSHSessionImpl.java:128)
at oracle.tip.adapter.ftp.SshImpl.SshImplFactory.getSshImpl(SshImplFactory.java:26)
at oracle.tip.adapter.ftp.SFTPManagedConnection.setupSftpConnection(SFTPManagedConnection.java:154)
at oracle.tip.adapter.ftp.SFTPManagedConnection.<init>(SFTPManagedConnection.java:67)
at oracle.tip.adapter.ftp.FTPManagedConnectionFactory.createManagedConnection(FTPManagedConnectionFactory.java:180)
at weblogic.connector.security.layer.AdapterLayer.createManagedConnection(AdapterLayer.java:803)
at weblogic.connector.outbound.ConnectionFactory.createResource(ConnectionFactory.java:91)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1310)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResourceInternal(ResourcePoolImpl.java:419)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:344)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:323)
at weblogic.connector.outbound.ConnectionPool.reserveResource(ConnectionPool.java:620)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:317)
at weblogic.connector.outbound.ConnectionManagerImpl.getConnectionInfo(ConnectionManagerImpl.java:380)
at weblogic.connector.outbound.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:129)
at oracle.tip.adapter.ftp.FTPConnectionFactory.getConnection(FTPConnectionFactory.java:102)
at oracle.tip.adapter.ftp.SFTPAgent.preCall(SFTPAgent.java:1192)
at oracle.tip.adapter.ftp.SFTPAgent.validateInputDir(SFTPAgent.java:758)
at oracle.tip.adapter.ftp.inbound.FTPSource.revalidatePollingError(FTPSource.java:1357)
at oracle.tip.adapter.file.inbound.PollWork.onAlert(PollWork.java:476)
at oracle.tip.adapter.file.inbound.PollWork.run(PollWork.java:357)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused by: com.maverick.ssh.SshException: Failed to negotiate a transport component [aes192-cbc] [aes256-ctr]
at com.maverick.ssh2.TransportProtocol.A(Unknown Source)
at com.maverick.ssh2.TransportProtocol.C(Unknown Source)
at com.maverick.ssh2.TransportProtocol.processMessage(Unknown Source)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(Unknown Source)
at com.maverick.ssh2.Ssh2Client.connect(Unknown Source)
at com.maverick.ssh.SshConnector.connect(Unknown Source)
at oracle.tip.adapter.ftp.SshImpl.SSHSessionImpl.setUpPasswordSocketConnection(SSHSessionImpl.java:194)
... 24 more
Second configuration:
host
port - 22
username
password
sftp - true
transport mode - http
authenticationType - PASSWORD
Below error indicates it expects proxy configuration, but we don't have any
Error
Proxy Host: Proxy Port: -1 Proxy UserName: Connection Type: http
[2013-05-23T09:00:42.837-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-0000000000059c8e,1:30566] [APP: soa-infra] FTP Adapter FTPTestProject Exception while setting up session
[2013-05-23T09:00:42.837-10:00] [soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: Workmanager: , Version: 0, Scheduled=false, Started=false, Wait time: 0 ms\n] [userId: <anonymous>] [ecid: 5fb2a7b48dd0cab4:e4632bf:13ec4b1184d:-8000-0000000000059c8e,1:30566] [APP: soa-infra] FTP Adapter FTPTestProject [[
BINDING.JCA-11443
Adapter internal error.
Adapter internal error.
The adapter has become unstable. This could be because of incorrect parameters supplied to the adapter. The parameter: [Ljava.lang.String;@19062d06 had value: [Ljava.lang.String;@19062d0c
Please make sure that SFTP has been setup correctly.
Edited by: Kathar on May 23, 2013 12:25 PMHi,
We have a firewall between soa server and ftp server. There is no proxy server configured on the firewall...
We are able to do sftp through command prompt from soa server to ftp server...Some facts above look discordant... My understanding is you have to use http to access a ftp server running outside a firewall and socket if it's inside a firewall...
However, you seem to have access with socket from FtpAdapter and also are able to do sftp via command prompt (without using a proxy!)... Those facts make me believe that the connection is actually not going through the firewall... Is the Ftp server in the internal network? Is the soa server running on Windows or Linux?
Recheck your configuration according to steps on the document bellow and do some further investigation to assure that the connection from soa server to the ftp server is actually going through the firewall... Ask for the network administrator to close the SFTP port on the firewall and see if you still can connect to it...
http://docs.oracle.com/cd/E28280_01/integration.1111/e10231/adptr_file.htm#CACDFFFB
Cheers,
Vlad -
R/3 to R/3(Outside the firewall)
I need to send an IDOC outside our Firewall to one of our vendor and they are receiving the data, in an IDOC.
How should I approach this scenario.
On the Sender side I need to use the IDOC adapter (No Configuration is needed)
on the receiver side what adapter I need to use, because the receiving system is outside the firewall, any special points I need to keep in mind?>
thanksHi Mohan,
you can use saprouter SNC to create a secure tunnel
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e24ef6211d3a6510000e835363f/content.htm
as shown on the picture
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e24ef6211d3a6510000e835363f/ADDONSEC_image004.gif
to connect two R3 systems
but probably your basis team will handle this connection
Regards,
michal -
Accessing HTMLDB application outside of firewall....
If I develop an HTMLDB application on my database server that is inside my corporate firewall, how do I have people outside the firewall access it. Do I need to open one or more ports on the firewall? Using the same situation, is it possible to access this application externally from a Portal page?
Thanks,
BrettAs already mentioned this issue is not really an Apex issue, but an issue between your webserver ports and your InfoSec firewall folks. You also want to consider whether the data is sensitive enough to warrant HTTPS with SSL encrypted traffic rather than straight HTTP. At our institution we generally require HTTPS for corporate data but since the encryption requires a lot of processing it affects your application server performance. We have gone to a BigIP switch for all our HTTPS public ports, then from BIgIP to the app server we are behind the firewall and run http. So the Public Portal URL is https to the BigIP which then negotiates with the App servers. Our Network BigIP engineer works out the fiewall rules with our InfoSec folks. This approach offloads all the encryption processing to a dedicated hardware switch rather than to the app server. BigIp also allows for additional rules that can be set up to force certain URLs to require a VPN, for example.
Pat -
Should I place a weblogic server outside my firewall?
I am looking at setting up an app server running an HR application. I want employees to be able to access it from home and internally at work. One option is to set up two app servers one internally and one externally outside the firewall. Another option someone suggested was to just set up some kind of external apache server that just redirects traffic to the internal app server through an open port in the firewall. I'm not sure what is best or what is most secure. I have a lot of reading to do. Can anyone advise on the pros and cons or suggest some good reading material? I will be using the most recent version of weblogic. Thanks.
You can set up reverse proxy and allow external users to access it via the reverse proxy.
Internal users will anyways have access to WLS. -
Scripted movie won't run outside of firewall...open multiple ports?
I'm new to Flash and AS3, but with the help of many examples I have managed to created a scripted movie using some time lapse photography. I load the images from an XML file and use an event listener to add each image as a child of a movie clip. As the number of children grew, it caused the frame rate to slow, so I figured out that I could remove them after they were viewed and just keep looping through the array.
This works great on the local machine and when served up from the web server behind the firewall. However, if I try to access the file from outside the firewall, it loads the first image or two very slowly (if at all) then hangs. I've performed a net stat from the server and noticed that it is opening an inordinate number of connections to the remote client on various client ports (from 6 to 60+).
Any help would be greatly appreciated! The code I'm using is below...
// Input Parameters
var ssxml:String = "myfile.xml"; // file containing images & dates
// Stage settings
var swfStage:Stage = this.stage;
var swfFrameRate:int = 10;
swfStage.scaleMode = StageScaleMode.NO_SCALE;
// Movie Clip
var mc:MovieClip = new MovieClip(); // initiate movie clip
mc.x = 25; // starting point X
mc.y = 50; // starting point Y
// Text Field
var tf:TextField = this.dtsText;
// Cropping Rectangle
var cr:Sprite = new Sprite();
cr.graphics.beginFill(0x057072);
cr.graphics.drawRect(25,50,550,7);
cr.graphics.endFill();
// Read Flash Variables
try {
var keyStr:String;
var valueStr:String;
var paramObj:Object = LoaderInfo(this.root.loaderInfo).parameters;
for (keyStr in paramObj) {
valueStr = String(paramObj[keyStr]);
if (keyStr == "srcFile") {
ssxml = valueStr;
if (keyStr == "swfFrameRate") {
swfFrameRate = int(valueStr);
swfStage.frameRate = swfFrameRate;
} catch (error:Error) {
trace (error.message);
* Configure a loader to import the list of images and date
* time stamps from an XML file. The list of variables will
* be stored in arrays.
var photos_xml:XML
var xmlLdr:URLLoader = new URLLoader();
xmlLdr.addEventListener(Event.COMPLETE, completeHandler);
xmlLdr.load(new URLRequest(ssxml));
var img_array:Array = new Array(); // images
var dts_array:Array = new Array(); // date time stamps
var img_count:int = 0;
function completeHandler(event:Event):void {
try {
photos_xml = new XML(event.target.data);
var imgs:XMLList = photos_xml.img;
var dtss:XMLList = photos_xml.dts;
img_count = imgs.length();
for (var i=0;i<img_count;i++) {
img_array.push({src:imgs[i].text()});
dts_array.push({src:dtss[i].text()});
} catch(error:Error){
trace(error.message);
var nextImg:int = 0;
var imgLdr:Loader = new Loader();
imgLdr.contentLoaderInfo.addEventListener(Event.COMPLETE, doneLoad);
imgLdr.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, loadError);
imgLdr.contentLoaderInfo.addEventListener(ProgressEvent.PROGRESS, updateInfo);
stage.addEventListener(Event.ENTER_FRAME, enterFrameHandler);
function enterFrameHandler(event:Event):void {
try {
if (img_array.length > 0 ) {
loadInitialImage();
} catch(error:Error){
trace(error.message);
function loadInitialImage():void {
imgLdr.load(new URLRequest(img_array[nextImg].src));
function doneLoad(event:Event):void {
var theImage:DisplayObject = event.target.content;
imgLdr.unload();
var bm:Bitmap = theImage as Bitmap;
mc.addChild(bm);
mc.scaleX = 550/640;
mc.scaleY = mc.scaleX;
addChild(mc);
addChild(cr);
tf.text = dts_array[nextImg].src;
if (mc.numChildren > 1){
mc.removeChildAt(0);
nextImg = (nextImg+1)%img_count;
function loadError($event:IOErrorEvent):void {
tf.text = "Loading Data.....Please Stand By...........";
// Loader Progress
var swfTF:TextField = new TextField();
swfTF.autoSize = TextFieldAutoSize.LEFT;
swfTF.border = false;
addChild(swfTF);
//swfTF.text = "srcFile: " + ssxml + " FR: " + swfFrameRate;
function updateInfo($event:ProgressEvent):void {
swfTF.text = "srcFile: " + ssxml + " FR: " + swfFrameRate
+ " Loading: " + img_array[nextImg].src + " "
+ Math.floor($event.bytesLoaded/1024)
+ " KB of "
+ Math.floor($event.bytesTotal/1024)
+ " KB.";OK I figured it out. Apparently, the ENTER_FRAME event continues firing even as the image loader is processing. Outside the firewall, where it was taking longer to load the images, this was causing loadInitialImage() to request the same image over and over again which resulted in the port behavior I was seeing on the server as well as the client "locking up". The simple fix was to add a variable called currentImg (initialized to -1) which I set equal nextImg in loadInitialImage(). I then modified the if statement in enterFrameHandler() to only call loadInitialImage() if nextImg != currentImage.
-
Picking files outside a firewall
Hi,
I have a scenario where XI needs to pick files from a dropzone outside a firewall.We are using shell scripts to do this.The shell script is triggered from a dummy mapping(in SP12).
Assuming that there are a large number of files to be picked up,there is an issue that the file adapter is not able to process such a huge file load, and hence we have messages getting stuck in the queue.So, there are times when we need to deactivate the adapter, and run the scripts manually.
Is there any way the script can be changed, so that this problem can be worked around?
cheers
PrashanthHi,
Im not clear why the SP level is a problem here. Could you please clarify?
It should'nt be a problem because, you would be implementing this solution at the OS level. XI has nothing to do with this right? So, SP level does not come into picture here.
The script at the OS level, will pick the files from the target outside the firewall, and put a minimum number of files(say 100 files)every 5 mins or so into a directory where XI is polling. Only when the files are in this XI directory, file adapter etc. come into picture. So where is the dependency with the SP level?
Regards,
Smitha. -
Is it possible to restrict SNMP access through firewall
My appoligies if there is already an answered discussion about this, that I didn't find.
In addition to just limiting the IP addresses allowed to have access and TCP/UDP port and direction of access, is it possible to further restrict SNMP traffic through an ASA firewall. Example 1: Can IP address IP_A on network A be forcibly limited to have only readonly SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues(or the configuration of device IB_B )?
IP_A ------- FW -------- IP_B
Example 2: Can IP address IP_A on network A be forcibly limited to have only readonly access to specific OID via SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues (or the configuration of device IP_B)?
IP_A ------> FW ------> IP_B
It looks like IOS 10.3 and above allow devices to have such access limiting. I was wondering if this could also be done via ASA for any end device.
Thanks
JimNo.
An ASA can, as you noted, restrict source and destination IP and port. To do what you are asking, one would need to prevent a string within the payload from being transmitted (or only accept certain strings).
You should just put the access-list on the destination device(s) restricting what host(s) are allowed snmp rw (as you alluded to). That's a very common implementation straight out of the textbook. -
OIM 11g R1 - Restrict Role assignment
Hello,
is it possible, if a user have a special role, that no other roles can be assigned?
For example:
User1 have the role "Restricted" assigned. No other roles can be assigned to that users. Either SYS ADMIN cannot assign other roles.
Only after this role was revoked from the user, other roles can be assigned again.
Is it possible to handle this scenario by an eventhandler?
Edited by: 960944 on May 6, 2013 7:58 AMI don't know if you can prevent, but i am pretty sure you can immediately fix. You can create an event handler like this:
<action-handler class="com.client.code.eventhandler.RoleUserProcessor" entity-type="RoleUser" operation="CREATE" name="RoleUserProcessor" stage="postprocess" order="1000" sync="TRUE"/>
This is just a sample event handler that i've used before that did a check any time a member became a member of a role to perform a certain action. You could do some testing on the operation type, and the stage if you want. But it is possible for you to know anytime a user is added to this role, and anytime a user is added to a different role to check if they are a member of this role you mention. If they are a member, use the APIs to remove them from any others. If they get added to a new role, immediately remove them.
So yes, it is possible, and perhaps this can give you a start at some testing.
-Kevin -
I heard there was a way to configure ZCM or setup a Proxy server or something to remote manage workstations outside of my firewall that is still secure. I really hope this isnt a myth I heard or overly complex because that would be the nicest feature ever. I have users that travel all over the World and USA that I can't remote manage when they call with problems. Could someone shed some light whether this is true or not and if it is how I would go about doing this.
Originally Posted by thsundel
It's because it's not the zcm server that does the remote control session, it's the device where you are remoteing from that handles all traffic between remoter and devices outside.
Thomas
I think part of the confusion is the poor documentation diagram that shows how remote management "works" and it just has a bunch of bi-directional arrows everywhere but fails to state at which point the traffic is going to what and where. -
Help needed for Restricting roles by maintaining values at Profit center
Hi,
My client uses the restriction at Company Code and Cost Center but we were using a * for full authorization to maintain the Profit Center. Now the situation has arisen where we need to maintain a particular Role at Profit Center level. We are creating a new role and maintaining the value of it. But there are a few other Roles where the Profit Center was not maintained and a * (which is already there) will give access to the Profit Center which is actually meant for the new Role.
The Profit Center has values of around 2500 which is going to be difficult to be maintained. Is there any other method where in we can restrict the Roles at Profit Center level by giving some ranges and if it is please let me know the format?
Regards
ShakeelHi
There are two methods that you can maintain:
1. Using the Company Code
2. Using the Company Code simultaneously with Profit Center
The approach that we are following is like that: We have created a excel file which contains the segegrated list of Profit Centers according to Company Code.
Now if you provide the range of Company code ( that can be achieved in authorization fields) the profit center related will automaically be associated by giving *.
We can give the range of profit center at two levels....one at the Organizational Level which would give acess to all the authorization objects present in the Role.
Other is give the range at the Authorization Object Level...that would give access to that particular Authorization Object or the Tcodes related to that.
Check out this thread also
How to assign profit center or cost center authorizations ? -
Issue viewing Silverlight content outside of firewall
Service Manager portal works great inside the firewall, but users are having issues viewing the Silverlight content outside of our corporate firewall. Both the portal and web content server are hosted on the same box using different IPs with
port 443. Any ideas on to enable the Silverlight content to operate properly outside of the corporate firewall?one thing to check would be that the Web Content Service is accessable using the same DNS names. The Silverlight client (running inside the browser) needs to be able to reach the non-SharePoint web service and content that's on the "other" server.
if it's working internally, but not externally, I would check to make sure that the "other" web service DNS names and ports are resolvable and accessable from the outside.
one more thing to be aware of: the images in the portal are downloaded every time the Silverlight client is reloaded, so it's in your interest to make sure that any images you add are THROUGHLY optimized for web distribution over low bandwidth. -
Blocking unsolicited echo-reply from the outside of firewall
What is the easiest way to stop unsolicited icmp echo-reply packets coming from the outside of an Cisco ASA 5500 firewall?
Hi,
The firewall should now allow any ICMP Echo replys through the firewall if it hasnt seen a Echo for that same reply.
Instead of allowing Inbound ICMP from the WAN with an ACL you should configure ICMP Inspection
In a very default ASA configuration they would be added in the following way
policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error
Hope this helps
- Jouni
Maybe you are looking for
-
When setting up my mouse, it asked me to name it. When I just paired my keyboard with my powerbook, it named it the persons name that was the previous owner of my powerbook. I deleted device and started over, thinking that I overlooked the nameing op
-
How to identify the environment (database) Apex is running on?
Hi We are going to have 3 environments here: Development, Test and Production (separate databases/servers for each one). As usual, the development process will move applications from Dev -> Test -> Prod. On my Apex 3 applications, I would like to vis
-
Perspective Grid: How do I draw a cube showing only its TOP and its FRONT?
Can I create this with Illustrator's Perspective Grid? the 1-, 2-, and 3-point perspectives don't seem to be what I need...
-
Hi All, Kindly assist, I have an exchange 2003 and exchange 2007 in our network environment. Our exchange 2003 is on a server and 2007 on another, The first server that host exchange 2003 forwards all email to the second server hosting exchange 2007
-
Live 24-bit ---- Line-In -- ignores custom suround
<SPAN>Computer Hardware<SPAN>HP Pavilion - PIII 500 - 384 ramLi've! 24-bit (internal)<SPAN>Inspire 5800 speakers <SPAN>Non-Computer Hardware<SPAN>Sony External DVD Player <SPAN>My point in this project was to set up a surround sound system for my TV.