SSH to ASA through VPN

Similar Messages

• Manage ASA via VPN on its outside interface

  I have a few ASAs in region offices, and connected to headquater ASA via IPsec P2P VPNs through internet.  VPN is setup on outside interfaces of those ASAs.  Now my trouble is to manage those region offices' ASAs from headquater network.  I cannot directly connecte to any those remote ASAs, I have to logon a remote switch behine them then logon the remote ASA.  My syslog and network management servers are all in headquater network, none of them can talk to remote ASAs, unless I let them do it on public IPs.
  How can I manage(snmp, syslog, etc) a remote ASA through the IPsec VPN tunnel setup on its outside interface?
  I am thinking add the outside interface public IP into the ACL for VPN Phase 2 crypto map.  Will it work?
  Cisco Supermen have an idea?
  Thanks a lot.

  I am by no means any Superman, but i think i can help
  You can actually configure all the SSH, SNMP, Syslog using the ASA inside interface, and that would be part of the interesting crypto ACL traffic (assuming that the crypto ACL includes the ASA inside interface subnet).
  Eg:
  For SSH:
  ssh inside
  For Syslog:
  logging host inside
  For SNMP:
  snmp host inside
  Plus, you would also need to configure: management-access inside on all your regional offices ASA.
  Hope that helps.

• IP lan can't acces remote network through VPN

  hello
  i want my asa 5505 8.2(5) to access my proxy server on remote lan through VPN
  my VPN is OK, all PCs of local network can access to remote network.
  but ASA on local network can't access to remote network.
  i think it's a NAT problem but ....
  local network 192.168.157.0/24 local IP ASA 192.168.157.1
  remote netword 10.28.0.0 /16
  remote proxy 10.28.1.26
  my conf
  ASA Version 8.2(5)
  hostname ASACTM
  enable password GC3gU8Dqv5.xJLCr encrypted
  passwd GC3gU8Dqv5.xJLCr encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.157.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 90.89.245.154 255.255.255.248
  ftp mode passive
  access-list InOutside extended permit icmp any any
  access-list outside_1_cryptomap extended permit ip 192.168.157.0 255.255.255.0 10.28.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.157.0 255.255.255.0 10.28.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.157.0 255.255.255.0 192.168.57.0 255.255.255.0
  access-list VPNRACTM_splitTunnelAcl standard permit 192.168.157.0 255.255.255.0
  access-list InInside extended permit tcp 192.168.157.0 255.255.255.0 10.28.0.0 255.255.0.0 eq www
  access-list InInside extended deny tcp 192.168.157.0 255.255.255.0 any eq www
  access-list InInside extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500ip local pool POOLIPVPNCTM 192.168.57.1-192.168.57.254 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group InInside in interface inside
  access-group InOutside in interface outside
  route outside 0.0.0.0 0.0.0.0 90.89.245.155 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.157.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer 90.80.215.141
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet 192.168.157.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.157.121-192.168.157.150 inside
  dhcpd dns 10.28.1.16 194.2.0.20 interface inside
  dhcpd wins 10.28.1.16 10.28.1.7 interface inside
  dhcpd domain vignes.local interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy VPNRACTM internal
  group-policy VPNRACTM attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPNRACTM_splitTunnelAcl
  default-domain value vignes.local
  username admin password 6QiRA9AlUbU.gFTP encrypted privilege 0
  username admin attributes
  vpn-group-policy VPNRACTM
  username ICS1 password 5nDKAM1RJweYzrBO encrypted privilege 0
  username ICS1 attributes
  vpn-group-policy VPNRACTM
  tunnel-group 90.80.215.141 type ipsec-l2l
  tunnel-group 90.80.215.141 ipsec-attributes
  pre-shared-key *****
  tunnel-group VPNRACTM type remote-access
  tunnel-group VPNRACTM general-attributes
  address-pool POOLIPVPNCTM
  default-group-policy VPNRACTM
  tunnel-group VPNRACTM ipsec-attributes
  pre-shared-key *****
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:e2c2e2223cb7d5d83af808bb0a2b2636
  : end
  thanks a lot

  What do you mean by you would like the ASA to access the proxy server at the remote end?
  What configuration/command have you configured on the ASA for the ASA itself to access the remote proxy server?
  Do you want the PC behind the ASA to access the remote proxy server, or you want the ASA itself to access the remote proxy server?
  How do you want to access the proxy server?

• ASA 5505 VPN Connection Issue

  Good morning everyone,
  At my last position I was IT Director whose area of expertise was database and application development. All of the company's networking planning and maintainence I entrusted to my sysadmin, Salvadore. Back in 2004 we began implementing major changes in the network. Salvadore recommended SonicWALL firewalls. He did a fantastic job of securing our valuable server assets. Among the many improvements Salvadore established VPN access to the datacenter assets for mobile employees. What I remember especially well was the ease-of-use: start the VPN Client then RDP to a server or connect with SQL Server, in addition to connecting to all devices on my home network. It was absolutely beautiful!
  Fast forward to today. I have since retired. I do a little bit of daytrading on the side for entertainment. I leased a dedicated server to run an application that runs continuously 24 hours a day, 5 days a week. I contacted Salvadore to do a security audit on the server. As expected the server was under constant assault by bots trying to hack the RDP port. Salvadore recommended a firewall. The datacenter host offered us two choices of Cisco firewalls, one of which we chose: ASA 5505.
  Today I have a secure server which pleases me. The one thing that bothers me however is that I lose access to my home network devices while the VPN Client is connected. Here are the symptoms:
  I cannot send an email with Outlook as I normally do by relaying off of my Internet provider's SMTP server.
  I cannot connect to the TradeStation servers with my TradeStation application using login credentials that are authorized for my home network only.
  I cannot access my Seagate network storage drive.
  This is what I discovered:
  My wireless adapter (which I use from this laptop) identifies itself as "Wireless LAN adapter Wireless Network Connection" in IPCONFIG. IPv4 address is 192.168.0.5. Default Gateway: 192.168.0.1.
  After I connect the VPN Client, IPCONFIG reports a new adapter: "Ethernet adapter Local Area Connection 2". IPv4 address is 10.0.10.4. Default Gateway: 10.0.10.1.
  When I launch Windows Task Manager and click on the Networking tab, I see those two adapters.
  When launch IE and go to bandwidthplace.com to run a test, I see all of the network traffic going over "Ethernet adapter Local Area Connection 2".
  When I disconnect VPN and then rerun the bandwidth test, I see that all of the network traffic now goes over "Wireless LAN adapter Wireless Network Connection".
  This explains all of the symptoms:
  My Internet Provider will only allow me to relay off of their email servers if I am connected to their network.
  TradeStation refuses connection to their network because my credentials do not match my network address.
  There is no Seagate network storage device on the remote server network.
  My questions to the Cisco Support Community are:
  Is this the best I can hope for?
  Must all traffic be routed through the VPN connection?
  Is there any way to route traffic destined for 10.0.*.* through VPN and everything else through the default connection?
  Thank you everyone for your help. I would be happy to provide additional detailed information.

  Hi Brian,
  you can route traffic destined to 10.0.*.* over the VPN and keep normal internet traffic unencrypted over the default connection - this setup is known as VPN Split Tunnelling.
  This doc shows how to setup the access control list and apply this to the tunnel policy.
  Hope this helps
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

• Tcp Connection timeout on ASA for vpn traffic

  Hello All
  I need an answer please.
  I wanted to give tcp conenction timeout as unlimited for some IPs coming through VPN.
  So, I created an access-list defining the traffic for which I want this tcp timeout.
  Then a class map, policy map, entered set timeout to '0'
  Applied it under default service-policy, which is applied as global (by default).
  My doubt is should I apply the service policy on the interface or the global will work.
  Just a silly doubt
  Thanks in advance.

  Hi,
  I think it should work just fine if you attach it to the default "policy-map" configuration that you have attached globally on the ASA.
  You might want to configure the timeout value as something long rather than setting it as unlimited.
  - Jouni

• Error Running a Page in Jdeveloper through VPN

  I am having an issue running a Hello World Page in JDeveloper9i through VPN. When I try to run a page, web browser is trying to open
  the page based on the Host Name or IP Address used to refer to Embedded OC4J.
  It would be really great if you could help me to resolve this issue.
  Thanks
  Edited by: user2014196 on May 18, 2009 6:40 PM

  I am having an issue running a Hello World Page in JDeveloper9i through VPN. When I try to run a page, web browser is trying to open
  the page based on the Host Name or IP Address used to refer to Embedded OC4J.
  It would be really great if you could help me to resolve this issue.
  Thanks
  Edited by: user2014196 on May 18, 2009 6:40 PM

• Error in Running a Page in Jdeveloper through VPN

  I am having an issue running a Hello World Page in JDeveloper9i through VPN. When I try to run a page, web browser is trying to open
  the page based on the Host Name or IP Address used to refer to Embedded OC4J.
  It would be really great if you could help me to resolve this issue.
  Thanks
  Edited by: user2014196 on May 18, 2009 6:40 PM
  Edited by: user2014196 on May 18, 2009 7:11 PM

  The exact error is I cannot view the HelloWorld Page.
  I can access the database through VPN. I checked the Application Login/pwd and Responsibility name and Key. Everything is correct.
  There are four options to select from embedded OC4J, I tried all the four options but the HelloWorld page is not displaying.
  I got this exception when i selected Default Local IP Address in Embedded OC4J.
  oracle.apps.fnd.framework.OAException: Application: FND, Message Name: SYSTEM-ERROR. Tokens: MESSAGE = Io exception: The Network Adapter could not establish the connection; (Could not lookup message because there is no database connection) at oracle.apps.fnd.framework.server.OAExceptionUtils.processAOLJErrorStack(OAExceptionUtils.java:988) at oracle.apps.fnd.framework.server.OAUtility.getWebAppsContext(OAUtility.java:352) at oracle.apps.fnd.framework.CreateIcxSession.getEncryptedSessId(CreateIcxSession.java:144) at oracle.apps.fnd.framework.CreateIcxSession.createSession(CreateIcxSession.java:80) at runregion.jspService(runregion.jsp:96) at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:727) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803) at java.lang.Thread.run(Thread.java:534) ## Detail 0 ## oracle.apps.fnd.framework.OAException: Application: FND, Message Name: FND_GENERIC_MESSAGE. Tokens: MESSAGE = java.sql.SQLException: Io exception: The Network Adapter could not establish the connection; (Could not lookup message because there is no database connection) at oracle.apps.fnd.framework.OAException.wrapperException(OAException.java:888) at oracle.apps.fnd.framework.OAException.wrapperException(OAException.java:862) at oracle.apps.fnd.framework.server.OAExceptionUtils.processAOLJErrorStack(OAExceptionUtils.java:980) at oracle.apps.fnd.framework.server.OAUtility.getWebAppsContext(OAUtility.java:352) at oracle.apps.fnd.framework.CreateIcxSession.getEncryptedSessId(CreateIcxSession.java:144) at oracle.apps.fnd.framework.CreateIcxSession.createSession(CreateIcxSession.java:80) at runregion.jspService(runregion.jsp:96) at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:727) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803) at java.lang.Thread.run(Thread.java:534) ## Detail 0 ## java.sql.SQLException: Io exception: The Network Adapter could not establish the connection at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:334) at oracle.jdbc.ttc7.TTC7Protocol.handleIOException(TTC7Protocol.java:3675) at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:352) at oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:365) at oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.java:536) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:328) at java.sql.DriverManager.getConnection(DriverManager.java:512) at java.sql.DriverManager.getConnection(DriverManager.java:140) at oracle.apps.fnd.security.ConnectionManager.dbConnect(ConnectionManager.java:1194) at oracle.apps.fnd.security.ConnectionManager.dbConnect(ConnectionManager.java:1121) at oracle.apps.fnd.security.AppsConnectionManager.makeGwyuidConn(AppsConnectionManager.java:664) at oracle.apps.fnd.security.AppsConnectionManager.getGwyuidConn(AppsConnectionManager.java:736) at oracle.apps.fnd.security.AppsConnectionManager.makeGuestConnection(AppsConnectionManager.java:575) at oracle.apps.fnd.security.DBConnObj.<init>(DBConnObj.java:240) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:274) at oracle.apps.fnd.common.Pool.createObject(Pool.java:1187) at oracle.apps.fnd.common.Pool.borrowObject(Pool.java:946) at oracle.apps.fnd.security.DBConnObjPool.borrowObject(DBConnObjPool.java:703) at oracle.apps.fnd.security.AppsConnectionManager.borrowConnection(AppsConnectionManager.java:232) at oracle.apps.fnd.common.Context.borrowConnection(Context.java:1773) at oracle.apps.fnd.common.AppsContext.getPrivateConnectionFinal(AppsContext.java:2460) at oracle.apps.fnd.common.AppsContext.getPrivateConnection(AppsContext.java:2398) at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:2257) at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:2072) at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1976) at oracle.apps.fnd.profiles.Profiles.getConnection(Profiles.java:2494) at oracle.apps.fnd.profiles.Profiles.getProfileOption(Profiles.java:1304) at oracle.apps.fnd.profiles.Profiles.getProfile(Profiles.java:384) at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfileFromDB(ExtendedProfileStore.java:210) at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfile(ExtendedProfileStore.java:169) at oracle.apps.fnd.profiles.ExtendedProfileStore.getProfile(ExtendedProfileStore.java:148) at oracle.apps.fnd.common.logging.DebugEventManager.configureUsingDatabaseValues(DebugEventManager.java:1147) at oracle.apps.fnd.common.logging.DebugEventManager.configureLogging(DebugEventManager.java:1008) at oracle.apps.fnd.common.logging.DebugEventManager.internalReinit(DebugEventManager.java:977) at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:944) at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:931) at oracle.apps.fnd.common.AppsLog.reInitialize(AppsLog.java:570) at oracle.apps.fnd.common.AppsContext.initLog(AppsContext.java:873) at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:858) at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:827) at oracle.apps.fnd.common.AppsContext.<init>(AppsContext.java:686) at oracle.apps.fnd.common.WebAppsContext.<init>(WebAppsContext.java:846) at oracle.apps.fnd.framework.server.OAUtility.getWebAppsContext(OAUtility.java:351) at oracle.apps.fnd.framework.CreateIcxSession.getEncryptedSessId(CreateIcxSession.java:144) at oracle.apps.fnd.framework.CreateIcxSession.createSession(CreateIcxSession.java:80) at runregion.jspService(runregion.jsp:96) at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:727) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803) at java.lang.Thread.run(Thread.java:534) oracle.apps.fnd.framework.OAException: Application: FND, Message Name: FND_GENERIC_MESSAGE. Tokens: MESSAGE = java.sql.SQLException: Io exception: The Network Adapter could not establish the connection; (Could not lookup message because there is no database connection) at oracle.apps.fnd.framework.OAException.wrapperException(OAException.java:888) at oracle.apps.fnd.framework.OAException.wrapperException(OAException.java:862) at oracle.apps.fnd.framework.server.OAExceptionUtils.processAOLJErrorStack(OAExceptionUtils.java:980) at oracle.apps.fnd.framework.server.OAUtility.getWebAppsContext(OAUtility.java:352) at oracle.apps.fnd.framework.CreateIcxSession.getEncryptedSessId(CreateIcxSession.java:144) at oracle.apps.fnd.framework.CreateIcxSession.createSession(CreateIcxSession.java:80) at runregion.jspService(runregion.jsp:96) at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:727) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803) at java.lang.Thread.run(Thread.java:534) ## Detail 0 ## java.sql.SQLException: Io exception: The Network Adapter could not establish the connection at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:334) at oracle.jdbc.ttc7.TTC7Protocol.handleIOException(TTC7Protocol.java:3675) at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:352) at oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:365) at oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.java:536) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:328) at java.sql.DriverManager.getConnection(DriverManager.java:512) at java.sql.DriverManager.getConnection(DriverManager.java:140) at oracle.apps.fnd.security.ConnectionManager.dbConnect(ConnectionManager.java:1194) at oracle.apps.fnd.security.ConnectionManager.dbConnect(ConnectionManager.java:1121) at oracle.apps.fnd.security.AppsConnectionManager.makeGwyuidConn(AppsConnectionManager.java:664) at oracle.apps.fnd.security.AppsConnectionManager.getGwyuidConn(AppsConnectionManager.java:736) at oracle.apps.fnd.security.AppsConnectionManager.makeGuestConnection(AppsConnectionManager.java:575) at oracle.apps.fnd.security.DBConnObj.<init>(DBConnObj.java:240) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:274) at oracle.apps.fnd.common.Pool.createObject(Pool.java:1187) at oracle.apps.fnd.common.Pool.borrowObject(Pool.java:946) at oracle.apps.fnd.security.DBConnObjPool.borrowObject(DBConnObjPool.java:703) at oracle.apps.fnd.security.AppsConnectionManager.borrowConnection(AppsConnectionManager.java:232) at oracle.apps.fnd.common.Context.borrowConnection(Context.java:1773) at oracle.apps.fnd.common.AppsContext.getPrivateConnectionFinal(AppsContext.java:2460) at oracle.apps.fnd.common.AppsContext.getPrivateConnection(AppsContext.java:2398) at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:2257) at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:2072) at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1976) at oracle.apps.fnd.profiles.Profiles.getConnection(Profiles.java:2494) at oracle.apps.fnd.profiles.Profiles.getProfileOption(Profiles.java:1304) at oracle.apps.fnd.profiles.Profiles.getProfile(Profiles.java:384) at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfileFromDB(ExtendedProfileStore.java:210) at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfile(ExtendedProfileStore.java:169) at oracle.apps.fnd.profiles.ExtendedProfileStore.getProfile(ExtendedProfileStore.java:148) at oracle.apps.fnd.common.logging.DebugEventManager.configureUsingDatabaseValues(DebugEventManager.java:1147) at oracle.apps.fnd.common.logging.DebugEventManager.configureLogging(DebugEventManager.java:1008) at oracle.apps.fnd.common.logging.DebugEventManager.internalReinit(DebugEventManager.java:977) at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:944) at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:931) at oracle.apps.fnd.common.AppsLog.reInitialize(AppsLog.java:570) at oracle.apps.fnd.common.AppsContext.initLog(AppsContext.java:873) at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:858) at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:827) at oracle.apps.fnd.common.AppsContext.<init>(AppsContext.java:686) at oracle.apps.fnd.common.WebAppsContext.<init>(WebAppsContext.java:846) at oracle.apps.fnd.framework.server.OAUtility.getWebAppsContext(OAUtility.java:351) at oracle.apps.fnd.framework.CreateIcxSession.getEncryptedSessId(CreateIcxSession.java:144) at oracle.apps.fnd.framework.CreateIcxSession.createSession(CreateIcxSession.java:80) at runregion.jspService(runregion.jsp:96) at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:727) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803) at java.lang.Thread.run(Thread.java:534)
  Is there any settings do I need to set when accessing Jdeveloper through VPN???

• Not Able to Telnet or SSH Cisco ASA

  Hi,
  I am not able to do the following to Cisco ASA with one IP address 172.19.1.11, below is the configuration in ASA. Earlier it was working, all of a sudden it stopped working.
  Please help.
  1. Not Able to SSH
  2. Solarwinds not able to take information from ASA.
  http 172.19.1.11 255.255.255.255 inside
  snmp-server host inside 172.19.1.11 community srnemapd
  telnet 172.19.1.11 255.255.255.255 inside
  ssh 172.19.1.11 255.255.255.255 inside
  ntp server 172.19.1.11 source inside prefer

  Hi there,
  Just add a new IP address for ssh to ASA, this will kick start the demon.
  This new IP does not have to be a real one.
  Hope this helps.
  Thanks
  Rizwan Rafeek

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• ASA 5505 VPN Network access problem

  I have been working on this thing all night and I can't seem to get any where. I have a very straight forward set up, and so far the only issue I'm having is being able to access the network when connected through VPN, I have internet access, but nothing else and it's really strange.
  Here is my config, I thought this would be a pretty straight forward set up, and I got everything else up and running with in a few minutes, but not being able to access the network via VPN is frustrating after I have tried all night to get it to work. I have read a lot of stuff online, and I keep on thinking im close but never get anywhere. Any help is appreciated.
  Attached is the config.
  Thanks

  Your NAT config confuses me. Are those "static (inside,inside)" lines for real?
  try this:
  no global (inside) 1 interface
  no nat (T1) 1 access-list outside_nat dns
  nat (inside) 0 access-list Local_LAN_Access
  And remove those dodgy "static (inside,inside)" NATs!
  I recommend staying with tunnelling everything.
  You should tighten "access-list T1_access_in" because at the moment all IP is allowed from the internet to those "static (inside,T1)" NATs.
  If you put "no sysopt connection permit-vpn" then all VPN traffic is forced through "access-list T1_access_in" - an easy way of filtering it.
  I would tighten "access-list inside_access_in" but unapply and remove "access-list inside_access_out".

• Access Site to Site Networks behind Cisco ASA thru VPN Client

  I have configured remote access thru asa for vpn clients to our main network. I can ping the required networks from vpn client. Internally I can ping remote network thru our sonicwall site to site vpn. I however cannot ping the remote network from the vpn client. I've added the network in the configuration on the ASA that I am trying to connect to. Any ideas what I can do so I can connect to Site B thru my vpn client connecting to Site A?
  Thanks,
  Matt

  Hello, matt0000111111.
  Did you add a VPN clients network to the sit-to-site VPN settings and to the NAT list (if nat exist at the interfaces at site-to-site vpn)?

• Problem opening Crystal Report from SAP GUI through VPN

  Hi Everyone,
    I am facing an issue with opening the crystal report from SAP BW Role menu(SAP GUI). The issue is only with the BW Users who are connecting to the Client systems through VPN. All the settings are done perfectly in the Transaction /CRYSTAL/RPTADMIN and SICF for the CE_URL.
  For those who are in the client network it works fine. Please see the URLs generated in both the cases,below.
  From Client N/W
  [http://sapbobj:8080/SAP/jsp/Action_Dispatch/dispatch.jsp?sap_client=100&cmsname=sapbobj:6400&language=EN&sap_sysid=D40&bw_id=4HUFYJ3XBZ7QLP5HIDYPR7PR6&sap-client=100&actionName=SAP_CrystalReport_View&appKind=InfoView&service=%2FInfoViewApp%2Fcommon%2FappService.do&loc=&initialFolderId=null]
  Through VPN
  [http://sapbwd.abc.com:8100/sap/bw/ce_url?(ce_protcl):(DS)(ce_server)/(ce_path_pr)/viewreport.csp(Q)bw_id=4HUPI3I78CG4S4EDH7XSDP736&sap_sysid=(sysid)&sap_client=100&language=EN&sap-client=100]
  where "sapbobj" is the BOBJ system and "sapbwd" is the SAP BW Dev box.
  For me it seems to be something related to the N/W. Please provide me your valuable inputs to solve this issue.
  Thanks in Advance,
  Koka M
  Edited by: Madan Koka on May 19, 2010 5:18 PM

  Hi,
  I'm also facing the same issue. when try to open my report the URL doesn;t taking "bw_id".
  It is blank for all transported reports.
  Any advice..
  Thanks,
  Jothi

• Exchange 2013 Mail Flow Through VPN

  I have 2 Exchange servers in 2 different AD sites. Is it possible to route mail flow between the 2 sites through a VPN tunnel? I want to force mail flow between the 2 servers to route externally through the internet.
  Appreciate any feedback.

  Hi Chester,
  we have a DNS record for mail and this record is pointing to our private IP address of CAS server. Network team has done network configuration for that particular IP to route the traffic through VPN tunnel to the Exchange servers in other site. Another thing
  for you to think is Private IP request won't go to internet and will go to DNS server in that site and once the DNS server will resolve that request against IP address the traffic will be routed to that server.
  Kindly mark this as answer if found helpful. Thanks.
  Regards, Riaz Javed Butt | Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365 | msexchgeek.wordpress.com

• Connecting to BW system through VPN in Design Studio

  Hi Experts,
  I tried to connect to my client BW system through VPN and used the URL in my Design studio, but when I connect like that the Design Studio is working very slowly and hanging several times,  If I connect to the same system via Lumira it is working fast.
  Can you please suggest me what are the cautions I need to take when I connect to BW system via VPN to make my Design Studio work fast with out hanging several times on my local system.
  Thank you,
  Hari

  Hello Hari
  remember that Design Studio is a live connection and in Lumira you can use a BW offline connection which downloads the data.
  regards
  Ingo Hilgefort, Visual BI

• We are unable to connect to Integration builder through VPN.

  Hi,
  We are unable to connect to Integration builder through VPN.
  Below are the errors we get:
  a. In two of the PI 7.0 Systems  we get:
       i. Cannot open connection on host x and port y.
       ii.com.sap.engine.services.rmi_p4.P4IOException: Cannot open connection on host: x and port:y
       iii. java.net.SocketException: Malformed reply from SOCKS server
  b. In the other two PI 7.1 systems we get:
       i. MESSAGE ID: com.sap.aii.ib.core.ejbutil.rb_all.SERVER_NOT_AVAILABLE
       ii. com.sap.engine.services.jndi.persistent.exceptions.NamingException: Exception while trying to get InitialContext. [Root exception is com.sap.engine.interfaces.cross.DestinationException: cannot establish connection with any of the available instances:
  uvw.xyz.abc.net:51504 Reason: com.sap.engine.services.rmi_p4.P4IOException: Cannot open connection to host: x and port:y]
       iii. com.sap.engine.interfaces.cross.DestinationException: cannot establish connection with any of the available instances:
  uvw.xyz.abc.net:51504 Reason: com.sap.engine.services.rmi_p4.P4IOException: Cannot open connection to host: x and port: y
  The hosts and ports are accessible. (Telnets and tracerts work fine for all the systems)
  We are able to access the SLD and Runtime workbench on all the environments. However, Integration Builder tools are not accessible.
  Any clue on what the problem might be?
  Thank you,
  Siva.

  Hi Siva,
  When you execute SXMB_IFR from PI, do you get  Integration Builder page?
  Are you trying to directly access the PI server by the known URLs?
  Also, Following links may be of your use:
  Integration Builder -Configuration is not openning?
  Re: unable to logon to Enterprise Services Builder or Integration Builder
  Regards,
  Nipun