SSL Config problem

Hi all,
I uploaded a cert file and I am getting a runtime error when I try to delete a wrong certificate from Key Store in Visual Admin.
Can you tell me how to delete the certificate?
Thank you in advance.
Regards,
Subu

This should not happen. Check if the entries in the orasso.wwsec_papp_configuration_in_t point portal to the right SSO entries. Also check if the OIDDAS operation url's are correct in the oid.
cu
Andreas

Similar Messages

Https ssl config Oracle AS, webcache, portal...almost works

Hi,
I have searched the forums and I havent found anything that works for me.
I have Oracle infrastructure on one server, and Oracle App server/portal on another server. I can get as far as the http server showing the "welcome to oracle" page in https form. When I try to access a page in the portal (plsql) I get a blank page. It does convert the "https://myserver:xxxx//pls/portal/url/page/IRWEB/HOME
" to "https://myserver:xxxx/portal/page?_pageid=73,86254,73_86264:73_86316:73_8632...." but nothing comes up.
Also, it uses the Infrastructure server for single-sign-on...so I need to make the app server do the single sign-on. I've tried by adding /pls/orasso entry in DADS.conf of http server..
So as far as I can tell...the http server IS operating in https/ssl, but the single-sign-on and the pages in the portal are not.
I have to do everything manually since I am using 10.1.2 (no Oracle Collab Suite installed, so no SSLConfigTool and other assistants)
Here is what I've done to get https://myserver:xxxx/ to come up ok.
server 1: Oracle Infrastructure and Oracle database release 1 10.1.2.0.0
server 2: Oracle Application Server / Portal with webcache release 2 10.1.2
using Oracle Wallet for certificate,
http server -> process management "ssl-enabled",
http server -> advanced -> ssl.config: SSLWallet file:, SSLWalletPassword, virtual host for ssl
webcache -> added settings for ssl (I used the current entries for non-ssl as a guide for the ssl entries)
Interesting issue...with the ports in the ssl.conf file example:
Port 4459
Listen 4459
VirtualHose myserver.blah.edu:4450
Port 4458
When I get the blank page trying to use ssl and 4459, I can manually change the url in my browser to 4458 (or maybe its the other way around) and get this message: "Error: The portlet could not be contacted"
Is this a problem with webcache? Do I have to do any ssl config on the server with the database?
I've even tried disabling the webcache, both with the oracle sql script and through web interface but neither made a difference...same problem.
Any help would be greatly appreciated..I feel as if I'm almost there.
If I did not post enough info for accurate help, please ask what you need to know to provide help! Thanks in advance.

Hi,
Yes you can go for SSl configuration without re-installing any of the components.
Regards,
access_tammy

SSL config

Dear Sir,
I have a pair of 11501, which load balance two SSL server behind them. The cert is stored in SSL server(10.106.13.20 & 21). The external vip is 10.106.13.224.
I read the SSL Config Gide and made the below configuration. Can you check if my config below is ok?
ssl-proxy-list PIS-SSL-LIST
backend-server 1
backend-server 1 type backend-ssl
backend-server 1 ip address 10.106.13.224
backend-server 1 server-ip 10.106.13.20
backend-server 1 version ssl3
backend-server 1 session-cache 300
backend-server 1 tcp virtual ack-delay 0
backend-server 2
backend-server 2 type backend-ssl
backend-server 2 ip address 10.106.13.224
backend-server 2 server-ip 10.106.13.21
backend-server 2 version ssl3
backend-server 2 session-cache 300
backend-server 2 tcp virtual ack-delay 0
active
service PIS-SSL-SERVICE
type ssl-accel-backend
ip address 10.106.13.224
add ssl-proxy-lit PIS-SSL-LIST
active
owner PIS-SSL-OWNER
content PIS-SSL-VIP-1
vip adddress 10.106.13.224
port 80
advanced-balance arrowpoint-cookie
url "/*"
add service PIS-SSL-SERVICE
active
Thanks

this is totally wrong unfortunately.
What are you trying to achieve here ?
Normally the connection between CSS and server does not need to be encrypted because they are close to each other.
You probably want to encrypt the connection from the client to the CSS since this connection goes throug the Internet.
Is this what you need ?
Here are sample configs:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp999094
backend-ssl is @
SSL Transparent Proxy Configuration - HTTP and Back-End SSL Servers
You will see that you did many mistakes, like ip addresses used in the ssl-proxy-list.
Gilles.

SSL-Config: Oc4J does not reload keystore/truststore at runTime

Hi all, i have a little question about the SSL-Config into OC4J.
I have a webApp bound to a secure web site that requires mutual-authentication. If I add at run-time (without stopping OC4J) a trusted entry (a CA) to the keystore the secure-web-site is related to, OC4J does not "reload" the keystore with the new entry. Thus, i have to restart the OC4J to be able to accept SSLconnection that are authenticated by means of that new CA. The qeustion is: Does it exist a conifguration that has to be performed to reload at run-time a keystore in OC4J or it's necessary to restart OC4J each time a new entry to a keystore mapped for a given secure-web-site is added?
I hope someone can give me a tip,
Best Regards

Hi I tried this with latest 10.1.3 Developer Preview 4 and it worked great and I could start OC4J standalone in https mode. Can you please download the latest version of OC4J 10.1.3 DP4 stand-alone and try in there ? The OC4J version embedded with JDev 10.1.3 Preview is pretty old and there have been many bugs fixed since then
http://www.oracle.com/technology/tech/java/oc4j/index.html
-Debu

Audio Config" problem after upgrading to 7.6

I have only had my ipod one week. It is working beautifully. My problem is that I can no longer charge it or add songs to it because I can not open itunes. The previous version worked beautifully on my computer. After I upgraded to 7.6, it stopped working and I get an Audio Config. problem everytime I try to open it. I have tried uninstalling and reinstalling the program but it does not help. What do I need to do to fix this problem?

I have had my ipod a few weeks - but have nothing but problems letting itunes run the syncing, sometime it works and sometimes it does not. I had to reset my ipod 2 times already just to keep song on here, should have gone with Zune or Sonys (what my wife has) they are not having a single issue...
I would like to add my voice to his - I upgraded to 7.6, it stopped working and I get an Audio Config. problem everytime I try to open it. I have tried uninstalling and reinstalling the program but it does not help. What do I need to do to fix this problem ! ! ! ! ?

Ace ssl-proxy problem, Online store.

Hello!
I have a problem with moving our online store loadbalancing to a Cisco ACE solution from Windows NLB that it runs on now. And also relive the servers from the ssl encrypt and decrypting of sessions.
The load balancing works', as long the session is Http, but when the "customer" comes to the point that i is going to pay. Our shop is jumping over to HTTPs and this is where the problem appear.
The "customer" is getting the certificate right but the site is not displayed = the session to the shop seems to die.
If i have missed something in the config or if someone have any other idea why this dont work for me..
Appreciate any help!
My config:
(at the moment only web5 is in use)
ACE-1/CO-WEB1# show run
access-list ANY line 10 extended permit ip any any
access-list icmp line 8 extended permit icmp any any
probe http PROBE-HTTP
interval 3
passdetect interval 10
passdetect count 2
expect status 200 200
expect status 300 323
parameter-map type ssl SSLPARAMS
cipher RSA_WITH_RC4_128_MD5
rserver host vmware-server1
description testserver1
ip address 219.222.4.180
probe PROBE-HTTP
inservice
rserver host vmware-server2
description testserver 2
ip address 219.222.4.181
probe PROBE-HTTP
inservice
rserver host web5
description testserver from windows nlb
ip address 219.222.4.185
probe PROBE-HTTP
inservice
ssl-proxy service SSL-PROXY-SE
key cert-se.key
cert cert-se.pem
ssl advanced-options SSLPARAMS
serverfarm host WM-ware_servers
rserver vmware-server1
inservice
serverfarm host webtest
description testserver-farm
predictor leastconns
rserver vmware-server1 80
rserver vmware-server2 80
rserver web5
inservice
sticky ip-netmask 255.255.255.0 address source STICKY-GROUP1
timeout 60
serverfarm webtest
class-map match-all VIP-HTTP
2 match virtual-address 219.222.4.178 tcp eq www
class-map match-all VIP-HTTPS
2 match virtual-address 219.222.4.178 tcp eq https
class-map type management match-any icmp
description for icmp reply
2 match protocol icmp any
policy-map type management first-match icmp
class icmp
permit
policy-map type loadbalance first-match VIP-HTTP
class class-default
sticky-serverfarm STICKY-GROUP1
policy-map type loadbalance first-match VIP-SSL
class class-default
serverfarm webtest
policy-map multi-match SLB-VIP-HTTP
class VIP-HTTP
loadbalance vip inservice
loadbalance policy VIP-HTTP
loadbalance vip icmp-reply
class VIP-HTTPS
loadbalance vip inservice
loadbalance policy VIP-SSL
loadbalance vip icmp-reply
ssl-proxy server SSL-PROXY-SE
interface vlan 21
description ### ACE OUTSIDE mot FW ###
ip address 219.222.4.171 255.255.255.240
access-group input ANY
access-group output ANY
service-policy input icmp
service-policy input SLB-VIP-HTTP
no shutdown
interface vlan 22
description ### ACE INSIDE Gateway for Web-servers ###
ip address 219.222.4.177 255.255.255.240
access-group input ANY
access-group output ANY
service-policy input icmp
no shutdown
ip route 0.0.0.0 0.0.0.0 219.222.4.161
ACE-1/CO-WEB1#
as seen in "show conn" the sessions is established, first when i enter site, and go to payment (jumping over to SSL):
ACE-1/CO-WEB1# show conn
total current connections : 4
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
4 1 in TCP 21 219.222.0.2:49972 219.222.4.178:443 ESTAB
14 1 out TCP 22 219.222.4.185:443 219.222.0.2:49972 ESTAB
11 2 in TCP 21 219.222.0.2:49923 219.222.4.178:80 ESTAB
3 2 out TCP 22 219.222.4.185:80 219.222.0.2:49923 ESTAB
ACE-1/CO-WEB1#

Hello Krille
i had the same problem.
The HTT Probe you define will do a check if
the return code is
expect status 200 200
expect status 300 323
Now if a user is accessing the hppts site, in the flow there will be an expect status like 404, the ACE now is not establish an sticky connection, cause it think that the flow is not ok.
The only output after ther Certificates is a blank site.
If you change the Probing to ICMP you will be able to access the https site and the connection is sticky. With a litte tool like IE Watch you will be able to see the wrong Status codes.
regards
eberhard

SSL & URL Problem

I have a customer who requires client access to specific SSL / https content on different servers using different TCP port numbers.
Using standard http we used the 'url' command in the content rules as follows:
url "/scripts/wgate/webgui_TST*"
However, when we try this in a content rule using SSL it doesn't work as (I presume) the SSL Hello never gets responded to.
I have seen a few messages already posted highlighting this problem.. Does anyone have any suggestions on workaround options..? Is there a way to redirect SSL / https traffic.?
My contnent rule for standard http looks as follows:
content standard-http
add service sss02-83
add service sss03-83
vip address xxx.xxx.xxx.xxx
balance aca
protocol tcp
port 80
url "/scrs/wate/webgui_STS*"
advanced-balance arrowpoint-cookie
active
I need to do the same but using SSL..
Any help would be appreciated.
Cheers....J Pepper
EDS

Steve,
Thanks for the reply.
We did come up with a workaround using the 'redirect' command in the main http Contnet Rules. This 'redirected' user traffic to a different url which in turn pointed at a Contnet Rule / VIP configured for SSL. This means users only ever had to remember specific business http url's
An extract from our test config is shown below. It seems to work ok. Do you see this as a valid configuration.?
content abc-http
vip address 192.168.1.100
balance aca
protocol tcp
port 80
url "/scs/ate/gui_TST*"
advanced-balance arrowpoint-cookie
redirect "https://wwwtst.tst.zero.com/scs/ate/gui_TST/!"
active
content ssl-abc
add service ssl-as02-ts-port-1443
add service ssl-as03-ts-port-1443
advanced-balance ssl
application ssl
balance aca
vip address 192.168.1.101
protocol tcp
port 443
url "/*"
active
Cheers...John

2 way ssl config in WLS 8.1

Problem: Server(any web app runing on WLS 8.1 SP2 on win2000) need to authenticate
clients(browser) without prompting for userid & passwords just through digital
certificate. With out writing any programming in deployed Java app . Only through
server side config can be done.
Soluton : We are trying to use the 2-way ssl in WLS 8.1 SP2 running on win2000.
To begin with development, we are just using the Demo cert. This is being tested
on same machine both client and server. This works perfectly fine for 1-way ssl
no need to do any config. To extend this config for 2-way.
I need a one more digital cert for client.
I create the client digital cert/private key using Cert Gen utility.
Now the confusing part how to add this to Server Trust key store.
There are no proper doc on how to continue further.
Different places say different things to do.
If any one can provide some example steps how to do it will be great.
Thanks in advance.
--Prav

Did you use the Demo CA to issue the new certificate (CertGen uses it by default)?
Then you do not need to do anything. The CA certificate already exists in the
DemoTrust.jks.
Otherwise you can use keytool to import trusted certificate into a keystore. See
this page for more info: http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1178523
Pavel.
"prav" <[email protected]> wrote:
>
Problem: Server(any web app runing on WLS 8.1 SP2 on win2000) need to
authenticate
clients(browser) without prompting for userid & passwords just through
digital
certificate. With out writing any programming in deployed Java app .
Only through
server side config can be done.
Soluton : We are trying to use the 2-way ssl in WLS 8.1 SP2 running on
win2000.
To begin with development, we are just using the Demo cert. This is being
tested
on same machine both client and server. This works perfectly fine for
1-way ssl
no need to do any config. To extend this config for 2-way.
I need a one more digital cert for client.
I create the client digital cert/private key using Cert Gen utility.
Now the confusing part how to add this to Server Trust key store.
There are no proper doc on how to continue further.
Different places say different things to do.
If any one can provide some example steps how to do it will be great.
Thanks in advance.
--Prav

Cisco ASA 5505 AnyConnect SSL VPN problem

Hi!
I have a small network, wiht ASA 5505, 8.4:
Inside network: 192.168.2.0/24
Outside: Static IP
I would like to deploy a SSL AnyConnect setup.
The state:
-I give the correct IP from my predefined VPN pool (10.10.10.0/24).
But, could not reach any resource, could not ping too. My host has given 10.10.10.1 IP, and I had a GW: 10.10.10.2. Where is this GW from?
Could you help me?
Here is my config (I omitted my PUBLIC IP, and GW):
Result of the command: "show running-config"
: Saved
ASA Version 8.4(4)1
hostname valamiASA
domain-name valami.local
enable password OeyyCrIqfUEmzen8 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 12
interface Vlan1
description LAN
no forward interface Vlan12
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
description WAN
nameif outside
security-level 0
ip address MY_STATIC_IP 255.255.255.248
interface Vlan12
description Vendegeknek a valamiHotSpot WiFi-hez
nameif guest
security-level 100
ip address 192.168.4.1 255.255.255.0
management-only
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup guest
dns server-group DefaultDNS
name-server 62.112.192.4
name-server 195.70.35.66
domain-name valami.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-net
subnet 192.168.2.0 255.255.255.0
object network guest-net
subnet 192.168.3.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.128_25
subnet 192.168.2.128 255.255.255.128
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
ip local pool valami_vpn_pool 10.10.10.1-10.10.10.10 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
object network inside-net
nat (inside,outside) dynamic interface
object network guest-net
nat (guest,outside) dynamic interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 MY_STATIC_GW 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa local authentication attempts max-fail 16
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable inside
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_valami_VPN internal
group-policy GroupPolicy_valami_VPN attributes
wins-server value 192.168.2.2
dns-server value 192.168.2.2
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
default-domain value valami.local
webvpn
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask enable default anyconnect timeout 30
customization none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group valami_VPN type remote-access
tunnel-group valami_VPN general-attributes
address-pool valami_vpn_pool
default-group-policy GroupPolicy_valami_VPN
tunnel-group valami_VPN webvpn-attributes
group-alias valami_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:d54de340bb6794d90a9ee52c69044753
: end

First of all thanks your link.
I know your notes, but i don't understand 1 thing:
if i check nat exemption in the anyconnect wizad, why should i make nat exemption rule?
A tried creating a roule, but it is wrong.
My steps (on ASDM):
1: create network object (10.10.10.0/24), named VPN
2: create nat rule: source any, destination VPN, protocol any
Here is my config:
Result of the command: "show running-config"
: Saved
ASA Version 8.4(4)1
hostname companyASA
domain-name company.local
enable password OeyyCrIqfUEmzen8 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 12
interface Vlan1
description LAN
no forward interface Vlan12
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
description WAN
nameif outside
security-level 0
ip address 77.111.103.106 255.255.255.248
interface Vlan12
description Vendegeknek a companyHotSpot WiFi-hez
nameif guest
security-level 100
ip address 192.168.4.1 255.255.255.0
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup guest
dns server-group DefaultDNS
name-server 62.112.192.4
name-server 195.70.35.66
domain-name company.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-net
subnet 192.168.2.0 255.255.255.0
object network guest-net
subnet 192.168.3.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.128_25
subnet 192.168.2.128 255.255.255.128
object network WEBSHOP
host 192.168.2.2
object network INSIDE_HOST
host 10.100.130.5
object network VOIP_management
host 192.168.2.215
object network Dev_1
host 192.168.2.2
object network Dev_2
host 192.168.2.2
object network RDP
host 192.168.2.2
object network Mediasa
host 192.168.2.17
object network VOIP_ePhone
host 192.168.2.215
object network NETWORK_OBJ_192.168.4.0_28
subnet 192.168.4.0 255.255.255.240
object network NETWORK_OBJ_10.10.10.8_29
subnet 10.10.10.8 255.255.255.248
object network VPN
subnet 10.10.10.0 255.255.255.0
object network VPN-internet
subnet 10.10.10.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
ip local pool company_vpn_pool 10.10.10.10-10.10.10.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (any,any) source static any any destination static VPN VPN
nat (inside,outside) source static inside-net inside-net destination static VPN VPN
object network inside-net
nat (inside,outside) dynamic interface
object network guest-net
nat (guest,outside) dynamic interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 77.111.103.105 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa local authentication attempts max-fail 16
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable inside
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_company_VPN internal
group-policy GroupPolicy_company_VPN attributes
wins-server value 192.168.2.2
dns-server value 192.168.2.2
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelall
default-domain value company.local
webvpn
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask enable default anyconnect timeout 30
customization none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
group-policy GroupPolicy_VPN internal
group-policy GroupPolicy_VPN attributes
wins-server none
dns-server value 62.112.192.4 195.70.35.66
vpn-tunnel-protocol ssl-client
default-domain value company.local
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group company_VPN type remote-access
tunnel-group company_VPN general-attributes
address-pool company_vpn_pool
default-group-policy GroupPolicy_company_VPN
tunnel-group company_VPN webvpn-attributes
group-alias company_VPN enable
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool company_vpn_pool
default-group-policy GroupPolicy_VPN
tunnel-group VPN webvpn-attributes
group-alias VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:33ee37a3722f228f9be9b84ef43f731e
: end
Could you give me a CLI-code?
(or ASDM steps).

IOS SSL VPN problem

I am implementing a SSL VPN with IOS version 12.4(13r)T5 on a 2801 but when I try to connect to the tunnel mode with the latest svc (anyconnect-win-2.2.0133-web-deploy-k9.exe) with https://1.2.3.4/tunnel the ssl vpn client can't connect.
The error on the router is:
Jun 5 16:07:55.755: WV: Appl. processing Failed : 2
Jun 5 16:07:55.755: WV: server side not ready to send.
The following is the configuration:
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group vpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context vpn1
ssl authenticate verify all
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
policy group vpn1
url-list "eng"
default-group-policy vpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context vpn2
ssl authenticate verify all
policy group vpn2tunnel
functions svc-enabled
svc address-pool "WEBVPN"
svc split include 10.0.0.2 255.255.255.255
default-group-policy vpn2tunnel
gateway ISR2801-RM domain tunnel
inservice

Thanks for the reply !!!!
the configation is the following:
interface Ethernet 0
ip address 10.0.0.128 255.255.255.0
ip http secure-server
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group policy-sslvpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
ssl encryption aes-sha1
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context context-sslvpn1
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn1/
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
nbns-list cifs-servers
nbns-server 172.16.1.1 master
nbns-server 172.16.2.2 timeout 10 retries 5
nbns-server 172.16.3.3 timeout 10 retries 5
login-message "UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access this device. All activities performed on
this device are logged and violations of this policy may result in disciplinary action."
port-forward "portlist"
local-port 30019 remote-server ssh-server remote-port 22 description SSH
local-port 30020 remote-server mailserver remote-port 143 description IMAP
local-port 30021 remote-server mailserver remote-port 110 description POP3
local-port 30022 remote-server mailserver remote-port 25 description SMTP
policy group policy-sslvpn1
url-list "eng"
port-forward "portlist"
nbns-list "cifs-servers"
functions file-access
functions file-browse
functions file-entry
citrix enabled
default-group-policy policy-sslvpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context context-sslvpn2
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn2/
policy group policy-sslvpn2
functions svc-enabled
svc address-pool "WEBVPN"
svc keep-client-installed
svc dpd-interval gateway 30
svc dpd-interval client 300
svc rekey method new-tunnel
svc rekey time 3600
svc split include 10.0.0.0 255.255.255.0
svc default-domain cisco.com
svc dns-server primary 192.168.3.1
svc dns-server secondary 192.168.4.1
default-group-policy policy-sslvpn2
gateway ISR2801-RM domain tunnel
inservice
ISR2801-RM#show webvpn install status svc
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+
2,2,0133
Mon 05/19/2008 12:58:52.34 v
ISR2801-RM#
WHEN I TRY TO CONNECT TO THE SSL CONTEXT 2 with a client
https://1.2.3.4/tunnel
* the ssl client installed on the pc tell me can't connect.
* on the router the log:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283: WV: Entering APPL with Context: 0x6AA85130,
Data buffer(buffer: 0x6C4B4280, data: 0xF5C043D8, len: 560,
offset: 0, domain: 0)
Jun 6 10:28:08.283: CONNECT /CSCOSSLC/tunnel HTTP/1.1
Jun 6 10:28:08.283: Host: host4-234-static.105-80-b.business.telecomitalia.it
Jun 6 10:28:08.283: User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0133
Jun 6 10:28:08.283: Cookie: webvpn=00@1566900393@00025@3421729574@3982902438@context-sslvpn2
Jun 6 10:28:08.287: X-CSTP-Version: 1
Jun 6 10:28:08.287: X-CSTP-Hostname: telefonicadata
Jun 6 10:28:08.287: X-CSTP-Accept-Encoding: deflate;q=1.0
Jun 6 10:28:08.287: X-CSTP-MTU: 1406
Jun 6 10:28:08.287: X-CSTP-Address-Type: IPv6,IPv4
Jun 6 10:28:08.287: X-DTLS-Master-Secret: 27EA2210E377A9E039E458FA604F523C69BEB2BF8D9B40334F72C9F424B83EE26C6D5D57D0F84419DC7A1139D3F08EE9
Jun 6 10:28:08.287: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
Jun 6 10:28:08.287:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291: WV: Appl. processing Failed : 2
Jun 6 10:28:08.291: WV: server side not ready to send.
SSLVPN sock pid 182 sid 161: closing

[SOLVED]Xorg.conf, mouse config problem

The Rapoo M765 mouse can not work properly under normal mouse configuration.
The mouse goes beyond controll when config as below:
hacksign@XSign [14:13:13] : ~
>> cat /etc/X11/xorg.conf.d/50-mouse-acceleration.conf
#Section "InputClass"
# Identifier "Mouse2"
# MatchProduct "RAPOO RAPOO 2.4G Remote Mouse"
# MatchIsPointer "yes"
# MatchDevicePath "/dev/input/event*"
# Driver "mouse"
# Option "Protocol" "auto"
# Option "Emulate3Buttons" "no"
# Option "Buttons" "7"
# Option "ButtonMapping" "1 2 3 6 7"
#EndSection
When there is no any configuration, the mouse can work abnormally. Movement and right/left click work fine, but I can not use scroll wheel,and the "go forward"&"go backward" mouse key can not work too.
(I know Option "ZAxisMapping" "4 5" is the configuration of scroll wheel emulation.)
The real problem is 'mouse beyond controll',the cursor goes crazyly on screen ....
I guess it is something wrong of ButtonMapping option. But when I tried to get button number from command xev,when scroll wheel scrolles, I get something below(the scroll wheel movement is identified as a key event~):
//left click
ButtonPress event, serial 34, synthetic NO, window 0x4a00001,
root 0x264, subw 0x0, time 3766452, (135,143), root:(2287,595),
state 0x0, button 1, same_screen YES
ButtonRelease event, serial 34, synthetic NO, window 0x4a00001,
root 0x264, subw 0x0, time 3766588, (135,143), root:(2287,595),
state 0x100, button 1, same_screen YES
//right click
ButtonPress event, serial 34, synthetic NO, window 0x4a00001,
root 0x264, subw 0x0, time 3767716, (135,143), root:(2287,595),
state 0x0, button 3, same_screen YES
ButtonRelease event, serial 34, synthetic NO, window 0x4a00001,
root 0x264, subw 0x0, time 3767852, (135,143), root:(2287,595),
state 0x400, button 3, same_screen YES
//mouse scroll, identified as keyboard event(?)
KeyRelease event, serial 34, synthetic NO, window 0x4a00001,
root 0x264, subw 0x0, time 3769332, (135,143), root:(2287,595),
state 0x0, keycode 123 (keysym 0x1008ff13, XF86AudioRaiseVolume), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
KeyPress event, serial 34, synthetic NO, window 0x4a00001,
root 0x264, subw 0x0, time 3769332, (135,143), root:(2287,595),
state 0x0, keycode 122 (keysym 0x1008ff11, XF86AudioLowerVolume), same_screen YES,
XLookupString gives 0 bytes:
XmbLookupString gives 0 bytes:
XFilterEvent returns: False
here is some Information(I dont know why the mouse is identified as 'type:KEYBOARD'):
hacksign@XSign [14:55:03] : ~
>> xinput
⎡ Virtual core pointer id=2 [master pointer (3)]
⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)]
⎜ ↳ RAPOO RAPOO 2.4G Remote Mouse id=13 [slave pointer (2)]
⎜ ↳ SynPS/2 Synaptics TouchPad id=15 [slave pointer (2)]
⎜ ↳ TPPS/2 IBM TrackPoint id=16 [slave pointer (2)]
⎣ Virtual core keyboard id=3 [master keyboard (2)]
↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)]
↳ Power Button id=6 [slave keyboard (3)]
↳ Video Bus id=7 [slave keyboard (3)]
↳ Sleep Button id=8 [slave keyboard (3)]
↳ Heng Yu Technology Poker Pro S id=9 [slave keyboard (3)]
↳ Heng Yu Technology Poker Pro S id=10 [slave keyboard (3)]
↳ Integrated Camera id=11 [slave keyboard (3)]
↳ RAPOO RAPOO 2.4G Remote Mouse id=12 [slave keyboard (3)]
↳ AT Translated Set 2 keyboard id=14 [slave keyboard (3)]
↳ ThinkPad Extra Buttons id=17 [slave keyboard (3)]
hacksign@XSign [14:55:06] : ~
>> xinput list-props 13
Device 'RAPOO RAPOO 2.4G Remote Mouse':
Device Enabled (142): 1
Coordinate Transformation Matrix (144): 1.000000, 0.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000, 0.000000, 1.000000
Device Accel Profile (270): 0
Device Accel Constant Deceleration (271): 1.000000
Device Accel Adaptive Deceleration (272): 1.000000
Device Accel Velocity Scaling (273): 10.000000
Device Product ID (260): 9390, 8192
Device Node (261): "/dev/input/event8"
Evdev Axis Inversion (274): 0, 0
Evdev Axes Swap (276): 0
Axis Labels (277): "Rel X" (152), "Rel Y" (153), "Rel Horiz Wheel" (267), "Rel Dial" (268), "Rel Vert Wheel" (269)
Button Labels (278): "Button Left" (145), "Button Middle" (146), "Button Right" (147), "Button Wheel Up" (148), "Button Wheel Down" (149), "Button Horiz Wheel Left" (150), "Button Horiz Wheel Right" (151), "Button Side" (265), "Button Extra" (266), "Button Unknown" (263), "Button Unknown" (263), "Button Unknown" (263), "Button Unknown" (263)
Evdev Scrolling Distance (279): 1, 1, 1
Evdev Middle Button Emulation (280): 0
Evdev Middle Button Timeout (281): 50
Evdev Third Button Emulation (282): 0
Evdev Third Button Emulation Timeout (283): 1000
Evdev Third Button Emulation Button (284): 3
Evdev Third Button Emulation Threshold (285): 20
Evdev Wheel Emulation (286): 0
Evdev Wheel Emulation Axes (287): 0, 0, 4, 5
Evdev Wheel Emulation Inertia (288): 10
Evdev Wheel Emulation Timeout (289): 200
Evdev Wheel Emulation Button (290): 4
Evdev Drag Lock Buttons (291): 0
hacksign@XSign [14:55:14] : ~
>> grep -i rapoo /var/log/Xorg.0.log
[ 29.102] (II) config/udev: Adding input device RAPOO RAPOO 2.4G Remote Mouse (/dev/input/event7)
[ 29.102] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "evdev keyboard catchall"
[ 29.102] (II) Using input driver 'evdev' for 'RAPOO RAPOO 2.4G Remote Mouse'
[ 29.102] (**) RAPOO RAPOO 2.4G Remote Mouse: always reports core events
[ 29.102] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: Device: "/dev/input/event7"
[ 29.102] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Vendor 0x24ae Product 0x2000
[ 29.102] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found keys
[ 29.102] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Configuring as keyboard
[ 29.102] (II) XINPUT: Adding extended input device "RAPOO RAPOO 2.4G Remote Mouse" (type: KEYBOARD, id 12)
[ 29.103] (II) config/udev: Adding input device RAPOO RAPOO 2.4G Remote Mouse (/dev/input/event8)
[ 29.103] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "evdev pointer catchall"
[ 29.103] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "evdev keyboard catchall"
[ 29.103] (II) Using input driver 'evdev' for 'RAPOO RAPOO 2.4G Remote Mouse'
[ 29.103] (**) RAPOO RAPOO 2.4G Remote Mouse: always reports core events
[ 29.103] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: Device: "/dev/input/event8"
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Vendor 0x24ae Product 0x2000
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found 9 mouse buttons
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found scroll wheel(s)
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found relative axes
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found x and y relative axes
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found absolute axes
[ 29.103] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Forcing absolute x/y axes to exist.
[ 29.103] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found keys
[ 29.103] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Configuring as mouse
[ 29.103] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Configuring as keyboard
[ 29.103] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Adding scrollwheel support
[ 29.103] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: YAxisMapping: buttons 4 and 5
[ 29.103] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
[ 29.103] (II) XINPUT: Adding extended input device "RAPOO RAPOO 2.4G Remote Mouse" (type: KEYBOARD, id 13)
[ 29.104] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: initialized for relative axes.
[ 29.104] (WW) evdev: RAPOO RAPOO 2.4G Remote Mouse: ignoring absolute axes.
[ 29.104] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) keeping acceleration scheme 1
[ 29.104] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) acceleration profile 0
[ 29.104] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) acceleration factor: 2.000
[ 29.104] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) acceleration threshold: 4
[ 29.104] (II) config/udev: Adding input device RAPOO RAPOO 2.4G Remote Mouse (/dev/input/mouse0)
hacksign@XSign [14:59:47] : ~
>> yaourt -Q|grep -i 'input-'
local/xf86-input-evdev-trackpoint 2.9.1-1
extra/xf86-input-keyboard 1.8.0-3 (xorg-drivers xorg)
extra/xf86-input-mouse 1.9.1-1 (xorg-drivers xorg)
extra/xf86-input-synaptics 1.8.1-1 (xorg-drivers xorg)
Last edited by Hacksign (2015-01-14 02:22:51)

Thanks for reply !
change Driver 'mouse' to Driver 'evdev',solved cursor goes beyond controll problem.
but I still can not use scroll button and 'go forward'&'go backward' button.
(BTW:evdev_drv.so is from local/xf86-input-evdev-trackpoint, and local/xf86-input-evdev-trackpoint package is from AUR)
I think, maybe something wrong with my button number mapping, but I still can not get scroll button number with 'xev' command....
below is my configuration:
hacksign@XSign [17:15:19] : /var/log
>> cat /etc/X11/xorg.conf.d/50-mouse-acceleration.conf
Section "InputClass"
Identifier "Mouse2"
MatchProduct "RAPOO RAPOO 2.4G Remote Mouse"
MatchIsPointer "yes"
MatchDevicePath "/dev/input/event*"
Driver "evdev"
Option "Protocol" "auto"
Option "Emulate3Buttons" "no"
Option "ZAxisMapping" "4 5"
Option "Buttons" "9"
Option "ButtonMapping" "1 2 3 6 7 8 9 4 5"
EndSection
and here is Xorg.0.log
[ 11357.287] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "evdev keyboard catchall"
[ 11357.287] (II) Using input driver 'evdev' for 'RAPOO RAPOO 2.4G Remote Mouse'
[ 11357.287] (**) RAPOO RAPOO 2.4G Remote Mouse: always reports core events
[ 11357.287] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: Device: "/dev/input/event7"
[ 11357.287] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Vendor 0x24ae Product 0x2000
[ 11357.287] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found keys
[ 11357.287] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Configuring as keyboard
[ 11357.287] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0/0003:24AE:2000.0003/input/input8/event7"
[ 11357.288] (II) XINPUT: Adding extended input device "RAPOO RAPOO 2.4G Remote Mouse" (type: KEYBOARD, id 12)
[ 11357.288] (**) Option "xkb_rules" "evdev"
[ 11357.288] (**) Option "xkb_model" "pc104"
[ 11357.288] (**) Option "xkb_layout" "us"
[ 11357.288] (II) config/udev: Adding input device RAPOO RAPOO 2.4G Remote Mouse (/dev/input/event8)
[ 11357.288] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "evdev pointer catchall"
[ 11357.288] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "evdev keyboard catchall"
[ 11357.288] (**) RAPOO RAPOO 2.4G Remote Mouse: Applying InputClass "Mouse2"
[ 11357.288] (II) Using input driver 'evdev' for 'RAPOO RAPOO 2.4G Remote Mouse'
[ 11357.288] (**) RAPOO RAPOO 2.4G Remote Mouse: always reports core events
[ 11357.288] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: Device: "/dev/input/event8"
[ 11357.288] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: ButtonMapping '1 2 3 6 7 8 9 4 5'
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Vendor 0x24ae Product 0x2000
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found 9 mouse buttons
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found scroll wheel(s)
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found relative axes
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found x and y relative axes
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found absolute axes
[ 11357.288] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Forcing absolute x/y axes to exist.
[ 11357.288] (--) evdev: RAPOO RAPOO 2.4G Remote Mouse: Found keys
[ 11357.288] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Configuring as mouse
[ 11357.288] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Configuring as keyboard
[ 11357.288] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: Adding scrollwheel support
[ 11357.288] (**) Option "Emulate3Buttons" "no"
[ 11357.288] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: YAxisMapping: buttons 4 and 5
[ 11357.288] (**) evdev: RAPOO RAPOO 2.4G Remote Mouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
[ 11357.288] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.1/0003:24AE:2000.0004/input/input9/event8"
[ 11357.288] (II) XINPUT: Adding extended input device "RAPOO RAPOO 2.4G Remote Mouse" (type: KEYBOARD, id 13)
[ 11357.288] (**) Option "xkb_rules" "evdev"
[ 11357.288] (**) Option "xkb_model" "pc104"
[ 11357.288] (**) Option "xkb_layout" "us"
[ 11357.288] (II) evdev: RAPOO RAPOO 2.4G Remote Mouse: initialized for relative axes.
[ 11357.288] (WW) evdev: RAPOO RAPOO 2.4G Remote Mouse: ignoring absolute axes.
[ 11357.289] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) keeping acceleration scheme 1
[ 11357.289] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) acceleration profile 0
[ 11357.289] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) acceleration factor: 2.000
[ 11357.289] (**) RAPOO RAPOO 2.4G Remote Mouse: (accel) acceleration threshold: 4
[ 11357.289] (II) config/udev: Adding input device RAPOO RAPOO 2.4G Remote Mouse (/dev/input/mouse0)
[ 11357.289] (II) No input driver specified, ignoring this device.
[ 11357.289] (II) This device may have been added with another device file.
olive wrote:In the config file you mentioned, all is commented; do you mean that you have problems when you have uncommented it? You should not use the mouse driver (old deprecated driver) but evdev. Try to remove xf86-input-mouse and xf86-input-keyboard (same as before, this is deprecated and handled by evdev) and remove also a "joystick" driver if you have it (I have had problem with it conflicting with the evdev driver).
Last edited by Hacksign (2015-01-13 09:27:06)

FTP/SSL Connection Problem for FTP Receiver Adapter

Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant Rajani

Hello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to "FTPs( FTP Using SSL/TLS) with Control Connection" only, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to "FTPs( FTP Using SSL/TLS) with Control and Data Connection", we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as"FTPs( FTP Using SSL/TLS) with Control and Data Connection" :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> 250 CWD successful. "/payment" is current directory.- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> 227 Entering Passive Mode (10,27,7,103,15,63)- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> 150 Connection accepted
- test (10.18.106.34)> Data connection SSL warning: SSL3 alert read: fatal: bad certificate
- test (10.18.106.34)> Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A- test (10.18.106.34)> Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate- test (10.18.106.34)> Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure- test (10.18.106.34)> 426 Connection closed; transfer aborted.- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant

SSL reading problem in server-side

Hi guys,
I have a problem in my server implemetation with SSL Server Socket. I have created a server socket with a specfic port and bind address. Whenever a client connecfed, i grap its inputstream and starts to read as bytes. There is no problem to open server socket and certifacate authorization, and also a client successfully connects to server. But when client writes some data to its connected socket, server cannot read anything. Server throws no exception and there is no problem in writing. But the available bytes in inputstream is always 0. When i replace SSL socket with normal socket, everything is ok, server can read everything. I confused very much. since i have no concrete exception and stack trace, I know it is hard to explain and get help about my problem. I have added some parts from my code.
Could you make any suggestions?
Listening and connection part
ServerSocketFactory socketFactory = SSLServerSocketFactory.getDefault();
socket = socketFactory.createServerSocket(port,backLog,bindAddress);
Socket clientSocket = socket.accept();
in = new BufferedInputStream(clientSocket .getInputStream());Reading part
 while (continueRunning){
 try {
 Thread.sleep(1);
 if(in.available()<1){
 System.err.println(in.available());
 continue;
 MessageDecoder decoder= new MessageDecoder();
 Message msg = decoder.decode(in);
 if(msg == null){
 System.out.println("Decoded message is null");
 continue;
 handler.messageReceived(msg);
 } catch (IOException e) {
 e.printStackTrace();
 continueRunning=false;
 try {
 clientSocket.close();
 } catch (IOException e1) {
 e1.printStackTrace();
 } catch (InterruptedException e) {
 continueRunning=false;
 e.printStackTrace();
 try {
 clientSocket.close();
 } catch (IOException e1) {
 // TODO Auto-generated catch block
 e1.printStackTrace();
 }

I process bytes whenever they are available in the
stream, thus i use available() for checking wheter
there is any bytes to decode.You are looping and sleeping and calling available(). What's the point? As you have nothing else to do in the loop except sleep according to the above code, the whole sleep/available business is still a waste of time. Why not just read()? You are also burning a lot of CPU cycles for nothing.
The problem is there is no data in the stream althogh client seems write some data. The problem is that regardless of whether there is data in the stream or not, SSLSocket.getInputStream().available() always returns zero. It always does this, and so you cannot use it for the purpose you intend.
This is no loss, as the purpose you intend adds no value to just doing a read(). Try it and see.
I discover the debugging utilities of JSSE and make
some debugs. I find that client is blocked on its
socket when it tries to write stream. I am not using
nio, so my sockets are blocking but i cannot find any
reasonable explanation for this SSL write blocking on
socket.The 'reasonable explanation' is that the peer is never reading, so its socket receive buffer is full, so the writer's send buffer eventually fills too, at which point the writer is blocked.
When i change my implementation and used
non-SSL socket, everything is ok and there is no
blocking.That's because Socket.getInputStream().available() returns positive numbers whereas SSLSocket.getInputStream.available() always returns zero.
Is there anyone who knows something about some kind
of SSL blocking?There is.

CSS SSL renewal problem

While renewing the ssl certification in CSS everything went fine while installation but after that when i checked with the following command
sh ssl associate rsakey | grep url(dont want to mention name)
i can see the previous as well as the new both key as associated and says yes
while the new should show yes and old should be no
same it is showing for cert
can anyone help me to sort out with this problem what it can be
Thanks in advance

Sagar,
Have you performed the "no ssl associate rsakey" and the "no ssl associate cert"?
After that, perform the "clear ssl file " and "clear ssl file rsakey "
HTH
Dave

Node Manager unable to start managed Server. SSL Handshake problem

I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command start for server wecarebeadev via the Node Manager - reason: [CommandInvoker: Failed to send command: 'online to server 'wecarebeadev' to NodeManager at host: 'localhost:5555' with exception Write Channel Closed, possible SSL handshaking or trust failure. Please ensure that the NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name Verification Ignored is checked for MS.

Hi Ajay,
This happens when the SSL communication between the admin and the node
manager fails. The SSL configuration of the admin server or the node
manager is the problem.
cheers,
gaurav.
On 30 Jun 2003 12:19:49 -0700, Ajay Kulkarni <[email protected]> wrote:
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command
start for server wecarebeadev via the Node Manager - reason:
[CommandInvoker: Failed to send command: 'online to server 'wecarebeadev'
to NodeManager at host: 'localhost:5555' with exception Write Channel
Closed, possible SSL handshaking or trust failure. Please ensure that the
NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on
the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name
Verification Ignored is checked for MS.
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

SSL Config problem

Similar Messages

Maybe you are looking for