Static (outside , inside)
Hi All,
I want to achieve the below scenario with static NAT.
1. I have a firewall which is having two legs ( inside and outside). As usual inside security is 100 and outside is 0.
We have done a PAT for all the inside networks to access the outside network. Now the requirement is i have server in outside network which should be accessed by the inside network with a help inside ip address itself ( mapping the server to a free inside ip address and all the inside hosts will connect to the inside ip which intun communicates the outside ip address)
We tried to achieve the above using static (outside,inside ) command , but somewhat we are unable to communicate.
We created ACL as permint ip any any and applied on the both the interface. Proper route has been added in the Firewall to the ouside network and also we added route in the Outside network L3 Switch for the firewall inside network.
Please help us !!!
Attached a sample diagram ...
Regards,
Gan.
To initiate a connection from the outside to inside, firstly you would need a static NAT statement for your inside host.
So if the inside host is 10.10.10.183, this host needs to be statically NATed first (dynamic PAT won't work because that only works for outbound connection).
So static NAT for the inside host as follows:
If you don't want to NAT, then:
static (inside,outside) 10.10.10.183 10.10.10.183 netmask 255.255.255.255
If you want to NAT, then:
static (inside,outside) x.x.x.x 10.10.10.183 netmask 255.255.255.255
Then to actually NAT the outside host to an inside address:
static (outside,inside) 10.10.10.10 172.10.10.10 netmask 255.255.255.255
Then "clear xlate" and test it.
Hope that helps.
Similar Messages
-
Reason for not allowing static declarations inside an inner class
Is the reason for not allowing static declarations inside an inner class is due to the fact that it can never be accessed at a class level as the outer class has to create an instance of the inner class and any attributes/methods of the inner class has to be accessed through that.
Typically, an instance (non-static) variable can never be accessed in a statement or expression inside a static context but the class variable can be accessed inside a non-static context. Given this, shouldnt the static declarations be allowed inside an inner class?
Correct me if my understanding is wrong.
ThanksI still couldnt get it clearly. Why i cant i have a static value ( variable ) for all the instances of the inner class irrespective of its enclosing instances of it ( i.e outer class instances). Say in this example below,
class Outer
static int i = 0;
public Inner inner = new Inner();
class Inner // inner class ( non-static nested class )
int j = 0;
static final int k = 2; // compile time constants are allowed
// ininner class
public void m1()
j++;
System.out.println("j is " + j);
i++
System.out.println("i is " + i);
public static void main(String[] arg)
Outer outer1 = new Outer();
outer1.inner.m1(); // j will be 1 & i will be 1
Outer outer2 = new Outer();
outer2.inner.m1() // j will be 1 again & i will be 2. But I would
// want j to be 2. Why is this not allowed?
Looks like something missing.. -
What is the purpose of Static methods inside a class?
Hi,
What is the purpose of Static methods inside a class?
I want the answers apart from "A static method does not require instance of class(to access) and it can directly be accessed by the class name itself"
My question is what is the exact purpose of a static method ?
Unlike attributes, a separate copy of instance attributes will be created for each instance of a class where as only one copy of static attributes will be created for all instances.
Will a separate copy of instance method be created for each instance of a class and only one copy of static methods be create?
Points will be rewarded for all helpful answers.Hi Sharma,
Static methods is used to access statics attributes of a class. We use static attributes when we want to share the same attribute with all instances of a class, in this case if you chage this attribute through the instance A this change will change will be reflected in instance B, C........etc.
I think that your question is correct -> a separate copy of instance method will be created for each instance of a class and only one copy of static methods be create ?
"A static method does not require instance of class(to access) and it can directly be accessed by the class name itself"
Static Method: call method class=>method.
Instance Method: call method instance->method.
Take a look at this wiki pages.
[https://wiki.sdn.sap.com/wiki/x/o5k]
[https://wiki.sdn.sap.com/wiki/x/ZtM]
Best regards.
Marcelo Ramos -
hi
I'm reviewing the situation next three traffic zones outside, inside, DMZ,
service-policy xxxx-policy interface outside
service-policy xxxx-policy interface inside
service-policy xxxx-policy interface dmz_stgo
and I need to lower the level of examination but only in one area, which is the area inside,
such outside high-DMZ
DMZ-outside high
inside low-DMZPlease give us some additional detail on whatyou mean by "lower the level of examination" on one of your interfaces. Did you want to apply a subset of the signatures? (then you'd go down the virtual sensor path) Or, did you want to filter the IP addresses/port reaching the sensor on that interface? (then you'd adjust the class-map ACL)
-
IDSM should protect serverfarm on FWSM form outside/inside threats
Hi all,
We have 6509 with FWSM and IDSM.All vlans (servers,voice,users etc) are homed directly on the FWSM.We need to protect the serverfarm vlan from attacks originating from both inside and outside. All traffic comming from outside and headed for the servers as well as traffic from user vlans needs to be intercepted.So i am planning to put IDSM in inline vlan pair mode.Also i want the internet traffic first to hit fwsm and then idsm.
Single digit vlan exist on MSFC, double digit vlans pushed to FWSM. Bridging done by IDSM
MSFC
vlan 2
name SERVER-IDSM
vlan 3
name INTERNET-IDSM
vlan 4
name USER-IDSM
vlan 22
name SERVER-FWSM
vlan 33
name INTERNET-FWSM
vlan 44
name USER-FWSM
intrusion-detection module 4 data-port 1 trunk allowed-vlan 3,4
// Here vlan 3 (Internet) goes into IDSM and then FWSM. But i want traffic from internet to go to FWSM and then IDSM
interface g2/3
switchport
switchport mode access
switchport access vlan 3
description INTERNET
IDSM
conf t
service interface
physical-interfaces g0/2
admin-state enabled
description INTERNET
duplex full
speed 1000
subinterface-type inline-vlan-pair
subinterface 1
vlan1 4 //bridging
vlan2 44
description INSPECT-USER-TRAFFIC
subinterface 2
vlan1 3 //briding
vlan 33
description INSTECT-INTERNET-TRAFFIC
service analysis-engine
virtual-sensor
physical-interface g0/2 subinterface-number 1
physical-interface g0/2 subinterface-number 2
My primary aim is :-
1) All user traffic should first go to FWSM and then to IDSM and then if OK to servers
2) All internet traffic (from outside) headed to servers should first go to FWSM and then IDSM and then if OK to servers
How can this be achieved? I think the configuration posted above places IDSM in front of FWSM which is opposite of what i want
Regards.
Sonu,By deploying the FWSM in front of the server farm, security is provided both to and from the server farm and between each server farm tier. I think the config you have provided will work.
-
How to trace static functions inside binary?
Hello Everybody
Is it possible to trace all statically linked functions inside some application with DTrace?
Here is an explanation. I have an application with source code like this:
int main(int argc, char * argv[])
custom_init();
�
void custom_init()
function1();
function2();
�
This code compiled into one binary so all functions like function1, function2 and so on are �statically linked�. I�d like to see calls tree say for function custom_init. I do not know all function names that maybe called from custom_init so I need to log everything down from custom_init.
Is this possible with DTrace if I only have a binary and it contains symbolic info?
Thank youjonathan
Thanks, I got huge list of function names with
supplied command (# dtrace -l -n
'pid$target:myprog::entry' -c /myprog)
Now I'd like to trace all that comes from function
myfunc() inside binary myprog - how do I do this?The usual idiom for this is something like:
# cat > trace.d <<EOF
#!/usr/sbin/dtrace -s
#pragma D option flowindent
pid$target:a.out:myfunc:entry
self->on++;
pid$target:a.out::entry
/self->on/
pid$target:a.out::return
/self->on/
pid$target:a.out:myfunc:return
/self->on/
self->on--;
pid$target:a.out:myfunc:return
/self->on <= 0/
exit(0); /* we've gotten the data we wanted, so exit dtrace */
EOF
# chmod +x trace.d
# ./trace.d -c 'command args'
...This will only get the static functions in the binary; to get all shared library functions as well, s/:a.out::/:::/g.
Inside the {}s for :entry and :return, you can do additional work; for
example, you could print a nanosecond timestamp:
trace(timestamp);
or (for ::return) the return value:
trace(arg1);
etc.
Cheers,
- jonathan -
Static methods inside class in jsp can't make it work
Hello all i can't understand it why i can't declare the method as static method ?
public class Request{
Request(){}
private String paramValue;
public static String getRequestParam(HttpServletRequest request, String paramName, String defaultValue){
paramValue = request.getParameter(paramName);
return paramValue != null ? paramValue : defaultValue;
im geting this error :
The method getRequestParam cannot be declared static; static methods can only be declared in a static or top level type
can't i do inner class ?
or other sulotion for me not to make instences of class's but to use the class static methods?Hi, try this:
public class Request{
Request(){}
private static String paramValue;
public static String getRequestParam(HttpServletRequest request, String paramName, String defaultValue){
paramValue = request.getParameter(paramName);
return paramValue != null ? paramValue : defaultValue;
}it should work. the problem in you code is that you are trying to referance an non-static object with a static one!
Message was edited by:
Adelx -
Can't we declare a static variable inside a memberfunction of a class?
Hi,
class A{
public void fun()
static int i=10;
can' we declare static variable in member function of class?
Thanks,It is a common idiom in C and C++, but it is forbidden
in Java because it adds hidden dependencies.
The C way of writing a serial number generator:
int generate() {
static int n = 0;
return n++;
}Pure C has only global functions. So it needs inner
static variables to help to hide the data. I've had
lots of headaches trying to make C programs with inner
static variables work correctly because they usually
are hidden in cross-reference listings.
The Java way:
public static class SerialNumberGenerator() {
private static int n = 0;
public static int generate() {
return n++;
}The code above is as static as the C code given
before, but it tries to be more explicit (no hidden
variables).Hum... have you tried to compile your sample ?
(And anyway, what the hell would a static class be used for ???)
But perhaps you meant:
public final class SerialNumberGenerator {
private static int n = 0;
public static int generate() {
return n++; -
Static methods inside interfaces
Why they are not allowed? Such methods would be very helpful in some cases. I speak, of course, about method declaration, not method definition.
Ok , now I understand the problem. Thanks.
And it's also impossible to override a staticmethod.
Actually, it is very possible.Nope. That's hiding (or is it shadowing?), not overriding.
The thing is, it only makes sense to have methods in an interface that can be overridden--by the JLS' definition of overriding--that is, where the particular method implementation that gets invoked is determined at runtime.
Since static method invocatinos are compile-time bound, there's no reason for them to be in an interface--or indeed abstract at all, whether in an interface or abstract class. -
How to access a static method inside the JSP page
Here i had wrote the code in java to access databases , i had include the class path to all the class files.
my problem is when i click the register.jsp page, it will pose eror as null pointer exception i've put my code in this section as follows
memberchecking.jsp
<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*,businessclasses.*,businessobjects.*,projectutils.DateUtilities.*,java.util.*" errorPage="" %>
<html>
<head>
<title>Checking Member's Registration Details...</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<%
String loginId = request.getParameter("loginId");
String resourcePassword = request.getParameter("resourcePassword");
String confirmPassword = request.getParameter("confirmPassword");
String resourceStatus=request.getParameter("resourceStatus");
String nameTitle = request.getParameter("nameTitle");
String jobTitle = request.getParameter("jobTitle");
String firstName = request.getParameter("firstName");
String middleName = request.getParameter("middleName");
String lastName = request.getParameter("lastName");
String displayName = request.getParameter("displayName");
String resourceInitials = request.getParameter("resourceIniitials");
String countryCode = request.getParameter("countryCode");
String resourceLanguage = request.getParameter("resourceLanguage");
//String resourceCurrency = request.getParameter("resourceCurrency");
String resourceEmail2 = request.getParameter("resourceEmail2");
String birthMonth = request.getParameter("birthMonth");
String birthDay = request.getParameter("birthDay");
String birthYear = request.getParameter("birthYear");
String resourceGender = request.getParameter("resourceGender");
String martialStatus = request.getParameter("martialStatus");
String resourceOccupation = request.getParameter("resourceOccupation");
String webPage = request.getParameter("webPage");
String homePhone = request.getParameter("homePhone");
String homePhone2 = request.getParameter("homephone2");
String homeFax = request.getParameter("homepFax");
String phoneOffice = request.getParameter("phoneOffice");
String phoneOffice2 = request.getParameter("phoneOffice2");
String officeFax = request.getParameter("officeFax");
String resourcePager = request.getParameter("resourcePager");
String resourceMobile = request.getParameter("resourceMobile");
String resourceType=request.getParameter("resourceType");
String resourceName = firstName + " " + middleName + " " + lastName;
//java.util.Date resourceBirthDate = (String)birthMonth + "/" + birthDay + "/" + birthYear;
session.setAttribute("Name",resourceName);
session.setAttribute("UserId",loginId);
out.println("name==========="+resourceName);
//check whether the input data is valid for insert
//input validation code goes here.....
ResourceBC aResourceBC=new ResourceBC();
//marshall the resource
ResourceBO resource=new ResourceBO();
String e1 = (String)resource.getEmail();
String e2 = (String)resource.getEmail2();
if(loginId != e1 && resourceEmail2 != e2 ) {
resource.setStatus( "L");
resource.setId(5);
resource.setCountryCode(countryCode);
// resource.setResourceTypeCode(resourceType);
// resource.setResourceParent(rs.getLong(6));
// resource.setHKey(rs.getLong(7));
resource.setName(resourceName);
resource.setDisplayName(displayName);
resource.setLogonPassword(resourcePassword);
resource.setNameTitle(nameTitle);
resource.setJobTitle(jobTitle);
resource.setEmail(loginId);
resource.setEmail2(resourceEmail2);
// resource.setPasswordUpdateDate(rs.getDate(14));
// resource.setPasswordExpireDate(rs.getDate(15));
// resource.setAccessCode(rs.getString(16));
// resource.setLogonUnSuccessTries(0);
resource.setWebPage(webPage);
resource.setPhoneOffice(phoneOffice);
resource.setPhoneOffice2(phoneOffice2);
resource.setPhoneOfficeFax(officeFax);
resource.setPhoneHome(homePhone);
resource.setPhoneHome2(homePhone2);
resource.setPhoneHomeFax(homeFax);
resource.setMobile(resourceMobile);
resource.setPager(resourcePager);
resource.setStatus(resourceStatus);
resource.setGender(resourceGender);
// resource.setBirthDate(resourceBirthDate);
resource.setMartialStatus(martialStatus);
resource.setLanguage(resourceLanguage);
// resource.setCurrency(resourceCurrency);
// resource.setPhoto(photo);
resource.setInitials(resourceInitials);
// resource.setCreatedBy(1);
// resource.setCreatedDate(rs.getDate(36));
// resource.setUpdatedBy(rs.getLong(37));
// resource.setUpdatedDate(rs.getDate(38));
resource.setFirstName(firstName);
resource.setLastName(lastName);
resource.setMiddleName(middleName);
//resource.setCreatedDate(new java.sql.Date());
int rowsAdded=aResourceBC.resourceAdd(resource);
out.println("rowsAdded= "+rowsAdded);
//add message for success or failure to add resource
String msg="";
if(rowsAdded == -1){
msg="<font color=red>The ResourceName already exists .Try another</font>";
session.setAttribute("message",msg);
response.sendRedirect(response.encodeRedirectURL("memberregister.jsp"));
else if(rowsAdded > 0){
msg="<font color=green>Resource Added successfully..........</font>";
session.setAttribute("message",msg);
%>
<jsp:forward page="memberlist.jsp">
<jsp:param name="message" value="<%=msg%>"/>
</jsp:forward>
<%}
%>
</body>
</html>
ResourceBC.java
package businessclasses;
import java.sql.*;
import businessobjects.ResourceBO;
import java.util.*;
import dbutilities.DBManager;
public class ResourceBC
public Vector resourceList() throws Exception{
Vector resourceList=new Vector();
String listSQL="";
StringBuffer listSQLBuffer=new StringBuffer();
listSQLBuffer.append("SELECT ");
listSQLBuffer.append("RES_ID,");
listSQLBuffer.append("RES_NAME,");
listSQLBuffer.append("CNTRY_CODE,");
listSQLBuffer.append("RES_LOGON_PASSWORD,");
listSQLBuffer.append("RESTYPE_CODE,");
listSQLBuffer.append("RES_PARENT,");
listSQLBuffer.append("RES_HKEY,");
listSQLBuffer.append("RES_DISPLAY_NAME,");
listSQLBuffer.append("RES_NAME_TITLE,");
listSQLBuffer.append("RES_JOB_TITLE,");
listSQLBuffer.append("RES_EMAIL,");
listSQLBuffer.append("RES_EMAIL2,");
listSQLBuffer.append("RES_PASSWORD_ACTION,");
listSQLBuffer.append("RES_PASSWORD_UPDATE_DATE,");
listSQLBuffer.append("RES_PASSWORD_EXPIRE_DATE,");
listSQLBuffer.append("RES_ACCESS_CODE,");
listSQLBuffer.append("RES_LOGON_UNSUCCESS_TRIES,");
listSQLBuffer.append("RES_WEB_PAGE,");
listSQLBuffer.append("RES_PHONE_OFFICE,");
listSQLBuffer.append("RES_PHONE_OFFICE2,");
listSQLBuffer.append("RES_PHONE_OFFICE_FAX,");
listSQLBuffer.append("RES_PHONE_HOME,");
listSQLBuffer.append("RES_PHONE_HOME2,");
listSQLBuffer.append("RES_PHONE_HOME_FAX,");
listSQLBuffer.append("RES_MOBILE,");
listSQLBuffer.append("RES_PAGER,");
listSQLBuffer.append("RES_STATUS,");
listSQLBuffer.append("RES_GENDER,");
listSQLBuffer.append("RES_BIRTH_DATE,");
listSQLBuffer.append("RES_MARTIAL_STATUS,");
listSQLBuffer.append("RES_LANGUAGE,");
listSQLBuffer.append("RES_CURRENCY,");
listSQLBuffer.append("RES_PHOTO,");
listSQLBuffer.append("RES_CREATED_BY,");
listSQLBuffer.append("RES_NAME_INITIALS,");
listSQLBuffer.append("RES_CREATED_DATE,");
listSQLBuffer.append("RES_UPDATED_BY");
listSQLBuffer.append("RES_UPDATED_DATE,");
listSQLBuffer.append("RES_NAME_FIRST,");
listSQLBuffer.append("RES_NAME_LAST,");
listSQLBuffer.append("RES_NAME_MIDDLE");
listSQLBuffer.append(" FROM T_RESOURCES ");
listSQL=listSQLBuffer.toString();
System.out.println("listSQL---"+listSQL);
DBManager dbManager=new DBManager();
Connection con =dbManager.getConnection();
Statement stmt=con.createStatement();
ResultSet rs=stmt.executeQuery(listSQL);
ResourceBO resource=null;
while(rs.next()){
resource=new ResourceBO();
resource.setId(rs.getLong(1));
resource.setName(rs.getString(2));
resource.setCountryCode(rs.getString(3));
resource.setLogonPassword(rs.getString(4));
resource.setResourceTypeCode(rs.getLong(5));
resource.setResourceParent(rs.getLong(6));
resource.setHKey(rs.getLong(7));
resource.setDisplayName(rs.getString(8));
resource.setNameTitle(rs.getString(9));
resource.setJobTitle(rs.getString(10));
resource.setEmail(rs.getString(11));
resource.setEmail2(rs.getString(12));
resource.setPasswordAction(rs.getString(13));
resource.setPasswordUpdateDate(rs.getDate(14));
resource.setPasswordExpireDate(rs.getDate(15));
resource.setAccessCode(rs.getString(16));
resource.setLogonUnSuccessTries(rs.getLong(17));
resource.setWebPage(rs.getString(18));
resource.setPhoneOffice(rs.getString(19));
resource.setPhoneOffice2(rs.getString(20));
resource.setPhoneOfficeFax(rs.getString(21));
resource.setPhoneHome(rs.getString(22));
resource.setPhoneHome2(rs.getString(23));
resource.setPhoneHomeFax(rs.getString(24));
resource.setMobile(rs.getString(25));
resource.setPager(rs.getString(26));
resource.setStatus(rs.getString(27));
resource.setGender(rs.getString(28));
resource.setBirthDate(rs.getDate(29));
resource.setMartialStatus(rs.getString(30));
resource.setLanguage(rs.getString(31));
resource.setCurrency(rs.getString(32));
resource.setPhoto(rs.getString(33));
resource.setCreatedBy(rs.getLong(34));
resource.setInitials(rs.getString(35));
resource.setCreatedDate(rs.getDate(36));
resource.setUpdatedBy(rs.getLong(37));
resource.setUpdatedDate(rs.getDate(38));
resource.setFirstName(rs.getString(39));
resource.setLastName(rs.getString(40));
resource.setMiddleName(rs.getString(41));
resourceList.add(resource);
con.close();
con=null;
return resourceList;
//Method to insert the values into the database
public int resourceAdd(ResourceBO resource){
System.out.println("in resourceAdd method ");
//check for duplicate record in the table
String checkDuplicationSQL="SELECT RES_ID FROM T_RESOURCES WHERE RES_ID='"+resource.getId()+"'";
DBManager dbManager=new DBManager();//.getInstance();
boolean hasDuplicateRecord=dbManager.hasDuplicateRecord(checkDuplicationSQL);
int rowsAdded=0;
//insert the record
//hasDuplicateRecord=false;
if(!hasDuplicateRecord){
//get the next resource id for insertion
long nextID=dbManager.getNextIDForColumnAndTable("RES_ID","T_RESOURCES");
System.out.println("nextID================== "+nextID);
StringBuffer fieldsbuffer=new StringBuffer();
fieldsbuffer.append("INSERT INTO T_RESOURCES (");
fieldsbuffer.append("RES_ID,");
fieldsbuffer.append("RES_NAME,");
fieldsbuffer.append("CNTRY_CODE,");
fieldsbuffer.append("RES_LOGON_PASSWORD,");
fieldsbuffer.append("RESTYPE_CODE,");
fieldsbuffer.append("RES_PARENT,");
fieldsbuffer.append("RES_HKEY,");
fieldsbuffer.append("RES_DISPLAY_NAME,");
fieldsbuffer.append("RES_NAME_TITLE,");
fieldsbuffer.append("RES_JOB_TITLE,");
fieldsbuffer.append("RES_EMAIL,");
fieldsbuffer.append("RES_EMAIL2,");
fieldsbuffer.append("RES_PASSWORD_ACTION,");
fieldsbuffer.append("RES_PASSWORD_UPDATE_DATE,");
fieldsbuffer.append("RES_PASSWORD_EXPIRE_DATE,");
fieldsbuffer.append("RES_ACCESS_CODE,");
fieldsbuffer.append("RES_LOGON_UNSUCCESS_TRIES,");
fieldsbuffer.append("RES_WEB_PAGE,");
fieldsbuffer.append("RES_PHONE_OFFICE,");
fieldsbuffer.append("RES_PHONE_OFFICE2,");
fieldsbuffer.append("RES_PHONE_OFFICE_FAX,");
fieldsbuffer.append("RES_PHONE_HOME,");
fieldsbuffer.append("RES_PHONE_HOME2,");
fieldsbuffer.append("RES_PHONE_HOME_FAX,");
fieldsbuffer.append("RES_MOBILE,");
fieldsbuffer.append("RES_PAGER,");
fieldsbuffer.append("RES_STATUS,");
fieldsbuffer.append("RES_GENDER,");
fieldsbuffer.append("RES_BIRTH_DATE,");
fieldsbuffer.append("RES_MARTIAL_STATUS,");
fieldsbuffer.append("RES_LANGUAGE,");
fieldsbuffer.append("RES_CURRENCY,");
fieldsbuffer.append("RES_PHOTO,");
/* fieldBuffer.append("RES_CREATED_BY,");
fieldBuffer.append("RES_NAME_INITIALS,");
fieldBuffer.append("RES_CREATED_DATE,");
fieldBuffer.append("RES_UPDATED_BY");
fieldBuffer.append("RES_UPDATED_DATE,");
fieldBuffer.append("RES_NAME_FIRST,");
fieldBuffer.append("RES_NAME_LAST,");
fieldBuffer.append("RES_NAME_MIDDLE"); */
StringBuffer valuesBuffer=new StringBuffer(" VALUES(");
valuesBuffer.append(nextID+",");
valuesBuffer.append("'"+resource.getName()+",");
valuesBuffer.append("'"+resource.getCountryCode()+",");
valuesBuffer.append("'"+resource.getLogonPassword()+"',");
valuesBuffer.append("'"+resource.getResourceTypeCode()+",");
valuesBuffer.append("'"+resource.getResourceParent()+",");
valuesBuffer.append("'"+resource.getHKey()+",");
valuesBuffer.append("'"+resource.getDisplayName()+",");
valuesBuffer.append("'"+resource.getNameTitle()+",");
valuesBuffer.append("'"+resource.getJobTitle()+",");
valuesBuffer.append("'"+resource.getEmail()+"',");
valuesBuffer.append("'"+resource.getEmail2()+"',");
valuesBuffer.append("'"+resource.getPasswordAction()+",");
valuesBuffer.append("'"+resource.getPasswordUpdateDate()+",");
valuesBuffer.append("'"+resource.getPasswordExpireDate()+",");
valuesBuffer.append("'"+resource.getAccessCode()+",");
valuesBuffer.append("'"+resource.getLogonUnsuccessTries()+",");
valuesBuffer.append("'"+resource.getWebPage()+"',");
valuesBuffer.append("'"+resource.getPhoneOffice()+"',");
valuesBuffer.append("'"+resource.getPhoneOffice2()+"',");
valuesBuffer.append("'"+resource.getPhoneOfficeFax()+"',");
valuesBuffer.append("'"+resource.getPhoneHome()+"',");
valuesBuffer.append("'"+resource.getPhoneHome2()+"',");
valuesBuffer.append("'"+resource.getPhoneHomeFax()+"',");
valuesBuffer.append("'"+resource.getMobile()+"',");
valuesBuffer.append("'"+resource.getPager()+"',");
valuesBuffer.append("'"+resource.getStatus()+"',");
valuesBuffer.append("'"+resource.getGender()+"',");
valuesBuffer.append("'"+resource.getBirthDate()+"',");
valuesBuffer.append("'"+resource.getMartialStatus()+"',");
valuesBuffer.append("'"+resource.getLanguage()+"',");
valuesBuffer.append("'"+resource.getCurrency()+"',");
valuesBuffer.append("'"+resource.getPhoto()+"',");
valuesBuffer.append("'"+resource.getCreatedBy()+"',");
valuesBuffer.append("'"+resource.getInitials()+"',");
valuesBuffer.append("'"+resource.getCreatedDate()+"',");
valuesBuffer.append("'"+resource.getUpdatedBy()+"',");
valuesBuffer.append("'"+resource.getUpdatedDate()+"',");
valuesBuffer.append("'"+resource.getFirstName()+"',");
valuesBuffer.append("'"+resource.getLastName()+"',");
valuesBuffer.append("'"+resource.getMiddleName()+"')");
String insertSQL=fieldsbuffer.toString()+valuesBuffer.toString();
System.out.println("insertSQL="+insertSQL);
rowsAdded=dbManager.executeSQL(insertSQL);
System.out.println("rowsAdded= "+rowsAdded+"hasDuplicateRecord "+hasDuplicateRecord);
}//end if
else{
//throw new Exception("Has a duplicate Record");
return -1;
return rowsAdded;
public int resourceUpdate(ResourceBO resource){
int rowsUpdated=0;
/* String orgCodeStr=null;
if(resource.getOrgCode()==0){
orgCodeStr="NULL";
}else{
orgCodeStr=""+resource.getOrgCode();
StringBuffer updateSQLBuffer=new StringBuffer();
updateSQLBuffer.append("UPDATE T_RESOURCES SET ");
updateSQLBuffer.append("RES_NAME='"+resource.getName()+"',");
updateSQLBuffer.append("CNTRY_CODE='"+resource.getCountryCode()+"',");
updateSQLBuffer.append("RES_LOGON_PASSWORD='"+resource.getLogonPassword()+"',");
updateSQLBuffer.append("RESTYPE_CODE="+resource.getResourceTypeCode()+",");
updateSQLBuffer.append("RES_PARENT="+resource.getResourceParent()+",");
updateSQLBuffer.append("RES_HKEY="+resource.getHKey()+",");
updateSQLBuffer.append("RES_DISPLAY_NAME="+resource.getDisplayName()+",");
updateSQLBuffer.append("RES_NAME_TITLE="+resource.getNameTitle()+",");
updateSQLBuffer.append("RES_JOB_TITLE="+resource.getJobTitle()+",");
updateSQLBuffer.append("RES_EMAIL='"+resource.getEmail()+"',");
updateSQLBuffer.append("RES_EMAIL2='"+resource.getEmail2()+"',");
updateSQLBuffer.append("RES_PASSWORD_ACTION="+resource.getPasswordAction()+",");
updateSQLBuffer.append("RES_PASSWORD_UPDATE_DATE="+resource.getPasswordUpdateDate()+",");
updateSQLBuffer.append("RES_PASSWORD_EXPIRE_DATE="+resource.getPasswordExpireDate()+",");
updateSQLBuffer.append("RES_ACCESS_CODE="+resource.getAccessCode()+",");
updateSQLBuffer.append("RES_LOGON_UNSUCCESS_TRIES="+resource.getLogonUnsuccessTries()+",");
updateSQLBuffer.append("RES_WEB_PAGE='"+resource.getWebPage()+"',");
updateSQLBuffer.append("RES_PHONE_OFFICE='"+resource.getPhoneOffice()+"',");
updateSQLBuffer.append("RES_PHONE_OFFICE2='"+resource.getPhoneOffice2()+"',");
updateSQLBuffer.append("RES_PHONE_OFFICE_FAX='"+resource.getPhoneOfficeFax()+"',");
updateSQLBuffer.append("RES_PHONE_HOME='"+resource.getPhoneHome()+"',");
updateSQLBuffer.append("RES_PHONE_HOME2='"+resource.getPhoneHome2()+"',");
updateSQLBuffer.append("RES_PHONE_HOME_FAX='"+resource.getPhoneHomeFax()+"',");
updateSQLBuffer.append("RES_MOBILE='"+resource.getMobile()+"',");
updateSQLBuffer.append("RES_PAGER='"+resource.getPager()+"',");
updateSQLBuffer.append("RES_STATUS='"+resource.getStatus()+"',");
updateSQLBuffer.append("RES_GENDER='"+resource.getGender()+"',");
updateSQLBuffer.append("RES_BIRTH_DATE='"+resource.getBirthDate()+"',");
updateSQLBuffer.append("RES_MARTIAL_STATUS='"+resource.getMartialStatus()+"',");
updateSQLBuffer.append("RES_LANGUAGE='"+resource.getLanguage()+"',");
updateSQLBuffer.append("RES_CURRENCY='"+resource.getCurrency()+"',");
updateSQLBuffer.append("RES_PHOTO='"+resource.getPhoto()+"',");
updateSQLBuffer.append("RES_NAME_INITIALS='"+resource.getInitials()+"',");
updateSQLBuffer.append("RES_NAME_FIRST='"+resource.getFirstName()+"',");
updateSQLBuffer.append("RES_NAME_LAST='"+resource.getLastName()+"',");
updateSQLBuffer.append("RES_NAME_MIDDLE='"+resource.getMiddleName()+"'");
updateSQLBuffer.append("WHERE RES_ID="+resource.getId());
String updateSQL=updateSQLBuffer.toString();
//String updateSQL="UPDATE T_RESOURCES SET CLIENT_NAME='"+resource.getName()+"',CLIENT_STATUS='"+resource.getStatus()+"',CLIENT_EMAIL_PRIMARY='"+resource.getEmailPrimary()+"',CLIENT_EMAIL_ALTERNATIVE='"+resource.getEmailAlternate()+"',CLIENT_CURRENCY_SYMBOL='"+resource.getCurrencySymbol()+"',CLIENT_CURRENCY_DIGITS="+resource.getCurrencyDigits()+",CLIENT_DIRECTORY_DOCUMENT='"+resource.getDirectoryDocument()+"',CLIENT_DIRECTORY_TEMPLATE='"+resource.getDirectoryTemplate()+"',CLIENT_STORAGE_QUOTA="+resource.getStorageQuota()+",CLIENT_KEY='"+resource.getKey()+"' WHERE CLIENT_ID="+resource.getId();
System.out.println("updateSQL---"+updateSQL);
DBManager dbManager=new DBManager();
rowsUpdated=dbManager.executeSQL(updateSQL);
return rowsUpdated;
public int resourceDelete(long resourceId){
int rowsDeleted=0;
DBManager dbManager=new DBManager();
String deleteSQL="DELETE FROM T_RESOURCES WHERE RES_ID="+resourceId;
System.out.println("deleteSQL==="+deleteSQL);
rowsDeleted=dbManager.executeSQL(deleteSQL);
System.out.println("rowsDeleted= "+rowsDeleted);
return rowsDeleted;
public ResourceBO getResourceById(long resourceId)throws Exception{
StringBuffer selectSQLBuffer=new StringBuffer();
selectSQLBuffer.append("SELECT ");
selectSQLBuffer.append("RES_ID,");
selectSQLBuffer.append("RES_NAME,");
selectSQLBuffer.append("CNTRY_CODE,");
selectSQLBuffer.append("RES_LOGON_PASSWORD,");
selectSQLBuffer.append("RESTYPE_CODE,");
selectSQLBuffer.append("RES_PARENT,");
selectSQLBuffer.append("RES_HKEY,");
selectSQLBuffer.append("RES_DISPLAY_NAME,");
selectSQLBuffer.append("RES_NAME_TITLE,");
selectSQLBuffer.append("RES_JOB_TITLE,");
selectSQLBuffer.append("RES_EMAIL,");
selectSQLBuffer.append("RES_EMAIL2,");
selectSQLBuffer.append("RES_PASSWORD_ACTION,");
selectSQLBuffer.append("RES_PASSWORD_UPDATE_DATE,");
selectSQLBuffer.append("RES_PASSWORD_EXPIRE_DATE,");
selectSQLBuffer.append("RES_ACCESS_CODE,");
selectSQLBuffer.append("RES_LOGON_UNSUCCESS_TRIES,");
selectSQLBuffer.append("RES_WEB_PAGE,");
selectSQLBuffer.append("RES_PHONE_OFFICE,");
selectSQLBuffer.append("RES_PHONE_OFFICE2,");
selectSQLBuffer.append("RES_PHONE_OFFICE_FAX,");
selectSQLBuffer.append("RES_PHONE_HOME,");
selectSQLBuffer.append("RES_PHONE_HOME2,");
selectSQLBuffer.append("RES_PHONE_HOME_FAX,");
selectSQLBuffer.append("RES_MOBILE,");
selectSQLBuffer.append("RES_PAGER,");
selectSQLBuffer.append("RES_STATUS,");
selectSQLBuffer.append("RES_GENDER,");
selectSQLBuffer.append("RES_BIRTH_DATE,");
selectSQLBuffer.append("RES_MARTIAL_STATUS,");
selectSQLBuffer.append("RES_LANGUAGE,");
selectSQLBuffer.append("RES_CURRENCY,");
selectSQLBuffer.append("RES_PHOTO,");
selectSQLBuffer.append("RES_CREATED_BY,");
selectSQLBuffer.append("RES_NAME_INITIALS,");
selectSQLBuffer.append("RES_CREATED_DATE,");
selectSQLBuffer.append("RES_UPDATED_BY");
selectSQLBuffer.append("RES_UPDATED_DATE,");
selectSQLBuffer.append("RES_NAME_FIRST,");
selectSQLBuffer.append("RES_NAME_LAST,");
selectSQLBuffer.append("RES_NAME_MIDDLE");
selectSQLBuffer.append(" FROM T_RESOURCES WHERE RES_ID="+resourceId);
String fetchSQL=selectSQLBuffer.toString();
System.out.println("fetchSQL---"+fetchSQL);
DBManager dbManager=new DBManager();
Connection con =dbManager.getConnection();
Statement stmt=con.createStatement();
ResultSet rs=stmt.executeQuery(fetchSQL);
ResourceBO resource=new ResourceBO();
while(rs.next()){
resource.setId(rs.getLong(1));
resource.setName(rs.getString(2));
resource.setCountryCode(rs.getString(3));
resource.setLogonPassword(rs.getString(4));
resource.setResourceTypeCode(rs.getLong(5));
resource.setResourceParent(rs.getLong(6));
resource.setHKey(rs.getLong(7));
resource.setDisplayName(rs.getString(8));
resource.setNameTitle(rs.getString(9));
resource.setJobTitle(rs.getString(10));
resource.setEmail(rs.getString(11));
resource.setEmail2(rs.getString(12));
resource.setPasswordAction(rs.getString(13));
resource.setPasswordUpdateDate(rs.getDate(14));
resource.setPasswordExpireDate(rs.getDate(15));
resource.setAccessCode(rs.getString(16));
resource.setLogonUnSuccessTries(rs.getLong(17));
resource.setWebPage(rs.getString(18));
resource.setPhoneOffice(rs.getString(19));
resource.setPhoneOffice2(rs.getString(20));
resource.setPhoneOfficeFax(rs.getString(21));
resource.setPhoneHome(rs.getString(22));
resource.setPhoneHome2(rs.getString(23));
resource.setPhoneHomeFax(rs.getString(24));
resource.setMobile(rs.getString(25));
resource.setPager(rs.getString(26));
resource.setStatus(rs.getString(27));
resource.setGender(rs.getString(28));
resource.setBirthDate(rs.getDate(29));
resource.setMartialStatus(rs.getString(30));
resource.setLanguage(rs.getString(31));
resource.setCurrency(rs.getString(32));
resource.setPhoto(rs.getString(33));
resource.setCreatedBy(rs.getLong(34));
resource.setInitials(rs.getString(35));
resource.setCreatedDate(rs.getDate(36));
resource.setUpdatedBy(rs.getLong(37));
resource.setUpdatedDate(rs.getDate(38));
resource.setFirstName(rs.getString(39));
resource.setLastName(rs.getString(40));
resource.setMiddleName(rs.getString(41));
con.close();
con=null;
return resource;
}//end of class
plz help me to solve this problem....
rajkumarThe JSP wil be converted into a java file and then compiled into a class. If you are using tomcat, the java file will be somewhere in the work folder of your tomcat installation. Find the java file and check the line that is reported in the exception to see where the null-pointer is coming from.
-
Hi,
We have a scenario of a client in india but have a branch in abroad.Can we maintain it in a single company.But the currency
of the branch will not be in INR.And the inventory of the branch will be in foreign currency.
If not possible , please suggest the alternative?
Rgds
Edited by: Paul Finneran on Sep 25, 2008 12:59 PMHi Praveen,
If they have only one branch aboad, it is possible to be in one company. However, in case they developed another new branch in another currency in the future, it will be not doable.
You can assign defferent currencies for system and local currency. In this way, one oversea branch can have their own report either in system or in local currency depending on setting.
There are still many restrictions to satisfy your client's expectation in this case. You should tell them in advance.
Please keep in mind, the FC concept will only apply to BP, not your branch.
If you are looking for alternative, there is not too much you can do. The simplest way will be setup 2 companies.
Thanks,
Gordon -
Hi
i have thought many times about outside Nat but i m confused when will be such situation that we will require outside NAT.Can anybody give me best example of real Network, and explain me the traffic flow i have read in book but still it is not clear.
In FWSM interface with higher security level when access to lower security level we only need access-list, NAT is not reqiured, Is it i m on the correct path???? or this is misunderstood.
ThanksJack
An example of where i have used static NAT. We had a lab setup conected to our prod network with a firewall ie.
prod network -> (inside interface) pix (outside interface) -> lab
so the pix was there to protect the prod network from the lab. In the lab we had 172.16.x.x addressing but our prod network used 10.228.x.x addressing and we didn't want to add 172.16.x.x addresses to our routing tables in prod. So we did this on the pix -
static (outside,inside) 10.228.56.10 172.16.10.1 netmask 255.255.255.255
then we could connect to 10.228.56.10 from prod and it was translated to 172.16.10.1 in the lab.
Basically what you are doing this command is you are translating the destination IP as you go from the inside to outside interfaces of the pix. Compare this with a normal static (inside,outside).. command ie.
static (inside,outside) 10.228.56.10 172.16.10.1 netmask 255.255.255.255 means -
1) a packet coming from the inside of the pix with a source IP of 172.16.10.1 will be translated to 10.228.56.10
2) a packet coming from the outside of the pix with a destination IP of 10.228.56.10 will be translated to 172.16.10.1
static (outside,inside) 10.228.56.10 172.16.10.1 netmask 255.255.255.255. means -
1) a packet coming from the inside with a destination of 10.228.56.10 will be translated to 172.16.10.1
2) a packet coming from the outside with a source IP of 172.16.10.1 will be translated to 10.228.56.10
With the FWSM you do indeed need an acl from higher to lower which is different from the standalone pix/ASA devices.
Whether or not you need NAT depends. If you have nat-control turned off then you do not need NAT. If it is turned on then if i remember correctly you do need it.
Jon -
ASA 5505 NAT rules blocking inside traffic
Previous attempts to set up these NAT rules has been met with minimal success. We have been able to get the NAT rules created, and able to ping our inside servers and receivers from a different outside network, but every time we get that far our internal network crashes. Running the Packet Trace utility via the ASDM shows that internal traffic from the servers to the workstations is being blocked by the default implicit rule under the access rule heading that states "any to any, service being ip, action= deny". Reverse traffic from the workstations to the servers is being allowed though. In an effort to start over again, the Cisco ASA has been Factory Defaulted via the CLI, and has had it's Inside network, and Outside IP address set back up. DHCP pool has been setup for a minimal amount of addresses on the inside network, since most of our equipment will always be assigned statics. We reset our static NAT policies, and seem to be having the same problem. My partner and I have been working on this for some time now, and have ourselves so frustrated that I know we are missing something simple. Any help will be greatly appreciated.
Embarq : Network xxx.xxx.180.104
Gateway: xxx.xxx.180.105
Subnet Mask: 255.255.255.248
Our Static IP's: xxx.xxx.180.106 to xxx.xxx.180.110
Cisco Pix for VPN tunnels : xxx.xxx.180.107 outside IP
used for DataBase Servers : 100.1.0.2 Inside IP/ Gateway 2
Cisco ASA 5505: xxx.xxx.180.106 outside IP
all other traffic : 100.1.0.1 Inside IP/ Gateway 1
Inside Network: 100.1.0.0/24
Application Server: 100.1.0.115 uses Gateway 1
BackUp AppSrvr: 100.1.0.116 uses Gateway 1
DataBase Server: 100.1.0.113 uses Gateway 2
BackUp DBSrvr: 100.1.0.114 uses Gateway 2
Cobox/Receiver: 100.1.0.140
BackUp Cobox: 100.1.0.150
Workstation 1: 100.1.0.112
Workstation 2: 100.1.0.111
Network Speaker1,2,3,4: 100.1.0.125 to 100.1.0.128
Future Workstations: 100.1.0.0/24
1. Embarq Gateway feeds both Cisco Pix, and Cisco ASA. Both Ciscos feed a Dell Switch.
2. All inside network devices at 100.1.0.0/24 are networked into the Dell Switch.
3. All Workstations/Network Speakers need to be able to communicate with all four servers, and the Cobox/Receiver.
4. The DataBase Servers have VPN tunnels created in the Pix for clients to be able to login securely and edit their account info.
5. The App Server (100.1.0.115), and BackUp App Srvr (100.1.0.116) need to have a NAT rule created NAT'ing them to xxx.xxx.180.109.
A. The xxx.xxx.180.109 NAT rule needs to allow ALL UPD traffic TO and FROM ANY outside IP address.
B. The xxx.xxx.180.109 NAT rule needs to allow ICMP traffic FROM ANY Outside IP address.
6. The Cobox/Receiver (100.1.0.140) and BackUp Cobox (100.1.0.150) need to have a NAT rule created NAT'ing them to xxx.xxx.180.108
A. The xxx.xxx.180.108 NAT rule needs to allow UDP traffic FROM ANY Outside IP address source port 6000 or 9000 to destination port 9000
B. The xxx.xxx.180.108 NAT rule needs to allow ICMP traffic FROM ANY Outside IP address.
7. Right now the Cisco PIX is functioning and working perfectly for our VPN tunnels.
8.
: Saved
ASA Version 8.2(5)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 100.1.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.180.106 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object icmp
protocol-object udp
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object icmp
protocol-object udp
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any xxx.xxx.180.104 255.255.255.248
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 host xxx.xxx.180.108 any
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_5 host xxx.xxx.180.108 any
access-list inside_access_allow extended permit object-group DM_INLINE_PROTOCOL_2 100.1.0.0 255.255.255.0 100.1.0.0 255.255.255.0
access-list inside_access_allow extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list inside_nat_static extended permit udp host 100.1.0.140 eq 9000 any
access-list inside_nat_static_1 extended permit ip host 100.1.0.115 any
access-list inside_nat0_outbound extended permit ip 100.1.0.0 255.255.255.0 100.1.0.0 255.255.255.0
access-list outside_nat_static extended permit udp host xxx.xxx.180.108 eq 6000 host 100.1.0.140
access-list outside_nat_static_1 extended permit ip host xxx.xxx.180.109 host 100.1.0.115
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
no asdm history enable
arp timeout 14400
nat-control
global (inside) 1 100.1.0.3-100.1.0.254 netmask 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
static (inside,outside) udp xxx.xxx.180.108 6000 access-list inside_nat_static
static (outside,inside) udp 100.1.0.140 9000 access-list outside_nat_static
static (inside,outside) xxx.xxx.180.109 access-list inside_nat_static_1
static (outside,inside) 100.1.0.115 access-list outside_nat_static_1
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 100.1.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 100.1.0.5-100.1.0.15 inside
dhcpd dns 71.0.1.211 67.235.59.242 interface inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
prompt hostname context
call-home reporting anonymous
Cryptochecksum:52e69fa95fcffd43ed9e73df320e3a55
: end
no asdm history enableOK. Thank you very much for your help. I am going to get with the powers that be to upgrade the "Base" license in this ASA.
In the meantime I will Close and Rate this post for now so others can get this info also.
If we have any further issues after the upgrade, then I will open a new post.
Thanks again. We new it was something simple. Not sure how we overlooked that, but hey we're getting somewhere now. -
Static NAT to IP that is not local to ASA?
All, I have a doubt about a configuration I am requesting. I know just a little about ASA myself, but am working with a contractor on this project and he is not sure this can be done or not.
My applciation is this:
- ASA with internet and some public IP.
- Exisiting internal LAN of 10.10.10.0/24.
- New voice VLAN 10.10.100.0 on L3 SGE switch doing inter-vlan route between 10.10.100.0/24 and 10.10.10.0/24 via 10.10.10.1 (ASA internal interface)
- ASA will have static route to 10.10.100.0/24 via 10.10.10.254 (data VLAN interface on my L3 switch) This much is a known working configuration for me to allow voice and data vlans to route and require very little of firewall contractor.
Now I need static NAT of a public IP to my IP PBX on 10.10.100.1. The doubt I have is if they try to configure this the ASA will not want to make a NAT to 10.10.100.1 because that network does not exist anywhere in the ASA config.
Is there a way to make this work or will it be required/better to use an extra interface no the ASA and make it 10.10.100.0/24 and have the ASA do inter-vlan routing instead of the switch?
Thanks in advance,
BrandonThe inside static route is now working, thank you. Back to my original question about static NAT. I just need a public IP to pass all traffic to an internal IP that is on the 10.10.100.0/24 network not directly conencted to the ASA. I am thinking this would be the command:
static (outside,inside) 10.10.100.1 222.222.222.222 netmask 255.255.255.255
Does that seem correct and can you provide an example of what the ACL would look like? I want to just allow all traffic now for the purpose of remote IP phones and some admin and mobile apps using various ports. Once it is tested working I will let the firewall vendor layer security on.
Thanks again,
Brandon -
Unable to capture packets on ASA(ASDM)
Hi all,
We have site to site VPN connection to one of our client. From which we both are accessing our applications and other resources. Now client needs to acccess two of our internal server. So we have created Static NAT in our ASA. For one server they are accessing without any issues. But the other server they are not able to connect. Since its vpn tunnel we havent blocked any ports and its open to all traffic. But their side they have restricted and we need to see whether the packets hitting our ASA or not. Once we observes this, its easy for us to escalate them. I tried packet capture wizard in ASDM. But its not showing anything. Can anyone tell me how to capture packets realated to Static NAT. Please let me know if you want anyother details?
local 20.0.0.0/24 -->this will get natted to --->12.0.6.0/24 when going in for tunnel
we have created
static(outside,inside) 12.0.6.10 20.0.0.10 255.255.255.255 working
static(outside,inside) 12.0.6.11 20.0.0.11 255.255.255.255 not working, we need to check whether its hitting 12.0.6.11
Kindly advise...
Regards,
BalaWhere are you trying to initiate the connection from?
If they are trying to initiate the connection towards your end, and the traffic doesn't reach your end, then there will be nothing on your ASA packet capture.
Please share what you have configured to capture the traffic?
To check if the traffic is reaching the inside interface, just configure ACL between source (real IP) and destination (remote IP), and apply the capture on the inside interface. This will confirm if the traffic is coming inbound towards the inside interface.
To check if the traffic is leaving the inside interface towards the host behind your ASA, configure ACL between source (remote IP), and destination (host real IP), and apply the capture on the inside interface. This will confirm if the traffic is leaving your ASA inside interface towards the host.
Maybe you are looking for
-
Why doesn't the sd card or the usb connect to my mac ????
why doesn't the sd card or the usb connect to my mac plzzzz help meeeeeeeeeee
-
How to trigger a sales order Idoc ORDERS05 when ever we create or change it
Hello Experts, What are all the configuratons that we need to do on SAP to configure triggering of sales order when ever its created or changed. It will be very helpfull if you give in step - step process to do it. If any have any documentation pleas
-
Unstable Intel(R) HD Graphics driver file
Blue screen crashes caused by unstable driver file. (igdpmd64.sys) in Screen Display drivers. Caused multible crashes, until I disabled Intel(R) HD Graphics Family. Now Windows wants to keep shutting down the other graphics driver (which is a low res
-
What is the road map to start XI
HI Frnds, Me previously worked on Datawarehousing.Datastage(ETL tool).Now I shifted to XI 4months back.In my company they given a warm up training on XI and some basic scenarios.Now they directly kept me at one interface(project).Ok Iam doing good th
-
FCPX 10.1.3 problem with network drive
I just upgraded to FCPX 10.1.3 (and OS X Mavericks 10.9.5). I'm trying to update my old projects/events but FCPX does not recognise the drive as a valid drive. If I go to File > Update..., then Locate... and try to navigate to the Time Capsule, I get