TES to CPO communication

I'm looking for an elegant way for TES to communicate with CPO. Is an SNMP message the only? Or is there an adapter available? Or is there something I could be missing with CPO that would work?
What I'm trying to do is set up processes to run some general diagnostics on systems when either a job fails in TES or when we lose a connection within TES.
An ability for CPO to kick off a TES job as well would be great as well. For example, a TES job fails, CPO runs some diagnostics (restarts a service, whatever) and then reruns that job that failed in TES.

Hi James!
For TES->CPO
You could do a lot of things. Web Services, Powershell CLI, Windows Events - CPO can trigger from them all.
My suggestion would be to use web services. CPO has a north bound web services set to start processes and do other things. The standard WSDL for processes would be http:// server>:61527/WS/Process?WSDL (assuming you are using the standard http port). You do have to activate these web services by going to file->server (in the master UI) and clicking on the web services tab and activ them there.
You can also try the powershell CLI, CPO has some build in commandlets, like "Start-TEOProcess -name "
We have guides(in the doc) on both Northbound Web Services, and Powershell. If you need some further webex type help, best to open a case. We can give you some further guidance in setting things up.
As far as CPO kicking off a TES job, TES has web services as well so you can use CPO and the Web Service Execute activity to call into TES web services to start a job. (or restart or whatever)
We(in support) thought of another neat idea that would be to use CPO to monitor your agents and your master service and then if they go down you could do automated recovery and have CPO restart them and resubmit jobs or whatever. CPO has activities called "Query Windows Service" and "Control Windows Service" that give you full control over those. (if you ran a unix master, you could do the same using some unix/linux connections and scripting there)
-shaun

Similar Messages

Requisition Queue is not avialable

Hi Team,
Could you please provide the solution to resolve this issue?
I have installed Cisco Prime Service Catalog (version 10). And i have created one service to test CCP- CPO communication.
While ordering the service i am getting expection like "Requisition Queue is not available". And unable to order the service.
I have attached screen shot of queues which are available in Jboss. (Unable to change/create new queues).
Please let us know if any information required.
Regards,
Vignesh.

When you encounter this type of issues, it is best to contact TAC for assistance.
That said, a few troubleshooting tips:
Have you tried restarting Prime Service Catalog? After it is back up and running, restart CPO.
Did you change your JMS password? That could be the reason you fail to connect to JMS.
Is this an appliance installation?

CPO 3.0 Security Questions

Perhaps there is documentation that tells me this, but I only have the changelog and install docs.
I need to submit a design document to our security team before CPO will be allowed to run any of our PROD environments.
I understand that I can configure SSL on the IIS virtual directory to secure connectivity to the web interface.
However, what about connections between the client console and the CPO backend? Is this encrypted?
Are the passwords for runtime users stored securely (encrypted) in the database?

You will want to add an SSL certificate to the northbound web service should you use it. The web services guide I think has this information: http://www.cisco.com/en/US/customer/products/ps11100/products_user_guide_list.html
Configuring Role-based security is in the user's guide at the link above.
There is information in the install guide online regarding hardening the PO servers.
http://www.cisco.com/en/US/customer/products/ps11100/prod_installation_guides_list.html
Per the encryption of secrets such as passwords at rest in the database, this is done using an environment-specific key. So you cannot just lift the database and expect to get at the data. This creates some issues for getting a complete backup for disaster recovery. See the "Managing High Availability and Resiliency" chapter in the 3.0 user's guide. In prior releases this was in a separate resiliency guide. Encryption uses Microsoft security APIs, same as storage of Windows service passwords. In addition to this, these secrets are never displayed or logged within the product. See the runtime users and hidden strings concepts in the 3.0 user's guide.
My recollection is that unlike the northbound web service and web UI, the client to server communication is encrypted even without the use of SSL, but I'll leave that for someone else to add details on.

How to create CPO workflow..training video

Does anyone has training videos for understnading of CPO workflow or how to create Prsocess ........????
Thank you

I have done lots of content in regards to training.
Refer to the video section on this site @ https://supportforums.cisco.com/community/netpro/data-center/intelligent_automation/teo?view=video
In particular, this video talks to process authoring: https://supportforums.cisco.com/videos/2150
Since you are a cisco employee, I would suggest you check out our TAC's wiki page @ http://wikicentral.cisco.com/display/IABUS/PROAUTO+Queue and check out the "TEO Support Training" link. There are a ton of VODs I've done over time there.
-Shaun Roberts
CPO/CIAC Support Lead
[email protected]

Unexpected hexadecimal 00 send over serial communication

Hi,
I'm connecting a Tesa tt20 with a serial port. TT20 measures thickness and returns a 6 digit fractional number (0.0000). Communication works fine on most desktops and/or laptops. I have to say that i throw away the first measurement, because values where not to be trusted.
In one case, the following occures :
Sometimes there are gaps between the numbers.
Something like this : 1. 23 or 0.0 2
Examining this string in codes display, the gap appears to be \00 or in very rare cases \s
When we connect a laptop on the same TT20, communication works fine
It seems to be a problem with the desktop, some kind of setup -parameter ?
I was wondering if anyone has encoutered the same problem ?
Thanks in advance
Regards
Christine

Centerbolt,
I gathered a bit of info.
The same cable is used on desktop and portable
It seems to be an optical RS232
In attachment you will find the communications spec for the TT20. Not much to go on. But i am not a specialist on this.
I am using labv 8.2.1
You are right about the timing. I will make a version where i will make sure that the wait comes before the property node
Many thanks
Regards
Christine
Attachments:
RS232_UK pg80.jpg ‏73 KB

Vitesse de communication avec appli RT

Bonjour à tous,
J'ai réaliser un application séparé en deux applis (PC et RT). Lorsque je fais mes tests en lançant les VI depuis LabVIEW, la communication entre les deux coté se fais parfaitement bien, le tous est synchronisé.
Mais lorsque je passe en startup.rtexe pour la partie RT et en .exe pour le PC, la communication ne se fais plus aussi rapidement...
Est-ce normal ou c'est mon PC qui se fais un peu trop vieux ?
Cordialement
Nathan
Résolu !
Accéder à la solution.

NathV74 a écrit :
Merci pour ta réponse, mais au vu de se que tu écrit, on peut dire que théoriquement le débit de données doit etre le meme que l'on execute le programme en code source ou en exe...
La configuration de mes variables sont relativement basique:
- Type de variable : Network-Published
- Pas d'aliasing
- Pas de buffer
- Pas de RT FIFO
- Pas de scaling
Une autre configuration serait-elle plus optimal ?
Cordialement
Nathan
Etant donnée la config des VP c'est assez surprenant d'avoir une différence en passant en EXE.
Tu arrives à poster des screenshots de la partie ecriture et lecture de tes VP côté Rt et côté host?
When my feet touch the ground each morning the devil thinks "bloody hell... He's up again!"

Communication bidirectionnelle sur port parall�le en java ?

J'ai test� l'emploi de l'api java.comm, mais il est impossible de changer le mode SPP (undirectionnel) par d�faut du port.
J'ai regard� au niveau des JNIs pour employer une dll salvatrice, mais elles ne r�serv�es que pour les langages qui ont la chance d'avoir leur interface avec cette dll. (g�n�ralement, il s'agit du langage C, et VB)
Bref, je ne vois aucune solution pour une communication bidirectionnelle et je n'ai pas le droit � d'autres recours que le langage Java.
Merci de votre aide.
Un �tudiant en informatique.

Si tu n'as pas eu de probl�me avec cette api pour une communication bidirectionnelle sur le port parall�le, peut-�tre que ce code contient une erreur d'emploie.
* Programme �crit le 22 et 23 avril 2002.
* Programme g�rant la communication avec le port parall�le en utilisant l'api java.comm
* Ce programme r�alise les actions suivantes qui sont effectu�s sur la machine locale:
* Teste la pr�sence d'un port parall�le, si celui-ci est pr�sent:
* R�cup�ration du nom du port
* R�cup�ration du mode de port (SPP, PS2, ECP, ...)
* Tentative d'association � un flux de sortie
* Tentative d'association � un flux d'entr�e
* Envoie des donn�es sur le port
* Pour fonctionner, il est n�cessaire de disposer d'un pilote de p�riph�rique sur port parall�le,
* et d'avoir correctement installer l'api java.comm
import java.io.*;
import java.util.*;
import javax.comm.*;
public class TestLpt1 {
static Enumeration portList;
static CommPortIdentifier portId;
static String messageString = "Texte envoy� en sortie sur le port parall�le... (60 octets)\n";
static String ApplicationName = "TestLpt1";
static ParallelPort parallelPort;
static OutputStream outputStream;
static InputStream inputStream;
public static void main(String[] args) {
portList = CommPortIdentifier.getPortIdentifiers();
while (portList.hasMoreElements()) {
portId = (CommPortIdentifier) portList.nextElement();
// Recherche d'un port parall�le nomm� lpt1
if (portId.getPortType() == CommPortIdentifier.PORT_PARALLEL&&
portId.getName().equals("LPT1")) {
     System.out.println("Il y a un port parall�le nomm�: "+portId.getName());
     try {
          // Ouverture de ce port
          parallelPort = (ParallelPort)portId.open(TestLpt1.ApplicationName, 2000);
          System.out.println("\nTentative d'appropriation du port par l'application TestLpt1...");
          System.out.println("Le port est appropri� � "+portId.getCurrentOwner());
     catch (PortInUseException e) {
          System.out.println("Le port est utilis� par une autre application.");
     // tentative de reconnaissance du mode utilis�
     switch(parallelPort.getMode()) {
          case ParallelPort.LPT_MODE_PS2:
                    System.out.println("\nLe port est actuellement en mode PS2");
                    break;
               case ParallelPort.LPT_MODE_EPP:
                    System.out.println("\nLe port est actuellement en mode EPP");
                    break;
               case ParallelPort.LPT_MODE_ECP:
                    System.out.println("\nLe port est actuellement en mode ECP");
                    break;
               case ParallelPort.LPT_MODE_NIBBLE:
                    System.out.println("\nLe port est actuellement en mode NIBBLE");
                    break;
               case ParallelPort.LPT_MODE_SPP:
                    System.out.println("\nLe port est actuellement en mode SPP");
                    try {
                         SetModeECP();
                    catch (UnsupportedCommOperationException e) {
                         System.out.println("Cannot set port at ECP mode");
                    break;
               default:
                    System.out.println("\nLe mode du port est inconnu.");
                    break;
     try {
          // cr�ation d'un flux de sortie
          outputStream = parallelPort.getOutputStream();
          System.out.println("-> Open ouput stream");
     } catch (IOException e) {
     System.out.println("X Cannot open ouput stream");
try {
     // cr�ation d'un flux d'entr�e
     inputStream = parallelPort.getInputStream();
     System.out.println("-> Open input stream");
} catch (IOException e) {
     System.out.println("X Cannot open input stream");
try {
     // �criture vers le port parall�le
outputStream.write(messageString.getBytes());
System.out.println("\nPrint to parallel port");
System.out.println("Fin normale du programme.");
catch (IOException e) {
     System.out.println("\nCannot print to parallel port");
} // fin du if
} // fin du while
} // fin du main
public static void SetModeECP() throws UnsupportedCommOperationException {
     // Fonction qui permettra de passer le port en mode ECP
parallelPort.setMode(ParallelPort.LPT_MODE_ECP);
} // fin de la classe
Merci de tes commentaires.
La fonction setMode(int) n'est pas utilis� car elle est incapable de changer le mode du port.

Communications avec un fluke 45

Bonjour,
Je suis actuellement en train de créer de travailler sur un projet TRES URGENT (récupération de données d'un multimètre Fluke 45 avec LV) pour tester Labview. dans lequel nous communiquons via RS232 avec un multimètre Fluke 45.
J'ai utilisé le driver figuré sur le site national instruments Fluke 45.vi .
J'arrive à procéder à une acquisition de données avec le VI Application Function Fluke 45 (ici acquisition de la tension indiquée par le multimètre) mais il y a un problème sur les circulations des données : en effet, lorsque j'observe l'évolution temporelle de l'acquisition de données avec un tableau de réel dans Labview: le programme acquiert les données : 0 - 0 - VALEUR - 0 - 0 - VALEUR - 0 - 0 - VALEUR .... et ainsi de suite. Il y a une périodicité que je n'arrive pas à comprendre.
De plus, lorsque je modifie la tension, le programme ne détecte le changement qu'après 2 minutes : c'est à dire : je mesure 4 V à t = 0 (le programme affiche 0 et ce jusqu'à t = 2 min puis affiche 4 V) or moi je voudrais que le programme détecte la variation immédiatement
Pouvez-vous m'aider SVP c'est assez urgent ?
Cordialement.
Résolu !
Accéder à la solution.

Salut, j'ai travaillé sur du Fluke aussi l'an dernier lors de mon stage je peux peut etre t'aider.
Déjà je sais pas si tu le sais mais tu as la doc du multimètre qui explique le fonctionnement en émission/réception de commande.
Ensuite comme tu dois le savoir le RS232 est une communication série synchrone ou asynchrone, il faut que tu regardes dans les réglages de ton multimètre le mode dans lequel tu es.
Ce qu'il se passe c'est que l'ordinateur (Labview) n'est certainement pas à la même vitesse que le multimètre (les Bauds en général 19200 mais regardes la doc), et donc il essaie de lire les trames plus souvent qu'il n'en recoit, donc comme il ne recoit rien il met zéro, je pense que ton problème vient de là
Sinon une astuce que j'avais utilisé pour déchiffrer des trames spécifiques à un modèle de thermomètre c'est de trier tes chaines de caractères que tu recois avec des fonctions Labview et ainsi tu obtiens juste la valeur entre tel et tel caractère que tu ne veux pas.
J'espère t'avoir aidé, un peu
Sinon pour le 2eme problème, je travaillais en thermique donc il y avait un temps de stabilisation pour le thermomètre, peut etre qu'en électricité il y en a aussi un ce qui justifierait les 2 min d'attentes de commandes de la part du multi
a+

Discussion request to anyone using TES 6.1.0.x

Hello:
I know that everyone has very busy day's however if you are currently using TES 6.1.0.x I would like to have a discussion with you on how the product is working for you. We are in the process of testing for upgrade from TES 5.3.1.x and have run into some issues I would like to hear from the community if anyone has already gone thru the upgrade and how its working out. I'm also interested to know if you are using Transporter.
If anyone could take some time out of their day to give me a call it would be greatly appreciated, note I am in the mountain time zone.
Regards,
Ceceil Rufo - Lync Phone# 443-542-4612

Hello:
I know that everyone has very busy day's however if you are currently using TES 6.1.0.x I would like to have a discussion with you on how the product is working for you. We are in the process of testing for upgrade from TES 5.3.1.x and have run into some issues I would like to hear from the community if anyone has already gone thru the upgrade and how its working out. I'm also interested to know if you are using Transporter.
If anyone could take some time out of their day to give me a call it would be greatly appreciated, note I am in the mountain time zone.
Regards,
Ceceil Rufo - Lync Phone# 443-542-4612

VOIP connectivity with BIAMP Tesira DSP

Hello All,
We are looking at hooking a BIAMP Tesira DSP into our Lync 2013 server to handle VOIP calls in our conference room. The unit has an add in module specific for handling VOIP connectivity (SVC-2) but I haven't been able to find any documentation on how
to go about configuring it for a Lync server.
Has anyone ever worked with one of these or have any ideas on where to start?
Thanks!

Hi,
I agree with Holger Bunkradt. You need a Microsoft Certified Media Gateway or a SBC between Lync Mediation Server and the BIAMP Tesira DSP.
You can choose from the link below:
https://technet.microsoft.com/en-us/office/dn788945
Best Regards,
Eason Huang
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Eason Huang
TechNet Community Support

TES Webinar Links

For those who were not able to attend the TES webinars delivered in July covering new functionality and architectural changes in the TES 6.x releases the links are inlcluded below. The associated presentations for each of the webinars can also be located in the "Documents" section of hte TES Support Community.
Webinar #1
https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=MC&rID=62061077&rKey=811a147f8e1cc825
Webinar #2
https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=MC&rID=61931757&rKey=000ac3c0da12377f
Webinar #3
https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=MC&rID=61839917&rKey=3ede6dbb6ecfead2

We have applied hotfix 421 before the holiday - that includes the Performance fix. Wonder if anyone else has and can share experience with it? For us, the expand, collapse, scroll on JAC and Job Definition paneldoes feel faster.
However, we have experienced twice already that one of our CMs will just stop working since applying this patch - and what I mean by not working is that you get the login prompt then the interface with everything else blank, as shown below:
Thats it, I wait 5 minutes in case it it just delayed but it stays blank like this. Anyone else experience this on hotfix 421 or above? I have had to bounce the CM on the affected server to get it workng again.
It is possible that it is specific to our site/configuration or fail on my end applying patch - my logging is very sparse so I cannot really see anything obvious from going over CM and plugin logs, as well as the logs from within the web interface. Its just strange that this only started happening to us after the new patch.
Will log a case with support.

CPO-Upgade

Do I need to use an upgrade if I want to buy a CPO from the verizonwireless website?

Hi jaxwootton,
Yes, when ordering one of the Certified Pre-Owned phones from the website, you would be using an upgrade. However, we have a line-up of Certified Pre-Owned phones that you can purchase outright if, for example, you are not eligible for an upgrade but need a phone.
The phones are much lower than the retail cost, they are insurable, they have a warranty for 12 months, and there is no contract required. Below is a link to view the equipment we offer for this program. I hope you, as well as other community members, find it helpful.
http://shop.verizonwireless.com/?id=CPO+Cell+Phones
Thank you and best regards,

Sqlnet Communication problem

Hi Community,
I have a challenge getting 2 Oracle servers with each located in "internal" and "DMZ" network segments.
The oracle server on the internal network can communicate with the one on the DMZ but the one on the DMZ can NOT talk to the one on the internal network.
The customer wants the architecture to enable realtime data updates on the Oracle in DMZ.
My config is as follows: I need help.
ciscoasa# wr t
: Saved
ASA Version 8.4(3)
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.1.184.131 Proxy_Server
name 192.168.10.1 Internet_Router
name 10.1.184.122 Mail_Server
name 10.1.184.116 Mail_Server_2
name 10.1.184.121 Mail_Server_3
dns-guard
interface GigabitEthernet0/0
nameif Inside
security-level 100
ip address 10.1.184.1 255.255.248.0 standby 10.1.184.254
interface GigabitEthernet0/1
description LAN/STATE Failover Interface
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 192.168.30.1 255.255.255.0 standby 192.168.30.2
interface GigabitEthernet0/3
nameif Outside
security-level 0
ip address 192.168.10.2 255.255.255.0 standby 192.168.10.20
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone GMT 1
dns server-group DefaultDNS
domain-name default.domain.invalid
object network Proxy_Server
host 10.1.184.131
object network Mail_Server
host 10.1.184.122
object network Internet_Router
host 192.168.10.1
description Created during name migration
object network Mail_Server_2
host 10.1.184.116
description Created during name migration
object network Mail_Server_3
host 10.1.184.121
description Created during name migration
object network WebServer1
host 192.168.30.3
object network InternalNetwork
subnet 10.1.184.0 255.55.248.0
object network DMZ-IdentityPool
range 192.168.30.30 192.168.30.254
object network WebServer2
host 192.168.30.4
object network obj-remote
subnet 192.168.0.0 255.255.255.0
object network obj-DMZ
subnet 192.16.30.0 255.255.255.0
object network DatabaseServer
host 10.1.184.134
object network AppServer
host 10.1.184.126
object network MailServer
host 10.1.184.116
access-list Inside_access_in extended permit ip object Proxy_Server any
access-list Inside_access_in extended permit ip host 10.1.184.190 any
access-list Inside_access_in extended permit ip host 10.1.184.83 any
access-list Inside_access_in extended permit icmp host 10.1.184.190 any
access-list Inside_access_in extended permit ip host 10.1.184.67 any inactive
access-list Inside_access_in extended permit ip host 10.1.184.83 object Internet_Router
access-list Inside_access_in extended permit ip host 10.1.184.190 object Internet_Router
access-list Inside_access_in extended permit udp any any
access-list Inside_access_in extended permit icmp any any
access-list Inside_access_in extended permit ip object Mail_Server any
access-list Inside_access_in extended permit tcp object Mail_Server any eq smtp
access-list Inside_access_in extended permit ip object Mail_Server_2 any
access-list Inside_access_in extended permit tcp object Mail_Server_2 any eq smtp
access-list Inside_access_in extended deny tcp any any eq smtp
access-list Inside_access_in extended permit icmp host 10.1.184.43 any
access-list Inside_access_in extended permit ip object Mail_Server_3 any
access-list Inside_access_in extended permit tcp object Mail_Server_3 any eq smtp
access-list Inside_access_in extended permit ip host 10.1.184.190 host 192.168.30.3
access-list Inside_access_in extended permit tcp object InternalNetwork host 192.168.30.3 eq www
access-list Inside_access_in extended permit ip host 10.1.184.137 host 10.1.184.133
access-list Inside_access_in extended permit ip host 10.1.184.62 host 10.1.184.133
access-list Inside_access_in extended permit ip host 10.1.184.117 any
access-list Inside_access_in extended permit ip host 10.1.184.117 object Internet_Router
access-list Inside_access_in extended permit ip host 10.1.184.129 any
access-list Inside_access_in extended permit ip host 10.1.184.129 object Internet_Router
access-list Inside_access_in extended permit ip host 10.1.184.150 host 10.1.184.133
access-list Inside_access_in extended permit ip host 10.1.184.150 any
access-list Inside_access_in extended permit ip host 10.1.184.190 host 192.168.30.4
access-list Inside_access_in extended permit tcp object InternalNetwork host 192.168.30.4 eq www
access-list Inside_access_in extended permit tcp host 10.1.184.134 host 192.168.30.4 eq sqlnet
access-list Outside_access_in extended permit udp any eq domain object Proxy_Server
access-list Outside_access_in extended permit icmp object Internet_Router any
access-list Outside_access_in extended permit icmp any host 10.1.184.190
access-list Outside_access_in extended permit icmp any host 10.1.184.83 inactive
access-list Outside_access_in extended permit tcp any object Proxy_Server eq https
access-list Outside_access_in extended permit tcp any object Proxy_Server eq www
access-list Outside_access_in extended permit tcp any object Mail_Server eq smtp inactive
access-list Outside_access_in extended permit tcp any object Mail_Server_2 eq pop3
access-list Outside_access_in extended permit udp any eq domain object Mail_Server_2
access-list Outside_access_in extended permit tcp any object Mail_Server eq imap4 inactive
access-list Outside_access_in extended permit icmp any object Mail_Server inactive
access-list Outside_access_in extended permit tcp any object Mail_Server_2 eq smtp
access-list Outside_access_in extended permit tcp any object Mail_Server_2 eq imap4
access-list Outside_access_in extended permit icmp any object Mail_Server_2
access-list Outside_access_in extended permit icmp any host 10.1.184.43
access-list Outside_access_in extended permit tcp any host 192.168.30.3 eq www
access-list Outside_access_in extended permit tcp any host 192.168.30.3 eq https
access-list Outside_access_in extended permit icmp any host 192.168.30.3
access-list Outside_access_in extended permit icmp any any echo-reply
access-list Outside_access_in extended permit icmp any host 192.168.30.3 echo
access-list Outside_access_in extended permit tcp any host 192.168.30.4 eq www
access-list Outside_access_in extended permit tcp any host 192.168.30.4 eq https
access-list Outside_access_in extended permit icmp any host 192.168.30.4 echo
access-list Outside_access_in extended permit icmp any host 192.168.30.4
access-list branchgroup-SplitACL standard permit 10.0.0.0 255.0.0.0
access-list branchgroup-SplitACL standard permit 192.168.30.0 255.255.255.0
access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.116 eq smtp
access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
access-list DMZ_access_in extended permit ip host 192.168.30.4 host 192.168.30.134
access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.134 eq sqlnet
pager lines 24
logging enable
logging timestamp
logging standby
logging emblem
logging list InformationalLog level informational
logging list InformationalLog message 101001
logging buffer-size 16384
logging console notifications
logging monitor errors
logging buffered critical
logging trap errors
logging asdm critical
logging mail informational
logging host Inside 10.1.184.132
logging host Inside 10.1.184.190 6/1470
logging debug-trace
logging ftp-server 10.1.184.190 \\marinasec\akanoa akanoa *****
logging permit-hostdown
logging class auth buffered emergencies trap emergencies
logging class bridge buffered emergencies trap emergencies
logging class config buffered alerts trap emergencies
logging class ip buffered emergencies trap alerts
logging class sys trap alerts
logging class ca trap emergencies
logging class email buffered emergencies trap errors
mtu Inside 1500
mtu DMZ 1500
mtu Outside 1500
mtu management 1500
ip local pool remoteusers 192.168.0.1-192.168.0.254
failover
failover lan unit secondary
failover lan interface stateful_failover GigabitEthernet0/1
failover replication http
failover link stateful_failover GigabitEthernet0/1
failover interface ip stateful_failover 192.168.20.1 255.255.255.252 standby 192.168.20.2
no monitor-interface management
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (DMZ,Outside) source static obj-DMZ obj-DMZ destination static obj-remote obj-remote
nat (Inside,Outside) source static InternalNetwork InternalNetwork destination static obj-remote obj-remote
object network Mail_Server
nat (Inside,Outside) static Mail_Server no-proxy-arp route-lookup
object network WebServer1
nat (DMZ,Outside) static 192.168.30.3 dns
object network WebServer2
nat (DMZ,Outside) static 192.168.30.4 dns
object network DatabaseServer
nat (Inside,DMZ) static 192.168.30.134
object network AppServer
nat (Inside,DMZ) static 192.168.30.126
object network MailServer
nat (Inside,DMZ) static 192.168.30.116
access-group Inside_access_in in interface Inside
access-group DMZ_access_in in interface DMZ
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 Internet_Router 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server vpn protocol radius
aaa-server vpn (Inside) host 10.1.184.119
key *****
aaa-server vpn (Inside) host 10.1.184.120
key *****
user-identity default-domain LOCAL
http server enable
http 10.1.184.190 255.255.255.255 Inside
http 10.1.184.2 255.255.255.255 Inside
http 10.1.184.83 255.255.255.255 Inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set rmtset esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set ikev1 transform-set rmtset
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface Outside
crypto ikev1 enable Outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
telnet 10.1.184.83 255.255.255.255 Inside
telnet 10.1.184.190 255.255.255.255 Inside
telnet 10.1.184.167 255.255.255.255 Inside
telnet timeout 5
ssh 10.1.184.83 255.255.255.255 Inside
ssh 10.1.184.190 255.255.255.255 Inside
ssh 10.1.184.43 255.255.255.255 Inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy branchgroup internal
group-policy branchgroup attributes
dns-server value 10.1.184.120
split-tunnel-policy tunnelspecified
split-tunnel-network-list value branchgroup-SplitACL
default-domain value marinasecuritieslimited.com
username sannib password 3gB/xWLMBVp/AjjW encrypted
username adebimpel password O./lZ/3rlYD/87u2 encrypted
username ojoawob password w1h9Aq2Welzv1fuW encrypted
username agbajer password NuDaZPLHC0BcF7iI encrypted
username oyenihib password eoxptVEUfczen6VR encrypted
username odewolef password yB12L9t1gcr.Wgx/ encrypted
username mainuser password 8KBTvbq5FOuoFce2 encrypted privilege 15
username maakano password c1Cb3uSluyfsyWUb encrypted
tunnel-group branchgroup type remote-access
tunnel-group branchgroup general-attributes
address-pool remoteusers
default-group-policy branchgroup
tunnel-group branchgroup ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:bbe838eb9af33fc84083989823bc0c22
: end
[OK]
ciscoasa#

Hi,
Seems to me that you have configured Static NAT from "inside" to "dmz" so that the "inside" servers are visible to the "dmz" with the IP address belonging to the "dmz"
Is this something that you absolutely need? Is there something preventing you from using the IP address ranges on both "inside" and "dmz" and not doing NAT for them at all between those interfaces?
IF you want to keep the current setup intact regarding NAT, change the DMZ ACL to use the actual 10.1.184.x IP addresses as the destination IP address in the ACL.
In other words, always use the Real IP address of the host in the ACL configuration, NOT the NAT IP address. After doing that change I suppose it should also work for "dmz" to "inside". (NAT IP was used in the ACL in the ASA versions 8.2 and below, the Real IP address is used in software 8.3 and above)
Change
access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.116 eq smtp
access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
access-list DMZ_access_in extended permit ip host 192.168.30.4 host 192.168.30.134
access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.134 eq sqlnet
To
access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 10.1.184.116 eq smtp
access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
access-list DMZ_access_in extended permit ip host 192.168.30.4 host 10.1.184.134
access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 10.1.184.134 eq sqlnet
You can also use the "object" names in the ACL.
Which would be
access-list DMZ_access_in extended permit tcp host 192.168.30.4 object MailServer eq smtp
access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
access-list DMZ_access_in extended permit ip host 192.168.30.4 object DatabaseServer
access-list DMZ_access_in extended permit tcp host 192.168.30.4 object DatabaseServer eq sqlnet
Hope the above helps Please ask more if needed.
- Jouni

Open and close communication channel in one link

Hello,
I implement with successful the scenario that described in this blog:
Control Communication Channels Externally without using RWB
Right now I use with this link to start the CC
http://aaaa:50000/AdapterFramework/ChannelAdminServlet?party=*&service=Open_Friday_Service_Sender&channel=Open_Friday_Sender&action=start
And with this link to stop the CC
http://aaaa:50000/AdapterFramework/ChannelAdminServlet?party=*&service=Open_Friday_Service_Sender&channel=Open_Friday_Sender&action=stop
I looking for the way to start and stop the communication channel in one link.
Elad

hi elan
i think you need to write an abap program and schedule it..
abap program will call this HTTP link as The URL has no dependency on where it is called.
regards
kummari

Communication between multiple JVMs

We have a Java toolkit that is shipped as a JAR file. The toolkit is ported from a C++ DLL running on Windows. Therefore, in both instances (Java and C++), we can't control who loads us or when.
I need to communicate between different JVMs running on the same machine. The communication is very simple: "Is this user logged on in your JVM?" I send a string to the other JVM and I get back a boolean. I don't need to worry about crossing machine boundaries. Also, I'm not expecting to have a huge number of JVMs running. Maybe 3 or 4 could be likely. However, the solution does need to scale in case there are more than that. I'm not setting a limit on the number of JVMs either.
The C++ code handled this situation very easily and elegantly. It created a named system semaphore (mutex) whenever a user logged on. The name of the mutex was the username. So, if there were multiple instances of the DLL running in separate processes (EXEs), we could easily tell if this user was logged on in another instance. We'd try to create the system semaphore - it would fail saying the name already exists. Therefore, we'd know the user was already logged on. The named system semaphore provided the means for a machine-global list - which is exactly what we wanted. It also had this extra benefit: if the process terminates normally or abnormally, the system semaphore is removed from memory. This means: the application is terminated, the user is no longer logged on, and we can relog this user on.
Therefore, I have 2 requirements:
1) A machine-global list where we can place a string. Keep in mind, it doesn't absolutely have to be a machine-global list. A suitable means to talk to other JVMs is acceptable too.
2) If the process exits normally or abnormally, the string(s) get removed (for this JVM) from the list. Abnormal termination is the more important one to focus on because lots of people of varying skill levels use our toolkit. Abnormal terminations can be common.
The first thought is to store these in a file. That solves #1, but not #2. I've seen the JIPC package. However, I'm not too crazy about requiring 3rd party developers to start up another program (JIPC) before they start up their application. As I said, we're just a toolkit so we can't control when or who loads us. It's not totally out of the question, but I'd prefer something else.
I have a fairly involved solution that involves sockets. The first JVM creates a ServerSocket on a specific port and becomes the server. Subsequent JVMs also try to create the ServerSocket on the same port. They get a BindException because the ServerSocket already exists, so they know they're clients. Then, they create a client socket and talk to the server that way. This gets a little hairy when the server goes away. The clients will scramble to become the server and then all the other clients need to reconnect to the new server.
This proposed solution sounds like it will address both requirements. However, I'm looking for something simpler. I'm asking this forum for help in case there's an easier way to do this. I don't have the breadth of experience with Java yet to know if there's a simpler way to fix this. If I have to go with the socket solution, I will. I just didn't want to overlook something simple that is already built into Java.
Thanks for any tips or suggestions

Thanks for the response.
FileLock. We still have to target JDK 1.3 so we can't use FileLocks (at this point)
JNI: That's an interesting idea. I suspect many people are using our software on Windows. Therefore, we could probably fix it in Windows the same as in the C++ code. If they're not on Windows, we could use the Sockets approach.
I also had another idea: how about hashing the username string into some integer (or long) value. Then use the hashed value to lock some other resource: like the port number passed to ServerSocket. I know ServerSocket only accepts 0 - 0xFFFF so this obviously won't work. But is there some other system-wide thing we could lock given an integral value?

TES to CPO communication

Similar Messages

Maybe you are looking for