Using the CSM to setup a HTTPS session on non-standard ports?

Similar Messages

• What are the steps to setup an HTTP Session replication clustering in oc4j9

  what are the steps to setup an HTTP Session replication clustering in oc4j9.0.5

  Are you sure you have the correct version number for OC4J? Is this a standalone OC4J instance, if it then the steps involved are different from the full stack. Please check the Higher Availibility guide in the documentation on OTN.
  Deepak

• Http application on non standard port

  Hello all,
  I am deploying an intranet web application. Its a war file. Can I use port 89 to enable the application for users? Is that port allowed? The application communicates via http on this nonstandard port
  Thats a standard port used by "SU/MIT Telnet Gateway".
  If at all we have to deploy applications on different ports what port should be used? I am not using websphere, I am using sun web server but I hope someone can answer this ...
  My question again, if multiple web applications have to be used on different ports, what unix/window ports should be used? Are there any standard port numbers (such as any number after 1023 etc ..) that we can use?
  Thanks in advance

  it's a better idea to go beyond 1023. those are usually reserved.
  pick one. tomcat uses 8080; weblogic uses 7001. we deploy different instances on weblogic and use other ports (e.g., 7003.) it's a deployment issue.
  talk to your web server admin - they should know how to do it.
  if you're the admin - go read some books.
  %

• HTTP Optimization on Non-Standard Port

  I was wondering if anyone else has noticed something similar to what I am seeing.
  We have a WAAS setup running 4.1.5a. It has been working very smoothly but I've noticed something odd
  regarding HTTP optimization. All users trying to access the Internet must use a proxy-server on HTTP port 9090.
  The WAAS does a good initial job of optimization on small amounts of traffic (under 2MB's, not exact just an observation)
  the optimization can be upwards of 80-90%. However, if a large file transfer is done the amount of optimization drops to almost
  nothing and at times it is slightly negative.
  However, there are internal servers users access on HTTP port 80 and the optimization on all the traffic averages around 70-90%.
  Would anyone have an idea as to why this might be?
  Thanks....

  Hi James,
  I would expect overall lower compression ratios for content coming from the Internet, since the content types are more likely to vary (YouTube, etc.) versus intenally hosted content.
  Can you post a copy of the 'sh stat app Web' so I can look at the statistics?
  Thanks,
  Zach

• Running the BO servers on non standard ports XIR2

  Hi all,
  I need to know how to get the bo servers to register with the cms when it is running on a non-standard port. The port I'm using is 6409, so I have tried adding -port 6409 to the command line string, but that didn't work.
  I'm running two instanceson BO on the box hence the need for non standard ports.
  Any thoughts?
  TIA,
  Jeff

  -port switch is the correct way to accomplish this.
  So your CMS will have -port 6409, the rest of servers will have -ns cmsname:6409 in their comand line.
  You might want to look at adding -requestport switches as well....
  Please review Admin guide for more details on usage of those switches.

• How to use the DISPLAY RECORD Setup Command in an etext file?

  Hi All,
  How to use the DISPLAY RECORD Setup Command in an etext file?
  I want to display a <NEW RECORD> conditionally. The condition will be based on the data coming through from the xml file.
  Please help me with an example. The BI User guide also doesnt show any examples.
  Your help is appreciated.
  Rgds,
  Kiran Panditi

  Hi,
  You can use vb coding in BEx Analyser to calculate your unit price. For this you have to first display the attributes of your object "XYZ". Then you can use VB cosing to calculate the value for the unit price field.
  One more thing cna you clarify whether is it display attribute or variable ?
  Regards,
  Balajee

• CSS 11501 ftp server setup problem using non-standard port

  Dear Expert,
  we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client...is there any professional advise can help on this case...? here is our setup info FYI
  #  sh ver
  Version:               sg0820501 (08.20.5.01)
  Flash (Locked):        08.10.1.06
  Flash (Operational):   08.20.5.01
  Type:                  PRIMARY
  Licensed Cmd Set(s):   Standard Feature Set
                         Secure Management
  CVDM Version:          cvdm-css-1.0_K9
  !*************** Global
  ftp data-channel-timeout 10
    ftp non-standard-ports
  !************************** SERVICE **************************
  service ftp_ftpgtw
    keepalive maxfailure 2
    keepalive frequency 15
    keepalive retryperiod 2
    keepalive type tcp
    ip address 192.168.52.170
    protocol tcp
    keepalive port 6370
    port 6370
    active
  # sh run group drfusegtwftp_grp 
  !*************************** GROUP ***************************
  group gtwftp_grp
    vip address 192.168.52.28
    add service ftp_ftpgtw
    active
    content ftp_gtwpkg-ftpgtw
      add service ftp_ftpgtw
      vip address 192.168.52.28
      port 21
      protocol tcp
      application ftp-control
      active

  Thanks for your confirmation on no prob found in config level 1st..:P..as to save us a lot of time in isolating problem at this level.
  What we can notice is seems the data port connection is fail to open  for server back to client....for our general sense..... the flow expected should be:
  TCP session A -- Client:1234 --> VIP:21 --> member svr:6370
  TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 6379 [on demand generated between server/client]
  but we can only see session B fail  to setup when client side access VIP site on CSS..even we try to put the most standard case as below
  TCP session A -- Client:1234 --> VIP:21 --> member svr:21
  TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 20
  we still unable to make the Active mode FTP access work either...hence we got no idea on how CSS handle FTP access when it involve services over multiple tcp ports..
  and from CSS xlate view...the problem is we can only see what NAT IP that used in CSS connect to client...but no way to confirm for which port for VIP using outgoing to client. neither it is dropped by CSS..nor it is never setup from VIP to Client side.

• Cannot setup work email using SSL on non standard port

  All,
    I've been trying now for a few hours to setup a corporate email account.  I've tried via the curve and via the bb internet service but in both cases since the service cannot detect the settings since a non standard port is in use I cannot use the the service and am considering returning the device to go with another easier to use device.  I love the hardware design but if I cannot setup my corporate email this is no good to me.  I'd appreciate any tips anyone has.
  Thanks,
    Frustrated.

  Your corprorate email account is an exchange server or what?
  You are on a personal BIS plan?
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• How to use non-standard port for vnc?

  Our Windows users who use RDC to connect to their desktops from off-site come in on a non-standard port number. Part of our security setup.
  I'd like to do the same with Mac users who use screen sharing and vnc to connect remotely.
  How can I specify another port number at both ends to accomplish this?
  I can find nothing in the Network Utility app, or in the KB.
  Surely there's a short sequence of Terminal commands that will do this?

  I haven't tried this so don't know whether it will work. But I think it will. Presuming the target machine is a Mac, see if editing its /etc/services file will do it. Find the two lines that start with "vnc-server" and change the port number there. Launch Terminal.app as an administratively privileged user, sudo pico /etc/services, ^w to search for vnc-server, make the changes, ^x to exit, y to save and overwrite. Also, you will need to have screen sharing enabled in the target machine's System Preferences' Sharing, and the authorized users defined there, too. Reboot. Now, on the remote client, assuming it is also a Mac, the user would type ⌘k in the Finder (or mouse to Finder > Go > Connect to Server), and enter something like vnc://123.45.67.89:55900 where you substitute the actual IP address or host name for where I have entered 123.45.67.89, and where you substitute the actual alternate port number where I have entered 55900. Of course, in the clients' Screen Sharing's Preferences, they should choose to encrypt the entire session, not just the login. Like I said, I haven't tried this because I just tunnel my vnc stuff through ssh, but I'm thinking that this should work.

• Http probe on non-standard tcp port 8021

  I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
  CSM v2.3(3)2
  probe 8021 http
  request method head
  interval 2
  retries 2
  failed 4
  port 8021
  serverfarm TEST
  nat server
  no nat client
  real 10.1.2.101
  inservice
  real 10.1.2.102
  inservice
  probe 8021
  vserver TEST
  virtual 10.1.2.100 tcp 8021
  serverfarm TEST
  replicate csrp connection
  persistent rebalance
  inservice
  VIP and real status:
  vserver type prot virtual vlan state conns
  Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
  real server farm weight state conns/hits
  10.1.2.101 TEST 8 PROBE_FAILED 0
  10.1.2.102 TEST 8 PROBE_FAILED 0

  you need to specify what HTTP response code you expect.
  The command is :
  gdufour-cat6k-2(config-slb-probe-http)#expect status ?
  <0-999> expected status - minimum value in a range
  The default is to expect only 200.
  This is why your 403 is not accepted.
  Gilles.

• Isakmp peers using non-standard port 4500

  Hello,
  I have a remote site using the Internet to access corporate networks over IPSEC. Set-up is as below:
  Remote Router uses public IP across internet --> hits corporate untrusted nework FW --> NAT'ed to private 10.x.x.x IP --> reaches trusted network router.
  The problem is that the peer keeps hanging and the only way to reset it is to issue 'clear crypto session' on the central trusted router. I have added isakmp keepalives with the aim of forcing some keepalive traffic:
  crypto isakmp keepalive 90 30 periodic
  ...and this works to some degree (with DPD are u there keepalives). However I have noticed that the far end router uses non-standard ports when trying to set up phase-1 tunnel:
  BEVRLY_D_CR184_01#sh crypto isa pee
  Peer: 161.x.x.x Port: 4500 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10456 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10554 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10557 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10580 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10589 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10596 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10600 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  These ports (non-4500) will be blocked by our firewalls. Why does it use these, and is there a way of stopping the router using anything other than port 4500?
  Thanks
  Phil

  Hello,
  Yes - there's NAT at the trusted central router end our side of the firewall... the config used is below:
  Remote Router end:
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 180
  crypto isakmp key address
  crypto isakmp invalid-spi-recovery
  crypto isakmp keepalive 90 30 periodic
  crypto ipsec security-association idle-time 300
  crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
  crypto ipsec profile VTI
  set security-association lifetime seconds 1800
  set transform-set BEVERLEY_Transform
  interface Tunnel1
  description BEVRLY_CC296_01 F0/8 (10.30.45.29)
  ip address x.x.x.x 255.255.255.252
  ip helper-address 10.91.6.30
  ip helper-address 10.4.162.92
  ip mtu 1400
  ip ospf message-digest-key 1 md5
  load-interval 30
  tunnel source Dialer1
  tunnel destination
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile VTI
  Central Router:
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 180
  crypto isakmp key address
  crypto isakmp invalid-spi-recovery
  crypto isakmp keepalive 90 30 periodic
  crypto ipsec security-association idle-time 300
  crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
  crypto ipsec profile VTI
  set security-association lifetime seconds 1800
  set transform-set BEVERLEY_Transform
  interface Tunnel1
  description link to Beverley via internet (BEVERLY_CR184_01 Tun1)
  ip address x.x.x.x 255.255.255.252
  ip mtu 1400
  ip ospf message-digest-key 1 md5
  load-interval 30
  tunnel source FastEthernet0/1
  tunnel destination
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile VTI
  I believe the DPD keepalives ensure NAT is known and compatible (crypto isakmp keepalive 90 30 periodic) between the peers....
  Any help gladly appreciated....
  thanks
  Phil

• How can ftp service on non-standard port be load balanced using Cisco ACE.

  How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

  Hi Samarjit,
  you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
  Regards
  Abijith

• Version 8 blocks http on non standard ports i.e. 8080

  Version 7 handled http on both port 8080,8081 and 8082 but only text is passed after version 8 update. Is there a way to re-enable http on non standard ports? If you save the text file to the desktop and load it from there the html is processed correctly? Is there a directive besides "html" that could be place on the web pages to force html rendering on the odd ports. Version 8 works with port 4135 from Jefferson labs speed test.

  See:
  *http://www.mozilla.org/projects/netlib/PortBanning.html
  *http://kb.mozillazine.org/network.security.ports.banned.override

• CFHTTP GET using non-standard ports

  I have an application which goes out and checks links on
  various servers to verify that the link still exists, however I
  have a few links on servers that use non-standard ports (ie 8001,
  7072, 8080, etc). When I dump CFHTTP I get the following:
  struct
  Charset [empty string]
  ErrorDetail I/O Exception: Premature EOF encountered
  Filecontent Connection Failure
  Header [undefined struct element]
  Mimetype Unable to determine MIME type of file.
  Responseheader struct [empty]
  Statuscode Connection Failure. Status code unavailable.
  Text YES
  Any ideas?
  Thanks.
  Mike

  Yup, FaceTime was set up on all devices using my home network. It functions correctly pretty much everywhere except on my internal network at the office.
  I'm pretty sure this is a firewall issue, not a basic FaceTime problem.

• In FireFox 9, loading secure web pages running on non-standard ports works just fine. In FireFox 10, those same pages do not load and a "The connection was reset" message is displayed.

  How can this be fixed so functionality returns as per FF9 and below?
  This occurs on any secured website running on a non-standard port, with FF10.

  < X-Post from https://support.mozilla.org/en-US/questions/917315#answer-315144 >
  I don't think this is restricted to Firefox. I've noted this behaviour with IE9, Firefox 10.0.2, Opera Mobile (on my phone) and Chrome(latest version) with my Linksys E3000 router (I access it from https://<IP>) and my 3ware RAID card management suite, 3DM2 (I access it from https://localhost:888 ).
  Notably, the only thing amiss that I've been able to see in the certificates (I'm no expert) is that the one from Linksys has issue and expiry dates in 1969 and 1970 respectively. However, I don't think this is the cause since 3DM2 has proper looking issue dates and has the identical problem.
  Coincidentally, I noticed this happening after a fresh reinstall of Windows 7 x64 with virtually nothing installed on it (FF, Office 2007), so I don't think it's something wrong with the other software on the machine.