VPN Gateway with traffic filtering

Similar Messages

• Azure multiple site-to-site VPNs (dynamic gateway) with Cisco ASA devices

  Hello
  I've been experimenting with moving certain on-premise servers to Azure however they would need a site-to-site VPN link to our many branch sites e.g. monitoring of nodes.
  The documentation says I need to configure a dynamic gateway to have multiple site-to-site VPNs. This is not a problem for our typical Cisco ISR's. However three of our key sites use Cisco ASA devices which are listed as 'Not Compatible' with dynamic routing.
  So I am stuck...
  What options are available to me? Is there any sort of tweak-configuration to make a Cisco ASA work with Azure and dynamic routing?
  I was hoping Azure's VPN solution would be very flexible.
  Thanks

  Hello RTF_Admin,
  1. Which is the Series of CISCO ASA device you are using?
  Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
  Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
  However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as demonstrated in this blog:
  Step-By-Step: Create a Site-to-Site VPN between your network and Azure
  http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
  You can refer to this article for Cisco ASA templates for Static routing:
  http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
  If your requirement is only for Multi-Site VPN then there is no option but to upgrade the device as Multisite VPN requires dyanmic routing and unfortunately there is no tweak or workaround due to hardware compatibility issue.
  I hope that this information is helpful
  Thanks,
  Syed Irfan Hussain

• Cisco 827 with Intel VPN Gateway

  Have a simple question, but I can get to the solution, so I'm posting it here.
  I have one Cisco 827 router and an old Intel 3110 VPN Gateway (and firewall) behind the cisco router. The scenario is this:
  internet <--> Cisco 827 <--> Intel 3310 <--> LAN
  Cisco 827 ethernet ip: 10.0.0.1
  Intel 3110 ethernet 1 (insecure network): 10.0.0.2
  Intel 3110 ethernet 0 (secure network): 192.168.0.250
  lan: 192.168.0.250

  Hi jacampanini,
  Maybe u try and post your question too... ;-)
  Regards,
  Sebastian

• 802.1x deployment with MAC filtering

  Hi All
  I read "Enhance your 802.1x deployment security with MAC filtering" on NAP blogs with link as below.
  http://blogs.technet.com/nap/archive/2006/09/08/454705.aspx
  I am wondering this tip might not be correct somehow and would like to know how to imployment it correctly.
  First of all, there is only a "Verify Caller ID" field in "dial-in" tab of user properties, not "Calling Station ID". I tried to add MAC address in this field and the authenticaiton works.
  As the description of the tip, we can add multiple MAC addresses in that field but it doesn't work. I tried to use
  "AA-BB-CC-DD-EE-FF | BB-AA-FF-EE-DD-CC" format as multiple MAC address and IAS always responce error with wrong calling staiton ID. Does anyone know how to correctly add multiple MAC addresses in "Verify Caller ID"?
  Thanks

  Hi Sam
  Thank you for your reply.
  I would like to explain why I want to use multiple MAC addresses authenticaiton for an account on a singel AD.
  Genereally, 802.1X can be imploymeted for wired and wireless authenticaiton on many network devices in a company or entriprise. An employee in a company or entriprise is supposed to have only one account but might have multiple devices such as a PC, laptop, or PDA. For the convenience of authenticaiton imployment, I think I should only create an account for that person and make a MAC filtering for any devices he is autrorized to use.
  I had tried the first example you mention but it didn't work. The switch and wireless gateway I used for test only sent one MAC address (calling station  ID) to AD and AD only recognized the first MAC address of all MAC addresses I key in. Of course, your example can be succesful if the device sends multiple MAC addresses simultaneously because AD thinks the those "MAC addresses" is just one string or one calling staiton ID. But that's is not what I want.
  Anyway, I will try the second way you suggest.
  Thanks a lot.

• Botnet Traffic Filtering option in CSM 4.0 evaluation

  I have CSM evaluation 4.0. (about 50 days left) and deployed Botnet Traffic Filtering rules with traffic classification rule according to http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/configuration/example/sm400bot.html#wp51455.
  I don't see any botnet activity logs neither via ASDM nor via CSM.
  Does this logs include all activities according to access rules for Botnet Traffic Filtering or only detected botnet traffic?
  How can I be sure that Botnet Filtering checks all the packets to my test zone?
  Does this evaluation version support monitoring activities logs and access to blacklist server?
  Thanks in advance.

  Hi,
  mm, I could not find the proper documentation (i see it for LMS...) anyway, you can try the following:
  1- stop the server
  net stop crmdmgtd
  2- Erase the DBs
  set NMSROOT=c:\progra~2\cscopx
  %NMSROOT%\bin\perl %NMSROOT%\bin\dbRestoreOrig.pl dsn=cmf dmprefix=Cmf npwd=admin
  %NMSROOT%\bin\perl %NMSROOT%\bin\dbRestoreOrig.pl dsn=vms dmprefix=vms npwd=admin
  If using Performance Monitoring (MCP):
  %NMSROOT%\bin\perl %NMSROOT%\bin\dbRestoreOrig.pl dsn=mcp dmprefix=mcp npwd=admin
  NOTE:
  NMROOT is the root where CSM is installed. I am assuming you are using default settings for Win2008 but you need to change if you installed somewhere else
  3- restart the server.
  net start crmdmgtd
  Please note that all you data will be lost. Also, make sure to have the license handy as it might be required to install the license again.
  Also I would suggest you do a backup of your DB before you perform these steps
  Stefano

• How can I enable VPN passtrough with 881-K9 Security Router?

  Hi Space!
  I need help,  because I really cannot find the error in my configuration.
  What I want to do is, to enable simple VPN passtrough with a 881 K9 Security Router.
  So all VPN traffice travells directly from the internet trough the router (I don't need any inspection or else of this traffic) to a Windows Server behind (and back to the client of course).
  [ Internet -> Cisco 889 router -> Windows Server ]
  Enclosed you will find my configuration.
  The VPN connection cannot be established and the clients are getting connection error 800 most of the time.
  Thanks for any hint!
  Kind regards,
  Chris

  ActiveX is proprietary to IE and Firefox has never supported ActiveX.

• MGCP Gateway With ISDN BRI interface

  Hi Guys,
  I have a voice gateway with a BRI card on slot 0/3/0 (port 0/1) and I wanted to terminate both WAN and PSNT connection to the same gateway with MGCP protocol, and as I'm new to voice over IP world can anyone suggest/recommand me a proper guide which includes the stepts and proper explanations to acheive this task.
  Thank you
  Regards,
  Suthakar

  Hi Aman,
  As discussed please find the attached output as follows,
  #sh isdn status
  Global ISDN Switchtype = basic-net3
  %Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 0. Layer 3 output may not apply
  ISDN BRI0/0/0 interface
  dsl 0, interface ISDN Switchtype = basic-net3
  L2 Protocol = Q.921 0x0000  L3 Protocol(s) = CCM MANAGER 0x0003
      Layer 1 Status:
  DEACTIVATED
      Layer 2 Status:
  Layer 2 NOT Activated
      Layer 3 Status:
  0 Active Layer 3 Call(s)
      Active dsl 0 CCBs = 0
      The Free Channel Mask:  0x80000003
  %Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 1. Layer 3 output may not apply
  ISDN BRI0/0/1 interface
  dsl 1, interface ISDN Switchtype = basic-net3
  L2 Protocol = Q.921 0x0000  L3 Protocol(s) = CCM MANAGER 0x0003
      Layer 1 Status:
  DEACTIVATED
      Layer 2 Status:
  Layer 2 NOT Activated
      Layer 3 Status:
  0 Active Layer 3 Call(s)
      Active dsl 1 CCBs = 0
      The Free Channel Mask:  0x80000003
  ISDN BRI0/3/0 interface
  dsl 12, interface ISDN Switchtype = basic-net3
      Layer 1 Status:
  ACTIVE
      Layer 2 Status:
  Layer 2 NOT Activated
      Layer 3 Status:
  0 Active Layer 3 Call(s)
      Active dsl 12 CCBs = 0
      The Free Channel Mask:  0x80000003
  %Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 13. Layer 3 output may not apply
  ISDN BRI0/3/1 interface
  dsl 13, interface ISDN Switchtype = basic-net3
  L2 Protocol = Q.921 0x0000  L3 Protocol(s) = CCM MANAGER 0x0003
      Layer 1 Status:
  ACTIVE
      Layer 2 Status:
  Layer 2 NOT Activated
      Layer 3 Status:
  0 Active Layer 3 Call(s)
  --More--                               Active dsl 13 CCBs = 0
      The Free Channel Mask:  0x80000003
      Total Allocated ISDN CCBs = 0
  #sh ccm-manager
  MGCP Domain Name: xxxxx.com
  Priority        Status                   Host
  ============================================================
  Primary         Registered               x.x.x.x
  First Backup    None                    
  Second Backup   None                    
  Current active Call Manager:    x.x.x.x
  Backhaul/Redundant link port:   2428
  Failover Interval:              30 seconds
  Keepalive Interval:             15 seconds
  Last keepalive sent:            11:10:43 AEDST Nov 21 2013 (elapsed time: 00:00:11)
  Last MGCP traffic time:         11:10:43 AEDST Nov 21 2013 (elapsed time: 00:00:11)
  Last failover time:             None
  Last switchback time:           None
  Switchback mode:                Graceful
  MGCP Fallback mode:             Enabled/OFF
  Last MGCP Fallback start time:  05:28:32 AEDST Nov 18 2013
  Last MGCP Fallback end time:    11:57:01 AEDST Nov 20 2013
  MGCP Download Tones:            Disabled
  TFTP retry count to shut Ports: 2
  Backhaul Link info:
      Link Protocol:      TCP
      Remote Port Number: 2428
      Remote IP Address:  x.x.x.x
      Current Link State: OPEN
      Statistics:
          Packets recvd:   3
          Recv failures:   0
          Packets xmitted: 5
          Xmit failures:   0
      BRI Ports being backhauled:
          Slot 0, VIC 0, port 1
          Slot 0, VIC 0, port 0
          Slot 0, VIC 3, port 1
  Configuration Auto-Download Information
  =======================================
  Current version-id: 1384908973-2cefe363-d1ae-423b-a6ef-a85a0d4216af
  Last config-downloaded:00:00:00
  Current state: Waiting for commands
  Configuration Download statistics:
  Download Attempted             : 6
    Download Successful          : 3
    Download Failed              : 1
    TFTP Download Failed         : 8428
  Configuration Attempted        : 3
    Configuration Successful     : 3
    Configuration Failed(Parsing): 0
    Configuration Failed(config) : 0
  Last config download command: New Registration
  FAX mode: disable
  Configuration Error History:
  Regards,
  Suthakar

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• Mavericks VPN dropouts with native VPN client and Cisco IPSec

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

• Creating Report using EPM Functions with Dynamic Filters

  Hi All,
  I am new to BPC, In BPC 7.5 i seen like we can generate EPM report using EVDRE function very quickly and easy too. Is the same feature is existing in BPC 10.0 ? if no how can we create EPM reports using EPM Functions with Dynamic Filters on the Members of the dimension like in BPC 7.5.
  And i searched in SDN, there is no suitable blogs or documents which are related to generation of Reports using EPM Functions. All are described just in simple syntax way. It is not going to be understand for the beginners.
  Would you please specify in detail step by step.
  Thanks in Advance.
  Siva Nagaraju

  Siva,
  These functions are not used to create reports per se but rather assist in building reports. For ex, you want to make use of certain property to derive any of the dimension members in one of your axes, you will use EPMMemberProperty. Similary, if you want to override members in any axis, you will make use of EPMDimensionOverride.
  Also, EvDRE is not replacement of EPM functions. Rather, you simply create reports using report editor (drag and drop) and then make use of EPM functions to build your report. Forget EvDRE for now.
  You can protect your report to not allow users to have that Edit Report enabled for them.
  As Vadim rightly pointed out, start building some reports and then ask specific questions.
  Hope it clears your doubts.

• How to configure AMconfig.properties on gateway with 2 portal servers

  Hello,
  I run into an issue where I want to setup 1 portal gateway with 2 portal servers(+ access manager) all on separate machines. How can I define in AMconfig.properties that there are possible two portal servers.
  All is version 2005Q1
  Please see part of my actual AMconfig.properties :
  # grep portal AMConfig.properties
  com.iplanet.am.directory.host=portal1.domain.int
  com.iplanet.am.server.host=portal1.domainl.int
  com.iplanet.am.console.host=portal1.domain.int
  com.iplanet.am.profile.host=portal1.domain.int
  com.iplanet.am.naming.url=http://portal1.domain.int:80/amserver/namingservice
  com.iplanet.am.notification.url=http://portal1.domain.int:80/amserver/notificationservice
  com.iplanet.am.localserver.host=portal1.domain.int
  com.sun.identity.liberty.interaction.wspRedirectHandler=http://portal1.domain.int:80/amserver/WSPRedirectHandler
  Kind Regards
  Roland Vlerick

  See this thread.
  Error Installing Groupware Portlets for WLP 10.3.2
  Brad

• Thoth Gateway with APEX 4.2.2

  Hello,
  We have been using the Thoth Gateway with APEX for years and are very satisfied with it, since it allows us to benefit from our IIS servers infrastructure and their native Kerberos integration.
  Recently, we have encountered an issue specific to the 4.2.2 version of APEX: a PL/SQL exception, such as invalid number in a "on load - after footer" page process, does not get notified and the screen rendering seems normal (though there are missing closing tags in the HTML).
  Replacing the Thoth gateway with Oracle Fusion Middleware web tier (going to the same database) delivers a normal behaviour, with the regular PL/SQL error showing on screen (and no missing HTML closing tags).
  Same thing when exporting the application and importing it on apex.oracle.com.
  We reduced the application to a single page and a single page process generating the exception, same thing.
  Has anybody had the same experience ?
  Alain

  Hi Alain,
  this is Morten, developer of the Thoth Gateway. I have not yet tried the gateway with Apex 4.2.2 myself, but I'd like to investigate this issue.
  First, I suggest you turn on DEBUG-level logging in the gateway, and see if there is anything interesting to be found in the logs.
  Second, sounds like you have been able to reproduce the problem with a simple application. If you upload the application to the project site, here:
  https://code.google.com/p/thoth-gateway/issues/list
  Then I will take a look.
  - Morten
  http://ora-00001.blogspot.com

• XML gateway with multiple XML structures??

  Hi,
  I have a requirement to import data using XML gateway with different XML structures. Third party system sometimes will not provide certain tags itself if there is no data for the tag like contacts in below sample xmls. In that case we need to ignore those tags (CONTACTS in below sample). As per my understanding, we must have tag in XML though it may not have any value.
  We have 2 XMLs
  XML1 for supplier with contacts
  <SUPPLIER>
  <NAMES>
  <NAME1>XYZ </NAME1>
  <NAME2>ABC</NAME2>
  </NAMES>
  <SITE>
  <SITE1>XYZ </SITE1>
  <SITE2>ABC</SITE2>
  </SITE>
  <CONTACT>
  <CONTACT1>XYZ </CONTACT1>
  <CONTACT2>ABC</CONTACT2>
  </CONTACT>
  </SUPPLIER>
  XML2 for supplier without contacts
  XML1
  <SUPPLIER>
  <NAMES>
  <NAME1>XYZ1 </NAME1>
  <NAME2>ABC1</NAME2>
  </NAMES>
  <SITE>
  <SITE1>XYZ1 </SITE1>
  <SITE2>ABC1</SITE2>
  </SITE>
  </SUPPLIER>
  Can we upload data in both these xmls using only one generic dtd and xgm using XML gateway which will skip any missing tag.
  Thanks
  Rishi

  Hi, you can FOR XML PATH for a finer degree of control over your XML.  Use the @ symbol to create attributes.  Here's a simple example:
  DECLARE @t TABLE ( rowId INT IDENTITY PRIMARY KEY, [address] VARCHAR(50), city VARCHAR(30), floor INT, suite INT, doorType VARCHAR(20) )
  INSERT INTO @t VALUES
  ( '123 Fake St', 'Springfield', 10, 512, 'Metal' )
  SELECT
  [address] AS "Address",
  city AS City,
  [floor] AS "Location/@Floor",
  suite AS "Location/@Suite",
  doorType AS "Location/@DoorType"
  FROM @t
  FOR XML PATH ('Company'), ROOT ('Companies'), ELEMENTS;

• Problems with drill filters

  Post Author: srinath
  CA Forum: Publishing
  In BO XI, I am facing problems with drill filters. I have a report with eight tabs and each tab has data corresponding to a particular value in the drill filter. A particular value is selected from the drill filter and the corresponding data is displayed in each tab. I need to select a value from the drill filter and display the corresponding data in the tab; while doing so when i save the report and open it again, the data corresponding to the particular filter value is not present instead it displays all the data. The only other way i could solve this problem was by creating a report level filter in each tab but this doesnt seem to work in other reports. What is the proper way of using the drill filter in this case?

  How did you configure the filter?

• Filter Lens Correction is missing from the menu, along with adjacent filters.

  Filter > Lens Correction is missing from the menu, along with adjacent filters.
  I updated 1 day ago via Adobe Connect and it is now missing from the menu drop down. As well as the other filters in that general area.

  hi ffadler
  i experience the same on my laptop,
  do you have an solution already?
  regrds
  piet