WAAS mobile with secure access https (not VPN)

Hi all !!! Hope everyone is well !!!
I have a WAAS environment in place we want to deploying WAAS mobile for teleworkers. My question is, can WAAS mobile works for users that use secure access with https (not vpn connexion)
Thanks in advance !!!

Hi Tarik,
First of all, let me insist on the fact the a WAAS mobile client will not interact with a WAAS appliance on the core side and that you'll need to have a WAAS mobile installed there is you want your teleworkers to get the benefit from WAAS.
That said, let me answer your question: WAAS mobile can indeed accelerate HTTPS traffic.
This is described on page 61 of the following document:
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas_mobile/v3.5/configuration/administration/g
uide/CiscoWAASMobileAdminGuide_3_5.pdf
Regards,
Nicolas

Similar Messages

  • SOAP Adapter with Security Levels - HTTP & HTTPS

    We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
    Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
    If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
    can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
    can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
    If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
    What is the difference between Security Levels  'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
    I appreciate your inputs on this.
    thx in adv
    praveen
    PS: We are currently on SAP PI 7.0 SP17

    Hi Praveen,
    There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
    HTTPS With Client authentication:
    The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
    and check this link.
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
    Regards,
    Prasanna

  • Configuring BO Mobile with external access

    Hi Experts,
    I am trying to configure Business Objects Mobile in my company server (windows 2008) with an external access to it. I have two servers - master and client (hyper V). I installed BOBJI 4.0 server and BOXI client on master server and planning to have mobile server on hyper V. I have gone through the SAP documents on installation and deployment but confused on installing and configuring mobile server and accessibility both internally (wireless router) and externally (outside company network)
    1) Is it a better practice to have mobile sever on hyper v?
    2) Should i create a proxy server for the process? If on which one should be - master or client?
    If anybody has done similar to this, can they share any documentation or best practices followed?
    Appreciate your earliest help.
    regards,
    Arun

    Hi Durga,
    in intranet we will have HTTP it is working fine.
    in Internet HTTPS. issue occurs.
    Previously we are using the mobile client version which less than 5.1 Release. we never had any issue with HTTP or HTTPS.
    Today we have upgraded mobile client to 5.1.32. And issue started occurring.
    we are not using any VPN to connect. our web url is enabled in internet to access the reports.
    Note:we have verified the web url in the internet by connecting it from other system which is out of our network. There launchpad/CMS are working fine without having any issue with HTTPS.
    Only issue in Mobile Device.
    Refer the below notes to have some more information.
    http://service.sap.com/sap/support/notes/1658001
    http://service.sap.com/sap/support/notes/1962026

  • WAAS mobile with Vista

    Hi All,
    when I turn on WAAS client on the windows Vista, the network connection is disconnected but it works with XP like a charm. any suggestion would be very appreciated.
    Alex

    Thanks for the reply,
    I've upgraded to newest version of WAAS mobile and upgrade client as well and problem has been resolved. But still I have another issue, when I run Cisco VPN client with WAAS mobile enable, then I try to access to the web page intranet. I can ping web server IP address, I can access to the web page, but when I enter username and password, it doesn't let me to login. when I turn off WAAS client, I am able to login to intranet web page.
    any suggetion?
    thanks
    Alex

  • XMLStreamReader exception when using webservice with security access denied

    Hi,
    I'm using CXF webservices generated from a WSDL with SOAP document style. Under normal conditions, the client and server work fine, and can I read info back from the the server (SOAP http messages passed between both)
    However, for some servers, I am using SUNs Policy Agent, which checks for an authentication token in the http header cookie before allowing access to the web service. I set up the cxf service port as follow:
    Service service = Service.create(serviceName);
    service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, address);
    servicePort = (IMyService)service.getPort(portName, IMyService.class);
    I also add the authentication token to the http header cookie in the service's request context.
    If the token is correct, everything works fine. However, if the token is incorrect, and access is denied, the policy agent does not return a SOAP http message. In this case, the web service method throws a low-level XMLStreamReader exception i.e. it can't read the SOAP message response - so I can't get the actual response from the policy agent.
    Would anyone have an idea on this? Should I configure the CXF port differently, or should I try to get the policy agent to return a SOAP message even if access is denied.
    There is already a browser that can access the policy agent - and this needs to be redirected if access is denied. So in effect, we need the redirect functionality for the browser, and the returned SOAP message for the application using the web service.
    Any help would be greatly appreciated!
    Rob

    Thanks for your answer.
    I eventually found a workaround for this problem.
    Actually you don't need to provide an SSO cookie the first time you connect to the webgate server, you just need to provide basic credentials and the webgate will provide you an SSO cookie that you can use for the next call.
    The problem is that this doesn't work out of the box with the .NET/WSDL framework for some reason (with Java + the HTTPClient library I had no problem).
    I had to had manually the following headers to the HTTP request to make it work:
    Authentication: Basic XXXXXXXX
    Cookie: OBBasicAuth=fromDialog
    Where XXXXXXXX is a base64 encoded string containing "login:password"
    Thanks,
    Franck

  • Auto-Mapping with Full Access Mailboxes-not working in exchange 2010 clients outlook 2013

    hello, I have exchange server 2010, the clients are running outlook 2013, I set an mailbox for automapping (full access) but when i restart client it does not appear in the client. i also did the command in the exchange shell, no errors. how can i fix this.

    no sp info shows with the 
    Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersionName                
    Edition             : Enterprise
    AdminDisplayVersion : Version 14.0 (Build 639.21)
    chart says 
    Exchange Server 2010 November 9, 200914.00.0639.021
    is that the issue need sp 1? 

  • Role/Profile required with full access but not HR/payroll

    HI,
    We are running SAP ECC 6.0 and HR/payroll is also live. Few memebers in our functional team need full access. But as per our policies HR and Payroll access should be there only with HR team.
    My query is: Is there any role/profile that I can assign to functional team memebrs through whcih they will have access for all T codes/programs but NOT related to HR.

    Hi ,
    BASIS needs to restrict authorizations.
    Ojbect Id  : P.
    ...lakhan

  • ISE Wired 802.1x with Foundry access switch ,not show "Device Port"

    Our customer wanna enable wired 802.1x for user and machine authentication on Foundry Switch.
    They want to use ISE as radius server.We try it ,but the ISE report can't show which port the client is connectd on the switch.
    We get the tcp dump packets from ISE.It shows that the "nas-port-id" radius attribute is not sent out by  foundry switch,but it sends "nas-port".
    Is it possible to let foundry switch send "nas-port-id" attribute in the radius request packet ?
    Or is it possible to let ISE show "nas-port" attribute value on the authentication report ?
    Thanks.

    Our customer wanna enable wired 802.1x for user and machine authentication on Foundry Switch.
    They want to use ISE as radius server.We try it ,but the ISE report can't show which port the client is connectd on the switch.
    We get the tcp dump packets from ISE.It shows that the "nas-port-id" radius attribute is not sent out by  foundry switch,but it sends "nas-port".
    Is it possible to let foundry switch send "nas-port-id" attribute in the radius request packet ?
    Or is it possible to let ISE show "nas-port" attribute value on the authentication report ?
    Thanks.

  • Probelm with the access key not shown on menu item

    Hi
    I have created a Menu and used setMnemonic for the menu items.
    But, I dont see the letter underlined when I set the look and feel as the following code
    try {
        UIManager.setLookAndFeel   
        (UIManager.getSystemLookAndFeelClassName());
    } catch (Exception e) {
        e.printStackTrace();
    }I see it only when I click on it or I press Alt button on the keyboard.
    Is it because of the look and feel for windows XP or what may be the reason? Please help.
    Thanks

    Is it because of the look and feel for windows XP Yes. This is configurable in XP and the default is to not show it.
    Search the forum if you want to know how to change the default in XP.

  • Page from Sample - Mobile Starters - jQuery Mobile with theme not working on mobile

    I created a new webpage - New - Page from Sample - Mobile Starters - Jquery Mobile with Theme and did not modify it.
    That does not work on an iPhone or Android.
    What am I missing? Is there an update to make the jquery mobilesite work?
    This is how it looks in dreamweaver
    http://ricston.com/push/test/screenshot_dreamweaver.png
    This is how it looks on my phone:
    http://ricston.com/push/test/screenshot_galaxy.png
    The page for the template is here http://ricston.com/push/test/test.html - As you can see, nothing has been changed.

    Thank you.  I was having the exact same problem.  I even upoaded the unmodified starter page, just in case it was something I did.  Inserting the viewport line fixed it.  (Now I need to go back and insert that line into each of the pages I was working on.)
    The question remains, however, as to why the mobile starter pages don't include that line in the first place.
    [edit] FYI - On Dreamweaver CC, it's under the "common" group within "insert".  (I would have expected it under "JQuery Mobile", but it's not there.)

  • WAAS Mobile - Outlook Webmail (OWA)

    While running our new instance of WAAS Mobile, we've got one issue we cannot understand.  Outlook Web Access does not work under WAAS Mobile.  If we disable it, works fine.
    We are able to ping the OWA server with the WAAS Mobile client enabled or disabled however we cannot connect to it via it's web interface.
    I've enabled HTTPS for the WAAS Mobile to optimize on the client but this did not help.  So far i'm at a loss.
    Any ideas?

    Is the session TCOP session to OWA accelerated ?
    1)  Connect to your OWA
    2) On the WAAS Mobile Client - Go to http://127.0.0.1:9021/Acceleration_Client.html
    3) Navigate to the section Diagnostics --> TCP Sessions, Does the TCP session show up as accelerated ?
    You can also collect the sysreport from the client and server and attach it to this forum.

  • Remote access VPN with Cisco Router - Can not get the Internal Lan .

    Dear Sir ,
    I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
    I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
    Below is the IP address of the device.
    Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
    IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
    IP address:10.10.10.1
    Mask:255.255.255.0 F0/0
    IP Address :20.20.20.1
    Mask :255.255.255.0
    F0/1
    IP address :192.168.1.3
    Mask:255.255.255.0
    F0/0
    IP address :20.20.20.2
    Mask :255.255.255.0
    F0/1
    IP address :192.168.1.1
    Mask:255.255.255.0
    I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
    Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
    Need your help to fix the problem.
    Router R2 Configuration :!
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname R2
    boot-start-marker
    boot-end-marker
    no aaa new-model
    memory-size iomem 5
    no ip icmp rate-limit unreachable
    ip cef
    no ip domain lookup
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip tcp synwait-time 5
    interface FastEthernet0/0
    ip address 20.20.20.2 255.255.255.0
    duplex auto
    speed auto
    interface FastEthernet0/1
    ip address 10.10.10.1 255.255.255.0
    duplex auto
    speed auto
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    control-plane
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login
    end
    Router R1 Configuration :
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname R1
    boot-start-marker
    boot-end-marker
    aaa new-model
    aaa authentication login USERAUTH local
    aaa authorization network NETAUTHORIZE local
    aaa session-id common
    memory-size iomem 5
    no ip icmp rate-limit unreachable
    ip cef
    no ip domain lookup
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    username vpnuser password 0 strongpassword
    ip tcp synwait-time 5
    crypto keyring vpnclientskey
    pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp client configuration group remotevpn
    key cisco123
    dns 192.168.1.2
    wins 192.168.1.2
    domain mycompany.com
    pool vpnpool
    acl VPN-ACL
    crypto isakmp profile remoteclients
    description remote access vpn clients
    keyring vpnclientskey
    match identity group remotevpn
    client authentication list USERAUTH
    isakmp authorization list NETAUTHORIZE
    client configuration address respond
    crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
    crypto dynamic-map DYNMAP 10
    set transform-set TRSET
    set isakmp-profile remoteclients
    crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
    interface FastEthernet0/0
    ip address 20.20.20.1 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map VPNMAP
    interface FastEthernet0/1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    ip local pool vpnpool 192.168.50.1 192.168.50.10
    ip forward-protocol nd
    ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
    no ip http server
    no ip http secure-server
    ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
    ip access-list extended NAT-ACL
    deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
    permit ip 192.168.1.0 0.0.0.255 any
    ip access-list extended VPN-ACL
    permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
    control-plane
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    end

    Dear All,
    I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
    Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
    Waiting for your responce .
    --Milon

  • SSL VPN Failed to validate server certificate (cannot access https)

    Hi all,
    I have the next problem.
    I've configured in an UC520 a SSL VPN.
    I can access properly and I can see the labels, but I only can access urls which are http, not https:
    I can access the default ip of the uc520 (192.168.1.10) but
    When I try to get access to a secure url I get the msg: Failed to validate server certificate
    I'm trying to access a Cisco Digital Media Manager, whose url is https://pc.sumkio.local:8080
    Does the certificate of both hardware has to be the same?
    How can I add a https?
    Here is the config of the router:
    webvpn gateway SDM_WEBVPN_GATEWAY_1
    ip address 192.168.1.254 port 443 
    ssl trustpoint TP-self-signed-2977472073
    inservice
    webvpn context SDM_WEBVPN_CONTEXT_1
    secondary-color white
    title-color #CCCC66
    text-color black
    ssl authenticate verify all
    url-list "Intranet"
       heading "Corporate Intranet"
       url-text "DMM Sumkio" url-value "http://pc.sumkio.local:8080"
       url-text "Impresora" url-value "http://192.168.10.100"
       url-text "DMM" url-value "https://pc.sumkio.local:8443"
       url-text "DMM 1" url-value "http://192.168.10.10:8080"
       url-text "UC520" url-value "http://192.168.10.1"
    policy group SDM_WEBVPN_POLICY_1
       url-list "Intranet"
       mask-urls
       svc dns-server primary 192.168.10.250
       svc dns-server secondary 8.8.8.8
    default-group-policy SDM_WEBVPN_POLICY_1
    aaa authentication list sdm_vpn_xauth_ml_1
    gateway SDM_WEBVPN_GATEWAY_1
    max-users 10
    inservice
    Any help would be apreciatted.
    Thank you

    Hi, thanks for your advise.
    I'm trying to copy the certificate via cut and paste, but I'm getting a
    % Error in saving certificate: status = FAIL
    I dont know if I'm doing this right.
    I open the https page from the DMM with Mozilla Firefox, and in options I export the certificate in PEM format.
    I get a file which if I open with notepad is like
    -----BEGIN CERTIFICATE-----
    MIICOzCCAaSgAwIBAgIET7EwyzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJV
    KoZIhvcNAQEFBQADgYEAdk7n+tJi0igrTD2o7RD9ty8MLTyHN4uk8km+7DbpEy0g
    mxLY0UZswYvbj15kPdd8QbeGEdDR6SXOYePsfIRJzL0mqMON4oiUhsqAK5y2yC6R
    nqy4wWQ2fGVEYAeLpb1jGKdZWpuag/CO90NMHcMiobfBh+4eTqm7kRPTEyma6V0=
    -----END CERTIFICATE-----
    If I try to authenticate the trustpoint, I get that error.
    how can I export the certificate from the DMM?
    I think that this file is not the right file.
    and then, do I have to make some changes in
    webvpn gateway SDM_WEBVPN_GATEWAY_1?
    Should I choose the new trustpoint?
    I understand that the old trustpoint is for the outside connection, no for the LAN connection.
    Dont worry about me, answer when you can but I really need to fix this.
    Thank you so much

  • BO Mobile with HTTPS

    Hi Mobile Experts,
    we need you valuable inputs to solve one of issue in the Mobile devices.
    we are in SAP BI 4.0 SP6 and we have Enabled Business objects environment to access thorough the internet(https) and intranet(http).
    Our MObile BI service product version is productVersion="14.0.6.1036;
    Mobile client version 5.1.32 in Android and 5.1.8  in IOS.
    we have noticed below issue when we connect to BO environment from the internet.(https)
    MOB06031 when trying to connect to BI 4.0 server from SAP BI Mobile App using HTTPS. Mobile client is requesting forPersonal Information Exchange (.pfx) of CA SSL of Web url.
    where ever same client is connecting to the BO environment in intranet (http) and working fine.
    we have gone through few of the notes for the same issue
    http://service.sap.com/sap/support/notes/1658001
    http://service.sap.com/sap/support/notes/1962026
    1)
    it was suggested to installo root certificate of web server to be installed in Mobile Device.
    or
    2)
    Remove the proxy configuration from Mobile Device OR add https://<servername>:8080/ under browser's exception list.
    I will be working wih web hosting team to have the root certificate of web server as peremenant solution.( 1st option)
    in the meanwhile can any one explain how to Remove the proxy configuration from Mobile Device OR add https://<servername>:8080/ under browser's exception list in the Mobiel Device.( Andriod and IOS)
    I would request you to share experience to get of my issue
    Below are the screenshots.

    Hi Durga,
    in intranet we will have HTTP it is working fine.
    in Internet HTTPS. issue occurs.
    Previously we are using the mobile client version which less than 5.1 Release. we never had any issue with HTTP or HTTPS.
    Today we have upgraded mobile client to 5.1.32. And issue started occurring.
    we are not using any VPN to connect. our web url is enabled in internet to access the reports.
    Note:we have verified the web url in the internet by connecting it from other system which is out of our network. There launchpad/CMS are working fine without having any issue with HTTPS.
    Only issue in Mobile Device.
    Refer the below notes to have some more information.
    http://service.sap.com/sap/support/notes/1658001
    http://service.sap.com/sap/support/notes/1962026

  • VM with remote access VPN without split tunneling

    Hello experts,
    I have customers who require to use VM in their laptop. These users also require to VPN to Corporate network  to do their job. However when they do remote VPN to corporate Network (ASA VPN concentrator) from their VM host machine, they loose their access to their VM guest machines. This problem was not happening when they used cisco VPN client which has gone end of life and support as of end of July 31, 2012. In Cisco VPN client (IKEV1) if we set the protocol to udp they had no problem to keep their connectivity to VM machines while connected to corporate with remote access VPN. However this feature does not work in new Cisco VPN client which is called AnyConnect. ( NOTE: I am using IPSEC IKEV2. NO SSL at this time).
    My Question to Experts:
    1. Was the ability to maintain connection to VM guest machines, while connected to VPN without enabling split tunneling a security flaw in the old cisco VPN client?
    2. Is there a way to maintain connectivy to VM machines installed in a computer and still connect to remote access VPN concentrator through host machine? (My question is about AnyConnect client only using IPSEC IKEV2 and I do not want to enable split tunneling)
    Thanks for your help,
    Razi                

    Did you figure this out?

Maybe you are looking for

  • Cannot find "Create A Role " in BI Publisher

    Hi All, I am trying to configure EBS security and assign catalog permissions to the EBS Roles.Following the Oracle Document Integrating with Other Oracle Security Models - 11g Release 1 (11.1.1) and it says under Security Center-->Role & Permissions

  • JDBC - Class Statement not found...

    Hi, I'm trying to access Oracle from Java. I typed the oracle supplied sample code JDBCExample. First round at compiling the Java code I was getting an error saying the OracleDriver class was not found. Setting the ClassPath and LD_LIBRARY_PATH envir

  • Unable to make a connection to weblogic server 6.0

    I need urgent help on this: I have installed BEA weblogic server on my machine(Win2000). Following is the classpath: ClassPath=C:\Program Files\Exceed.nt\hcljrcsv.zip;C:\Program Files\Exceed.nt;c:\ jdk1.3.1\bin;.;c:\downloads;c:\downloads\weblogic510

  • MOVED: System wont boot up

    This topic has been moved to Intel Core 2 Duo/Quad boards. https://forum-en.msi.com/index.php?topic=133123.0

  • HELP! can not connect to itunes store

    please help it started when i update the 7.2 itunes. i have done everything it says make sure your network connection is active and try again. please help!!!