XSLT template rule matching ?

I have a need to match XML elements containing I am using [this trick|http://www.xml.com/pub/a/2001/03/14/trxml10.html] to preserve during transformation, but unfortunately this means that ' ' appearing inside a match rule gets expanded to the corresponding piece of <xsl:text .../>, which then constitutes an illegal match rule.
Any clues? I'm not totally clear on how XML entities work ...

The entity that you want is only meaningful in the external representation of the document. As that article says, the parser will convert it to U+00A0 and that's how it appears in your document. The same is true for your XSLT, since it's an XML document too. So the way to refer to it in XSLT is   or   -- see [this xsl-list message|http://www.biglist.com/lists/xsl-list/archives/200012/msg00056.html].

Similar Messages

Saxon: recovery policy via Java API? (avoid "Ambiguous rule match" error)

When I switch the XMLTransformer from the Java built in Xalan to Saxon (9), I get many
Ambiguous rule match for /
Matches both "document-node()" on line 22 of file:/D:/Tmp/test/layouts/lay_Client_T_SM_Notes_2C.xsl
and "document-node()" on line 6 of file:/D:/Tmp/test/subReports/S_RiskValues_S.xslerrors. I read that you can "relax" these checks with the TransformerFactory attributes
//http://www.saxonica.com/documentation/using-xsl/embedding/jaxp-transformation.html
tf.setAttribute("http://saxon.sf.net/feature/recoveryPolicy", 1); //dynamic XSLT errors => warning
tf.setAttribute("http://saxon.sf.net/feature/recoveryPolicyName", "recoverWithWarnings");but this doesn't work. (I check to have the saxon parse via tf.getClass().getName())

If anyone is interested I have now found a resolution for issue.
The client certificate authentication needed to be at transport level and not message level.
Following discussions with Oracle, my understanding is that OWSM manager can be used to only apply policy data at message level.
Using OWSM was not the method to fulfil this sort of requirement. Instead I needed to configure a 2 way SSL handshake.
http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/security/transport_level.html
Re: How to call https service from OSB
Edited by: 920251 on 12-Apr-2012 05:14
Edited by: 920251 on 12-Apr-2012 05:15

Xslt transformation rules for BPEL

Hi there,
Can anyone advise where I can find the xslt transformation rules for BPEL. I am unable to find the mentioned file "114.XSLTTransformations".
Best regards!
Linda

I installed the BPEL process manager and find the 114.XSLTTransformations tutorial project, but the sample xslt file is for a specific xml file but not for a general bpel file, which doesn't help with my problem.
For instance, if I want to transform a bpel file to other formats using xslt, how to handle "partner link" structure of bpel?
Best regards,
Linda

HTML from XSLT template truncated in BIP 10.1.3.4, as in 10.1.3.3.2

Just upgraded BI Publisher from version 10.1.3.3.2 to 10.1.3.4.0 because I have some huge report designs due and they're not working because of bugs in BI Publisher. I'm still having the same major problems, which are:
1) It still times out when producing moderately large Excel Analyzer files. Of course it waits 20 minutes before creating a completely useless file.
2) When producing HTML output from an XSLT template, it truncates the output when it's more than one or two dozen pages. No error issued or anything. It just presents the bad output as if it's totally acceptable to make 'most' of the report. I mean, 80% is a B, right?
I've been working with BI Publisher for two years and all the company users still hate it, and so does this developer. When are you going to stop robbing your customers by selling them crap?
Sincerely,
Multiverse.
Edited by: Multiverse on Apr 16, 2009 4:25 PM

YES! Yes, yes yes! You are the man! It worked in my stand-alone BI Publisher with your corrections also. I'm ecstatic.
To review your changes, here's the diff output between my XSL file and yours:
< <xsl:transform version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
xmlns:ora="http://www.oracle.com/XSL/Transform/java/"
xmlns:xdofo="http://xmlns.oracle.com/oxp/fo/extensions"
xmlns:xdoxslt="http://www.oracle.com/XSL/Transform/java/oracle.apps.xdo.template.rtf.XSLTFunctions"
xmlns:xdoxliff="urn:oasis:names:tc:xliff:document:1.1"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:foo="http://www.oracle.com/xml/2.0">
I omitted the other edit, which was to remove the call to the upper-case() function, which is defined in detail on W3.org here:
http://www.w3.org/TR/xquery-operators/#func-upper-case
Why does BIP not suppor this function? (Minor point.)
The more important point is that you included references to all these other namespaces: fo, ora, xdofo, xdoxslt, xdoxliff, xlink.
So you've sent me a beautifully prepared fish entree, but now I would like to learn how to fish.
Where can I found out exactly what all these namespaces offer me? What interesting functions can I use?
Also, is there any way to see in BI Pubisher when I've used an XSLT element incorrectly? As I've said, there was no way for me to tell where my template was failing because oraxsl processed the data correctly, but BI Publisher would not, and there was no error message.

Asymmetric NAT rules matched for forward and reverse flows - NAT Issue

Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505.   The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet).   I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
The Error:
5          Nov 12 2012          13:52:50                    192.168.9.19                                        Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes.   Here's my current running configuration.
: Saved
ASA Version 8.3(2)
hostname fw1
domain-name xxxxxxxx.xxx
enable password <removed>
passwd <removed>
names
interface Vlan1
description Town Internal Network
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
interface Vlan2
description Public Internet
nameif outside
security-level 0
ip address 173.xxx.xxx.xxx 255.255.255.248
interface Vlan3
description DMZ (CaTV)
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Vlan10
description Infrastructure Network
nameif InfraNet
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan13
description Guest Wireless
nameif Wireless-Guest
security-level 25
ip address 192.168.1.1 255.255.255.0
interface Vlan23
nameif StateNet
security-level 75
ip address 10.63.198.2 255.255.255.0
interface Vlan33
description Police Subnet
shutdown
nameif PDNet
security-level 90
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport trunk allowed vlan 1,5,10,13
switchport trunk native vlan 1
switchport mode trunk
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
switchport trunk allowed vlan 1,10,13
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/5
switchport access vlan 23
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport trunk allowed vlan 1
switchport trunk native vlan 1
switchport mode trunk
shutdown
banner exec                     Access Restricted to Personnel Only
banner login                     Access Restricted to Personnel Only
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name xxxxxxx.xxx
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object service IMAPoverSSL
service tcp destination eq 993
description IMAP over SSL
object service POPoverSSL
service tcp destination eq 995
description POP3 over SSL
object service SMTPwTLS
service tcp destination eq 465
description SMTP with TLS
object network obj-192.168.9.20
host 192.168.9.20
object network obj-claggett-https
host 192.168.9.20
object network obj-claggett-imap4
host 192.168.9.20
object network obj-claggett-pop3
host 192.168.9.20
object network obj-claggett-smtp
host 192.168.9.20
object network obj-claggett-imapoverssl
host 192.168.9.20
object network obj-claggett-popoverssl
host 192.168.9.20
object network obj-claggett-smtpwTLS
host 192.168.9.20
object network obj-192.168.9.120
host 192.168.9.120
object network obj-192.168.9.119
host 192.168.9.119
object network obj-192.168.9.121
host 192.168.9.121
object network obj-wirelessnet
subnet 192.168.1.0 255.255.255.0
object network WirelessClients
subnet 192.168.1.0 255.255.255.0
object network obj-dmznetwork
subnet 192.168.2.0 255.255.255.0
object network FD_Firewall
host 74.94.142.229
object network FD_Net
subnet 192.168.6.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network obj-TownHallNet
subnet 192.168.9.0 255.255.255.0
object network obj_InfraNet
subnet 192.168.10.0 255.255.255.0
object-group service EmailServices
description Normal Email/Exchange Services
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_1
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq pop3
service-object tcp destination eq https
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_2
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group network obj_clerkpc
description Clerk's PCs
network-object object obj-192.168.9.119
network-object object obj-192.168.9.120
network-object object obj-192.168.9.121
object-group network TownHall_Nets
network-object 192.168.10.0 255.255.255.0
network-object object obj-TownHallNet
object-group network DM_INLINE_NETWORK_1
network-object 192.168.10.0 255.255.255.0
network-object 192.168.9.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
pager lines 24
logging enable
logging asdm debugging
logging mail errors
logging from-address hostmaster@xxxxxxxxx
logging recipient-address john@xxxxxxxxx level errors
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu Wireless-Guest 1500
mtu StateNet 1500
mtu InfraNet 1500
mtu PDNet 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
object network obj_any
nat (inside,outside) static interface
object network obj-claggett-https
nat (inside,outside) static interface service tcp https https
object network obj-claggett-imap4
nat (inside,outside) static interface service tcp imap4 imap4
object network obj-claggett-pop3
nat (inside,outside) static interface service tcp pop3 pop3
object network obj-claggett-smtp
nat (inside,outside) static interface service tcp smtp smtp
object network obj-claggett-imapoverssl
nat (inside,outside) static interface service tcp 993 993
object network obj-claggett-popoverssl
nat (inside,outside) static interface service tcp 995 995
object network obj-claggett-smtpwTLS
nat (inside,outside) static interface service tcp 465 465
object network obj-192.168.9.120
nat (inside,StateNet) static 10.63.198.12
object network obj-192.168.9.119
nat (any,StateNet) static 10.63.198.10
object network obj-192.168.9.121
nat (any,StateNet) static 10.63.198.11
object network obj-wirelessnet
nat (Wireless-Guest,outside) static interface
object network obj-dmznetwork
nat (any,outside) static interface
object network obj_InfraNet
nat (InfraNet,outside) static interface
access-group outside_access_in in interface outside
access-group StateNet_access_in in interface StateNet
route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 5443
http 192.168.9.0 255.255.255.0 inside
http 74.xxx.xxx.xxx 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 173.xxx.xxx.xxx
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.9.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.9.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd lease 10800
dhcpd auto_config outside
dhcpd address 192.168.2.100-192.168.2.254 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd enable dmz
dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
dhcpd enable Wireless-Guest
threat-detection basic-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 63.240.161.99 source outside prefer
ntp server 207.171.30.106 source outside prefer
ntp server 70.86.250.6 source outside prefer
webvpn
group-policy FDIPSECTunnel internal
group-policy FDIPSECTunnel attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
username support password <removed> privilege 15
tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
tunnel-group 173.xxx.xxx.xxx general-attributes
default-group-policy FDIPSECTunnel
tunnel-group 173.xxx.xxx.xxx ipsec-attributes
pre-shared-key *****
smtp-server 192.168.9.20
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
: end
Any ideas would be appreciated.
John

I don't see any inspection-commands in your config. Is there a reason for not using any of them?
If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
Sent from Cisco Technical Support iPad App

%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure

Hi,
I have an ASA5510 running version 8.2(5). I have set up a new network on interface Ethernet0/1.777 of the fwl. The firewall works perfectly with remote access VPNs but has now given me the error with the new network that has been set up:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure
The difference between the other networks and the new one that I have set up is that this is the first one using a private addressing scheme. I understand that NAT is not allowing something along the way but I cant figure out what needs to change in order to get it to work. My config is as follows:
interface Ethernet0/1.777
description TRU 777
vlan 777
nameif tru777
security-level 50
ip address 10.1.34.17 255.255.255.240 standby 10.1.34.18
access-list acl_tru777 remark * ALLOW ALL OUTBOUND *
access-list acl_tru777 extended permit ip any any
access-list RA-VPN extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 172.16.0.0 255.240.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list acl_ra-lock-tru777 extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_ra-lock-tru777 extended permit ip 10.159.159.0 255.255.255.0 10.1.34.16 255.255.255.240
ip local pool ra-pool 10.159.159.0-10.159.159.254 mask 255.255.255.0
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
global (outside) 2 x.x.x.x
crypto isakmp nat-traversal 20
I think that is everything you should need, if not please just ask.
Thank you very much in advance,
Chris

Hi Julio,
Here you go:
FWL01# sh nameif
Interface                Name                     Security
Ethernet0/0              outside                    0
Ethernet0/1              CLIENTS                 50
Ethernet0/1.314        tru01                      50
Ethernet0/1.313        dmz01                    50
Ethernet0/1.316        tru02                      50
Ethernet0/1.776        dmz776                  50
Ethernet0/1.777        tru777                     50
Management0/0       management           100
FWL01# sh run nat
nat (tru02) 1 192.168.3.0 255.255.255.240
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
FWL01#    sh run glob
global (outside) 1 interface
global (outside) 2 x.x.x.x
Thanks,
Chris

Asymmetric NAT rules matched for forward and reverse flows

Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address bwi_l2l
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
I am able to connect successfully via vpn client. Its just that i cant reach the internal servers... Any ideas?
i get this error:
Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 denied

I put in the important configs:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
no ip address
ospf cost 10
interface GigabitEthernet0/2.720
vlan 720
nameif dmz-vsp
security-level 50
ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
ospf cost 10
interface GigabitEthernet0/2.724
vlan 724
nameif dmz-dbz
security-level 75
ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
ospf cost 10
interface GigabitEthernet0/2.725
vlan 725
nameif dmz-smtp
security-level 50
ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
ospf cost 10
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.10.10.50
domain-name xxxx.local
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
global (outside) 201 192.168.16.1-192.168.16.250
global (outside) 202 10.201.5.145-10.201.5.158
global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
global (outside) 101 interface
global (outside) 1 x.x.x.x netmask 255.0.0.0
global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
nat (inside) 0 access-list nonatacl
nat (inside) 201 access-list NAT_TO_IDP
nat (inside) 202 access-list inside2-vsp_nat_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN_Auth protocol radius
aaa-server VPN_Auth (inside) host 10.10.2.20
timeout 5
key *****
no mschapv2-capable
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address nonatacl
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable dmz
crypto isakmp enable dmz-vsp
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy ihasavpn2_gp internal
group-policy ihasavpn2_gp attributes
dns-server value 10.10.10.52
vpn-tunnel-protocol IPSec
default-domain value xxxx.local
tunnel-group ihasavpn2 type remote-access
tunnel-group ihasavpn2 general-attributes
address-pool inshse-vpn-pool2
authentication-server-group VPN_Auth
authentication-server-group (inside) VPN_Auth
default-group-policy ihasavpn2_gp
tunnel-group ihasavpn2 ipsec-attributes
pre-shared-key *****
tunnel-group ihasavpn2 ppp-attributes
authentication ms-chap-v2

Which FW rule matching network connection?

How to view in logs which windows server firewall rule match network connection?
Truly, Valery Tyurin

Hi Tim!
Not only block. If I have several rules for example 25 port what can i woulde like to see what rule works out?
In my environment have exchange edge 2013 on win 2012 r2 server. But I don't see rule with exactly SMTP 25 port. some inbound rules have dst port ANY. I would like to find out which rule works out then external smtp server connect to my edge.
I turned some event logs
Event Viewer -> Application and Services Log -> Microsoft -> Windows Firewall...
but nothing logged then i try to connect
telnet <ip-server> 25
Truly, Valery Tyurin

XSLT transformation: tamplate match="*" problem

Hi everybody,
I have some stupid problem with XSLT transformations. I use XALAN-J 2.7 to transform xml files. My xslt transformation can be downloaded from http://tesla.rcub.bg.ac.yu/~sing/xsd2rdf.xslt
Problem is when I have in xslt file template defined with (match="*") it does not work. Transformation does not throw any exceptions; it just does not match nodes very well.
Next XML schema can be used as test. So, if you transform this file(schema below) using e.g. XML Spy it will work fine, but if you transform it using JAVA it does not match all nodes. Any suggestions are welcome. Is it problem with XPath standard and XALAN implementation or what???
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://www.openapplications.org/oagis/CoreComponents/1.90/Types" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cct="http://www.openapplications.org/oagis/CoreComponents/1.90/Types" elementFormDefault="qualified" attributeFormDefault="unqualified">
     <xs:simpleType name="Simple">
          <xs:restriction base="xs:integer"/>
     </xs:simpleType>
     <xs:complexType name="AmountType">
          <xs:simpleContent>
               <xs:extension base="cct:Simple">
                    <xs:attribute name="currencyID" type="xs:integer" use="required"/>
                    <xs:attribute name="codeListVersionID" type="xs:float" use="optional"/>
               </xs:extension>
          </xs:simpleContent>
     </xs:complexType>
</xs:schema>
Thanks,
Igor.

Found a solution for my problem. Now it works!
DATA: wa_transformation TYPE y0dpl_structures.
DATA: obj_import TYPE abap_trans_srcbind_tab,
        wa_import TYPE abap_trans_srcbind.
DATA: obj_data TYPE REF TO data.
DATA: wa_return TYPE bapiret2.
FIELD-SYMBOLS: <data> TYPE ANY TABLE.
* Get transformation data
SELECT SINGLE *
INTO wa_transformation
FROM y0dpl_structures
WHERE filetype = i_file_type.
IF sy-subrc IS INITIAL.
* Create table with internal structure
    CREATE DATA e_data TYPE STANDARD TABLE OF (wa_transformation-structure_name).
    ASSIGN i_data->* TO <data>.
    wa_import-name = 'IMPORT'.
    GET REFERENCE OF <data> INTO wa_import-value.
    APPEND wa_import TO obj_import.
* Call transformation
    CALL TRANSFORMATION (wa_transformation-transformation)
    SOURCE (obj_import)
    RESULT export_data = e_data.
ELSE.
    MOVE: 'Y0_DPL' TO wa_return-id,
           'E'      TO wa_return-type,
           '108'    TO wa_return-number.
    APPEND wa_return TO e_return.
    CLEAR: wa_return.
ENDIF.

Xslt template mismatch

I could not really extract the values for Reference, Enquiry Type, Enquiry Sub-Type, Status and Sub-Status which should be
picked up from s5.
Is it because template match is set to <xsl:template match="/s4:ServiceRequest_Status_UpdateWithFullResponseResponse">
how can I rewrite the xslt so that s5 values are pulled out and assigned to Reference, Enquiry Type, Enquiry Sub-Type, Status and Sub-Status
xml:
<?xml version="1.0" encoding="UTF-16"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:msxsl="urn:schemas-microsoft-com:xslt"
    xmlns:var="http://schemas.microsoft.com/BizTalk/2003/var"
    exclude-result-prefixes="msxsl var s2 s4 s3 s1 s0 s5"
    version="1.0"
    xmlns:s0="http://schemas.microsoft.com/2003/10/Serialization/Arrays"
    xmlns:s1="http://schemas.datacontract.org/2004/07/Project.DataContracts"
    xmlns:ns0="http://esb.xyz.gov.uk/email/2011/01"
        xmlns:s5="http://schemas.xyz.gov.uk/Project/canonical/1"
    xmlns:s2="http://schemas.xyz.gov.uk/WCF/Project/2013-10/"
    xmlns:s3="http://schemas.xyz.gov.uk/WCF/Project/2013-10/"
    xmlns:xhtml="http://www.w3.org/1999/xhtml"
    xmlns:types="http://esb.xyz.gov.uk/email/types/2011/01"
    xmlns:s4="http://schemas.xyz.gov.uk/WCF/Project/2013-10"
    xmlns:ScriptNS0="http://schemas.microsoft.com/BizTalk/2003/ScriptNS0">
<xsl:output omit-xml-declaration="yes" method="xml" version="1.0" />
<xsl:template match="/">
    <xsl:apply-templates select="/s4:ServiceRequest_Status_UpdateWithFullResponseResponse" />
</xsl:template>
<xsl:template match="/s4:ServiceRequest_Status_UpdateWithFullResponseResponse">
   <xsl:variable name="var:v1" select="ScriptNS0:Read("Project" , "SupportEmailAddress")"/>
   <xsl:variable name="var:v2" select="ScriptNS0:Read("Project" , "SupportEmailName")"/>
   <xsl:variable name="var:v5" select="ScriptNS0:Read("Project" , "BusinessOtherEmailAddress")"/>
   <xsl:variable name="var:v6" select="ScriptNS0:Read("Project" , "BusinessOtherEmailName")"/>
   <ns0:Plain>
    <types:Subject>
     <xsl:text>BizTalk Warning: A Project Service Request could not be updated</xsl:text>
    </types:Subject>
    <types:DeliveryReceipt>
     <xsl:text>0</xsl:text>
    </types:DeliveryReceipt>
    <types:ReadReceipt>
     <xsl:text>0</xsl:text>
    </types:ReadReceipt>
    <types:From>
     <types:EmailAddress>
      <xsl:value-of select="$var:v1"/>
     </types:EmailAddress>
     <types:DisplayName>
      <xsl:value-of select="$var:v2"/>
     </types:DisplayName>
     <types:EmailAddress>
      <xsl:value-of select="$var:v5"/>
     </types:EmailAddress>
     <types:DisplayName>
      <xsl:value-of select="$var:v6"/>
     </types:DisplayName>
    </types:From>
    <types:To>
     <types:EmailAddress>
      <xsl:variable name="var:v3" select="ScriptNS0:Read("Project" , "BusinessEmailAddress")"/>
      <xsl:value-of select="$var:v3"/>
     </types:EmailAddress>
     <types:DisplayName>
      <xsl:variable name="var:v4" select="ScriptNS0:Read("Project" , "BusinessEmailName")"/>
      <xsl:value-of select="$var:v4"/>
     </types:DisplayName>
    </types:To>
    <types:CC>
     <types:EmailAddress>
      <xsl:value-of select="$var:v1"/>
     </types:EmailAddress>
     <types:DisplayName>
      <xsl:value-of select="$var:v2"/>
     </types:DisplayName>
    </types:CC>
    <types:Line>BizTalk could not update a Project Service Request that corresponds to the CRM Enquiry below.</types:Line>
    <types:Line></types:Line>
    <types:Line>
Reference: <xsl:value-of select="s5:ServiceRequests/s5:ServiceRequest/s5:Id/text()" />
    </types:Line>
    <types:Line>
Enquiry Type: <xsl:value-of select="s5:ServiceRequests/s5:ServiceRequest/s5:Area/text()"/>
    </types:Line>
    <types:Line>
Enquiry Sub-Type: <xsl:value-of select="s5:ServiceRequests/s5:ServiceRequest/s5:Sub-Area/text()"/>
    </types:Line>
    <types:Line>
Status: <xsl:value-of select="s5:ServiceRequests/s5:ServiceRequest/s5:Status/text()"/>
    </types:Line>
    <types:Line>
Sub-Status: <xsl:value-of select="s5:ServiceRequests/s5:ServiceRequest/s5:Sub-Status/text()"/>
    </types:Line>
   </ns0:Plain>
</xsl:template>
</xsl:stylesheet>

Could you post an example input file? Thx
Glenn Colpaert - MCTS BizTalk Server - Blog : http://blog.codit.eu

How do I let the sieve rules match on non-standard header fields in iMS 5.0p3?

I am able to create a per-user rule that matches on standard header lines, but if I am using a non-standard line, such as X-Spam-Flag, the rule won't apply. Is there any way to make this work properly?

On a site running 5.2 hf 0.9, I have the following sieve rule:
mailSieveRuleSource: require "fileinto"; if header :contains "X-Spam-Status" "Yes" { fileinto "SPAM"; }
and it works fine for me

AP Invoice workflow - When no rules matches in the AME

Hello,
I have a small Issue with AP Invoice Workflow.
AME Setup:
1.IF supplier amount > 600 get approval from approval-grp.
Data 1:
1.Create a invoice with amount 700 and distributions with 700 amount.
2.Validate Invoice
3.Intiate Approval using actions "Intaiate Approval"
Able to get the notification and able to track workflow process in workflow Admin
Data 2:
1.Create a invoice with amount 500 and distributions with 500 amount.
2.Validate Invoice
3.Intiate Approval using actions "Intaiate Approval"
4.Invoice shows status *'Intiated'*
Not able to see workflow process in Workflow Admin and no updates in View Invoice Approval History.
Any idea on why this is not working will be of great help!
Cheers.

Hi,
As per my knowledge, if rules are not matching, then status would be "Not Required" and not "Approved" after initiating approval.
I was testing some scenarios with AME involving "Prepayments" alone. Hence, if i create an Invoice, then Status would be "Not Required".
Also, pls login to Sysadmin and check status of the Workflow.
Also, if AME is not able to find an approver, then the notification will be forwarded to the "Administrator Approver" defined in Configuration Variables Window.
There we provide the UserId of Administrator Approver. Generally, if nothing is specified, Sysadmin would be the Administrator Approver.
Is there any other condition which you are using apart from >600 ?
Regards,
guru

Ssh fails with rule matching LAN

My goal is simple: use a key pair from the WAN only but allow password auth from the LAN.
I thought my recipe had previously worked in Arch and other distros, but now I'm unsure. Here's a snippet of some relevant sections of /etc/ssh/sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
Match Address 192.168.1.0/24
PasswordAuthentication yes
Without the match section I'm able to login. With the match section I am not able to login from WAN or LAN hosts.
Here's an excerpt from the ssh client logging in from the localmachine itself along with a tail of the journal (using the match address section):
CLIENT SIDE
myhost% ssh -v localhost
OpenSSH_6.4, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/myuser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/id_rsa type 1
debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa type 3
debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA <ommited pub>
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuser/.ssh/id_dsa
debug1: Offering ECDSA public key: /home/myuser/.ssh/id_ecdsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
SERVER SIDE
myhost% sudo journalctl -f --full
-- Logs begin at Sat 2013-06-29 11:25:32 EDT. --
Jan 07 13:09:18 myhost systemd[1]: Started SSH Key Generation.
Jan 07 13:09:18 myhost systemd[1]: Starting OpenSSH Daemon...
Jan 07 13:09:18 myhost systemd[1]: Started OpenSSH Daemon.
Jan 07 13:09:18 myhost sudo[20291]: pam_unix(sudo:session): session closed for user root
Jan 07 13:09:18 myhost sshd[20295]: Server listening on 0.0.0.0 port 22.
Jan 07 13:09:18 myhost sshd[20295]: Server listening on :: port 22.
Jan 07 13:09:23 myhost sshd[20296]: reverse mapping checking getaddrinfo for <omitted address> [<omitted address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 07 13:09:34 myhost sshd[20296]: error: Received disconnect from <omitted address>: 13: Unable to authenticate [preauth]
Jan 07 13:09:39 myhost sudo[20298]: myuser : TTY=pts/2 ; PWD=/home/myuser ; USER=root ; COMMAND=/usr/bin/journalctl -f --full
Jan 07 13:09:39 myhost sudo[20298]: pam_unix(sudo:session): session opened for user root by myuser(uid=0)
Jan 07 13:10:35 myhost sshd[20308]: Connection closed by ::1 [preauth]
Last edited by badhat (2014-01-08 14:36:10)

Yes, there are one or two fields which were note mapped and were removed. However, the records which got reconciled successfully have been done with the same field mapping.
UZ

Unused xml tags being printed in xsl transformation

Hi,
I'm just starting out with xslt, and I am have a small problem with unused data being added into the html output from an xsl transformation. The data set is very small and the transdorm is not complicated, but when I do a
<xsl:template match="aa/bb/cc">
<title><xsl:value-of select"."/></title>
</xsl:template>
cc will be used as the title, but aa/bb/dd and aa/bb/ee will be printed to the output stream directly after the </title> as standard text.
<title>cc</title>ddee
I have include the xml, the transform and the html source recieved at the end of this mail.
Any help would be appreciated.
Cheers
Simon
<webpage>
<project>
    <title>Katrin</title>
    <version>Version 1.0</version>
    <start_date>01/01/2003</start_date>
</project>
</webpage>
<xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:fo="http://www.w3.org/1999/XSL/Format">
    <xsl:output method="html"/>
    
    <xsl:template match="/">
        <html>
            <head>
                <xsl:apply-templates mode="head"/>
            </head>
            
            <body>
                <xsl:apply-templates/>
            </body>
        </html>
    </xsl:template>
    
    <xsl:template match="webpage/project/title" mode="head">
        <title><xsl:value-of select="."/></title>
    </xsl:template>
    
    <xsl:template match="webpage/project/title">
        <h1><xsl:value-of select="."/></h1>
    </xsl:template>
    <xsl:template match="webpage/project/version">
        <div align="right" style="font-size : 8pt; font-family : Times serif; padding-top : 4; padding-bottom : 4; color : red"><xsl:value-of select="."/></div>
    </xsl:template>
    <xsl:template match="webpage/project/start_date">
        <div align="left" style="font-size : 8pt; font-family : Times serif; padding-top : 4; padding-bottom : 4; color : blue"><xsl:value-of select="."/></div>
    </xsl:template>
</xsl:stylesheet>
<html xmlns:fo="http://www.w3.org/1999/XSL/Format">
   <head>
      <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <title>Katrin</title>Version 0.101/01/2003</head>
   <body>
      <h1>Katrin</h1>
      <div align="right" style="font-size : 8pt; font-family : Times serif; padding-top : 4; padding-bottom : 4; color : red">Version 0.1</div>
      <div align="left" style="font-size : 8pt; font-family : Times serif; padding-top : 4; padding-bottom : 4; color : blue">01/01/2003</div>
   </body>
</html>

You had a couple of errors in your xsl. It should read something like:
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0">
<xsl:template match="*|/"><xsl:apply-templates/></xsl:template>
<xsl:template match="text()|@*"><xsl:value-of select="."/></xsl:template>
<xsl:template match="*|/">
<html>
<head><title>Greeting</title></head>
<body>Words of greeting:
<b><i><u><xsl:value-of select="greeting"/></u></i></b>
</body>
</html>
</xsl:template>
</xsl:stylesheet>
This produces the result you are looking for:
<html>
<head>
<title>Greeting</title>
</head>
<body>Words of greeting:
<br>
<b>
<i>
<u>Hello World.</u>
</i>
</b>
</body>
</html>
null

Cisco ISE - What does "Multiple Matched Rule Applies" mean?

Hi,
In Cisco ISE authroiztion policy configuration, what does the option "multiple matched rule applies" mean? I can understand the "first matched rule", but in "multiple matched rule" how is the "permissions picked if multiple rules match? Or, what is the logic involved in picking up the permissions, if multiple rules are matched in authorization policy.
No where in cisco document I see any explaination for this.
Would appreciate if any one can point me to a document or explain me the login in selecting the persmissions if multiple rules are matched. Also, what would the use-case for this?
Thanks and Regards,
Mohan

I agree with tarik & also this might be helpful for you:
An authorization policy can consist of a single rule or a set of rules that are user-defined. These rules act to create a specific policy. For example, a standard policy can include the rule name using an If-Then convention that links a value entered for identity groups with specific condition(s) or attributes to produce a specific set of permissions that create a unique authorization profile. There are two authorization policy options you can set:
•First Matched Rules Apply
•Multiple Matched Rule Applies
These two options direct Cisco ISE to use either the first matched or the multiple matched rule type listed in the standard policy table when it matches the user's set of permissions. These are the two types of authorization policies that you can configure:
•Standard
•Exception
Standard policies are policies created to remain in effect for long periods of time, to apply to a larger group of users or devices or groups, and allow access to specific or all network endpoints. Standard policies are intended to be stable and apply to a large groups of users, devices, and groups that share a common set of privileges.
Standard policies can be used as templates in which you modify the original values to serve the needs of a specific identity group, using specific conditions or permissions to create another type of standard policy to meet the needs of new divisions, or groups of users, devices, or groups in your network.
By contrast, exception policies are appropriately named because this type of policy acts as an exception to the standard policies. Exception polices are intended for authorizing limited access that is based on a variety of factors (short-term policy duration, specific types of network devices, network endpoints or groups, or the need to meet special conditions or permissions or an immediate requirement).
Exception policies are created to meet an immediate or short-term need such as authorizing a limited number of users, devices, or groups to access network resources. An exception policy lets you create a specific set of customized values for an identity group, condition, or permission that are tailored for one user or a subset of users. This allows you to create different or customized policies to meet your corporate, group, or network needs.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html

XSLT template rule matching ?

Similar Messages

Maybe you are looking for