Check configuration on S170 L4 traffic monitor?

You can check that I made this connection correctly on our new S170?  I'm greatly grateful in advance!

On the switch, I created 1 session of the monitor with the following command:

monitor session 1 source Fa6/0/38, 48/0/Fa2 interface

control interface of destination session 1 item in gi1/0/40

We have two 50 Mbps internet connections, firewalls are so only on 100meg (fa) ports GigE ports are at a premium and I don't want to lose the PoE ports (which are together).

Fa6/0/38 is our main firewall connection side lan to the internet.  All traffic to the outside world of our local network must pass through here.

FA2/0/48 is an asa firewall failover, if for some reason, the principal is down, traffic to the outside world would be through this port through the secondary firewall.

Item in gi1/0/40 is a concert which is patched with the WSA S170 T1 port.

The WSA network > Interfaces display a L4 Traffic Monitor wiring Duplex TYPE value: T1 (In/Out)

Security Services > L4 Traffic Monitor enabled L4 traffic, and the traffic is controlled on all ports except ports web (HTTP/HTTPS).  Rules are correctly updated and licensing is enabled for this feature.

So this setup correctly?  Is it possible to test?  Should I change the L4 monitor traffic to monitor all ports, or generally just you ports WCCP 80 / 443 of the firewall answer to all that filtering and use L4 for 'everything else '?

When I go to the L4 Traffic Monitor reports, there is no data found.  Now probably because there is no suspicious activity or malware, but how can I be sure that it works?

It looks like the game properly.

I set mine to look at "Everything else."

I do not know how to test to see if it alarms...

Tags: Cisco Security

Similar Questions

  • Automatic configuration of the HP w17e monitor active at random

    Currently using an hp w17e flat, wide LCD screen connected to a NVIDIA 9500 GT video card located in a computer that is running Windows Vista Edition home premium (32 bit).  Running on 1440 x 900, 60 Hz frequency suggested by the insertion of the packaging of refreshment. Also in the 32-bit color setting.

    (Other computer stats available at http://www.compusa.com/applications/searchtools/item-Details.asp?EdpNo=4419976&sku=T71-3446%20ON&srkey=3000%20H210%2057088788)

    Tuesday night (13/10/2009) let my computer playing music with the monitor off.  Morning, Weds(10/14/2009) and any platform is off.  Turn it turn it back on and seems to update windows pushed a lot of updates.  Then I noticed the problem.  Randomly, the automatic configuration of hardware on the monitor turns on.  Tried different applications (games, firefox [windowed and full screen], or just sitting on the desktop), and the Automatic Configuration dialog box appears in the center of my screen and shakes the screen.

    Monitor checked button, it is not blocked (before this, don't think I hit a few months...)

    No change, I tried older drivers I had before the update of windows, still didn't try to update the NVIDIA drivers, arrives.

    Reset the monitor through the monitor menu.  Still happens.

    Reset the NVIDIA graphics settings, still happens.

    Installed the update optional windows update for the hp w17e LCD wide display.

    Monitor connection video Cable disconnected to the video card, checked pins, pins are good.  Reconnected.  Still happens.

    Tried to connect to another video on the port of the video card (always the same type of connection).  A reduced frequency, but screen looks flatter and more gray/less dynamic.

    She returned after swapping the video ports when I open the NVIDIA Control Panel.  Didn't jump once while typing this.

    Suggestions?

    Updated several days later.

    After the passage of the screen to the other video port on the back of the computer (vid card has 2 ports I could use, been using a) and disconnect / reinstalling the power cord on the monitor itself, auto config jumped just once shortly after reconnection of everything and not since.

    Weird and intrigues me, but hey, if it works now, will to run with him.

  • I had checked "extend my desktop to this monitor". I have only 1 monitor though. Now the screen is empty. I rebooted the pc in the hope to go in safe mode but the screen remained blank.__How can I go back to single screen? __

    I had checked "extend my desktop to this monitor". I have only 1 monitor though. Now the screen is empty. I rebooted the pc in the hope to go in safe mode but the screen remains blank.
    How can I go back to single screen?

    Hi Bilipino,

    You have more than one display card? Try to connect your monitor to the another card and see if you can get the display.

    Reference: http://www.microsoft.com/windowsxp/using/setup/hwandprograms/monitors.mspx

    I hope this helps...

  • WebCenter spaces managed server error: JPS-01520: cannot initialize the identity store, cause: oracle.security.idm.ConfigurationException: unable to connect to the directory. Check configuration information...

    WebCenter Portal 11.1.1.9.2 has been installed on a single node and configured using external policy based JPS Sotre 11.1.1.7 OID LDAP and Oracle Access Manager 11.1.2.2.0 for Single Sign-On.

    For WebCenter Portal managed starting the server (and all the other managed servers, Portlet, Collaboration, utilities, etc.) the following error message is recorded in the log files:

    <Oct 26, 2015 10:35:32 AM COT> <Warning> <oracle.jps.idmgmt> <JPS-01520> <Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: Failed to connect to directory. Check configuration information..> 
<Oct 26, 2015 10:35:32 AM COT> <Error> <oracle.adf.mbean.share.connection.ConnectionsHelper> <BEA-000000> <Failed to get credentials for alias ADF and connection name PageletConnection
java.lang.RuntimeException: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01520: Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: Failed to connect to directory. Check configuration information..
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:386)
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:363)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:272)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:233)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.getCurrentUserUniqueID(CSFCredentialStore.java:1253)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:489)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:653)
  at oracle.adf.share.security.credentialstore.CredentialStore.fetchCredential(CredentialStore.java:187)
  at oracle.adf.mbean.share.connection.ConnectionsHelper.getCredentials(ConnectionsHelper.java:208)
  at oracle.adf.mbean.share.connection.ReferenceHelper.getCredentials(ReferenceHelper.java:334)
  at oracle.adf.mbean.share.connection.ReferenceHelper.createReference(ReferenceHelper.java:299)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.registerBean(ConnectionsRuntimeMXBeanImpl.java:499)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.createConnection(ConnectionsRuntimeMXBeanImpl.java:577)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.configObjectReloaded(ConnectionsRuntimeMXBeanImpl.java:778)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.postRegister(ConnectionsRuntimeMXBeanImpl.java:1089)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doPostRegister(OracleStandardEmitterMBean.java:556)
  at oracle.adf.mbean.share.AdfMBeanInterceptor.internalPostRegister(AdfMBeanInterceptor.java:223)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor$4.run(JpsJmxInterceptor.java:605)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalPostRegister(JpsJmxInterceptor.java:622)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalPostRegister(ContextClassLoaderMBeanInterceptor.java:167)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.postRegister(OracleStandardEmitterMBean.java:521)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.postRegister(DefaultMBeanServerInterceptor.java:1024)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:974)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:714)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.mbeanservers.internal.JMXContextInterceptor.registerMBean(JMXContextInterceptor.java:445)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:712)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.registerMBean(WLSMBeanServer.java:462)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor$1.run(PrivilegedMBeanServerInterceptor.java:55)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor.registerMBean(PrivilegedMBeanServerInterceptor.java:60)
  at oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack.contextInitialized(ADFConnectionLifeCycleCallBack.java:111)
  at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
  at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1871)
  at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3173)
  at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1527)
  at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:486)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
  at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
  at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
  at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
  at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:187)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:379)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
  at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
  at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
  at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
  at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
  at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01520: Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: Failed to connect to directory. Check configuration information..
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:381)
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:363)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:272)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:233)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.getCurrentUserUniqueID(CSFCredentialStore.java:1253)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:489)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:653)
  at oracle.adf.share.security.credentialstore.CredentialStore.fetchCredential(CredentialStore.java:187)
  at oracle.adf.mbean.share.connection.ConnectionsHelper.getCredentials(ConnectionsHelper.java:208)
  at oracle.adf.mbean.share.connection.ReferenceHelper.getCredentials(ReferenceHelper.java:334)
  at oracle.adf.mbean.share.connection.ReferenceHelper.createReference(ReferenceHelper.java:299)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.registerBean(ConnectionsRuntimeMXBeanImpl.java:499)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.createConnection(ConnectionsRuntimeMXBeanImpl.java:577)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.configObjectReloaded(ConnectionsRuntimeMXBeanImpl.java:778)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.postRegister(ConnectionsRuntimeMXBeanImpl.java:1089)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doPostRegister(OracleStandardEmitterMBean.java:556)
  at oracle.adf.mbean.share.AdfMBeanInterceptor.internalPostRegister(AdfMBeanInterceptor.java:223)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor$4.run(JpsJmxInterceptor.java:605)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalPostRegister(JpsJmxInterceptor.java:622)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalPostRegister(ContextClassLoaderMBeanInterceptor.java:167)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.postRegister(OracleStandardEmitterMBean.java:521)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.postRegister(DefaultMBeanServerInterceptor.java:1024)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:974)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:714)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.mbeanservers.internal.JMXContextInterceptor.registerMBean(JMXContextInterceptor.java:445)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:712)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.registerMBean(WLSMBeanServer.java:462)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor$1.run(PrivilegedMBeanServerInterceptor.java:55)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor.registerMBean(PrivilegedMBeanServerInterceptor.java:60)
  at oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack.contextInitialized(ADFConnectionLifeCycleCallBack.java:111)
  at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
  at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1871)
  at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3173)
  at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1527)
  at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:486)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
  at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
  at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
  at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
  at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:187)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:379)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
  at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
  at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
  at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
  at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
  at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

    OID contains all users belonging to a group and can be viewed correctly using DOHAD.

    Users cannot connect to the portal WebCenter or any other application of the field gets initialized because JPS store does not.

    However, the JPS store gets initialized for the administration server, users and group membership can be toured from the areas of security-> users and groups to the weblogic console window.

    A few days ago the users connected to the webcenter content was not asigned no role.

    WebCenter star in the field of content very well, Admin Server and store of JPS is initialized correctly, users and members of the group can be seen in areas of security-> users and groups to the weblogic console window.

    WCP-weblogic_usersandgroups.png

    This error started to appear a few days before, before that, everything was normal, and users could connect to the webcenter portal group for membership and get the OID and the privileges of JPS LDAP store.

    Servers werer started first, using Nodemanager script to start the server administration, and after that the administrator of the booted server, console weblogic was used to start managed servers.

    Is there a way to debug the JPS Store initialization?

    Hello Amey

    The indicator for OAM ID Asserter is required for single sign on functionality, whatever it is, the problem, seems to be communication with the DNS server, which makes a delay that could be verified using traceroute and ping commands.

    This delay caused the connection failure to the OID server during initialization of JPS.

    As a solution, thefully qualified hostname to OID server has been configured manually to the file/etc/hosts. After this change, JPS can be initialized correctly.

    Howerver, that the log shows no time-out or any other exception during the initialziation, making diagnosis difficult to obtain.

    Thanks for your help.

  • JPS-01520 - cannot initialize the identity store, cause: unable to connect to the directory. Check configuration information...

    WebCenter content 11.1.1.8.7 has been installed on a single node and configured by using the security provider of external JPS using OID 11.1.1.7

    JPS_store_config.png

    WebCenter content area uses OAM 11 GR 2 as a single sign on the mechanics and the DIO as authentication providers

    Auth_providers.png

    OID contains all users belonging to a group and can be viewed correctly using DOHAD.

    ODSm_userBrowse.png

    A few days ago the users connected to the webcenter content was not asigned no role.

    WebCenter star in the field of content very well, Admin Server and store of JPS is initialized correctly, users and members of the group can be seen in areas of security-> users and groups to the weblogic console window.

    weblogic_usersandgroups.png

    However, when starting a webcenter content managed server, the following message appears:

    <JPS-01520> <Cannot initialize identity store, cause: Failed to connect to directory. Check configuration information..>

    And users get only the default authenticated roles.

    weblogic_ecm-UserRoles.png

    Where he should have been granted the role administrators ECM, sysadmin and admin role, because of the map of credentials configured in webcenter content server

    Content_credentialmap.png

    In the providers section, JpsUserProvider is down

    Content_jpsproviderdown.png

    and using the test function, the following error displays to webcenter content records:

    <Oct 23, 2015 11:48:41 AM COT> <Error> <oracle.ucm.idccs> <UCM-CS-000001> <general exception> 
<Oct 23, 2015 11:48:41 AM COT> <Error> <oracle.ucm.idccs> <UCM-CS-000001> <general exception
intradoc.common.ServiceException: !csJpsIdentityStoreNotConfigured
        at idc.provider.jps.JpsUserProvider.testConnection(JpsUserProvider.java:941)
        at intradoc.server.proxy.ProviderStateUtils.testConnection(ProviderStateUtils.java:66)
        at intradoc.server.ProviderManagerService.testProvider(ProviderManagerService.java:128)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at intradoc.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:87)
        at intradoc.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:310)
        at intradoc.common.ClassHelperUtils.executeMethod(ClassHelperUtils.java:295)
        at intradoc.server.Service.doCodeEx(Service.java:640)
        at intradoc.server.Service.doCode(Service.java:595)
        at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1693)
        at intradoc.server.Service.doAction(Service.java:566)
        at intradoc.server.ServiceRequestImplementor.doActions(ServiceRequestImplementor.java:1483)
        at intradoc.server.Service.doActions(Service.java:562)
        at intradoc.server.ServiceRequestImplementor.executeActions(ServiceRequestImplementor.java:1415)
        at intradoc.server.Service.executeActions(Service.java:547)
        at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:751)
        at intradoc.server.Service.doRequest(Service.java:1976)
        at intradoc.server.ServiceManager.processCommand(ServiceManager.java:487)
        at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
        at intradoc.idcwls.IdcServletRequestUtils.doRequest(IdcServletRequestUtils.java:1358)
        at intradoc.idcwls.IdcServletRequestUtils.processFilterEvent(IdcServletRequestUtils.java:1732)
        at intradoc.idcwls.IdcIntegrateWrapper.processFilterEvent(IdcIntegrateWrapper.java:223)
        at sun.reflect.GeneratedMethodAccessor219.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at idcservlet.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:88)
        at idcservlet.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:305)
        at idcservlet.common.ClassHelperUtils.executeMethodWithArgs(ClassHelperUtils.java:278)
        at idcservlet.ServletUtils.executeContentServerIntegrateMethodOnConfig(ServletUtils.java:1680)
        at idcservlet.IdcFilter.doFilter(IdcFilter.java:457)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
        at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
        at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
        at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
        at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
        at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
        at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
        at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:419)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
        at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
        at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
        at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
        at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
        at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
        at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
        at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1495)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

    This behavior also affects SOA managed server and managed servers of the WebCenter Portal

    The servers were turned on in the right order, the first Management Server, then content managed server

    Is there a way to diagnose the reason why JPS security provider cannot be initialized?

    The problem seems to play with communication with the DNS server, which makes it a delay on the resolution for entry to the OID server host name, this could be verified using traceroute and ping commands.

    This delay caused the connection failure to the OID server during initialization of JPS.

    As a solution, fully qualified for OID server host name has been configured manually to the file/etc/hosts. After this change, JPS can be initialized correctly.

    Howerver, that the log shows no time-out or any other exception during the initialziation, making diagnosis difficult to obtain.

    Thanks for your help.

  • Checking configuration of the Virtual Machine NIC

    Hello people.

    I put in a virtual infrastructure that separates discrete security (DMZ/Intranet/Extranet/etc.) areas using port groups.  My main concern is to ensure that VM is not accidentally bridged for port groups on two separate security zones.  Someone is aware of a third party or tools included that will allow me to list and checking the configuration of virtual NETWORK map of all VM in my data center?  We use ESX 3.5 and Virtual Center 2.5.

    Thank you...

    Did you watch NetWrix VMware Reporter?  It will monitor and audit of your VMware changes and much more.  Have you thought about streamlining your authorization center VC so that no one else can reach your VM and more groups specified admin settings.  You can then use the tasks & events to see what activities were conducted by users / specific actions.  We have implemented strict access to our systems of VC and the Strip unnecessary permissions to that effect.

    If you found this information useful, please consider awarding points to 'Correct' or 'useful '. Thank you!!!

    Kind regards

    Stefan Nguyen

    VMware vExpert 2009

    iGeek Systems Inc.

    VMware, Citrix, Microsoft Consultant

  • Why all of a sudden my monitor shows a double image of everything? I checked all the controls in the monitor. Have complete scan of the system. Restarted. Help please!

    Why my monitor see suddenly double images? A bit like a 3D cube. I checked all the settings in the screen itself. They are very good. A comprehensive security system has to analyze. He came clean. Cache of cookies. Defragmented. Restarted. Is entered in controls and found nothing out of the ordinary. But then again, I'm not very savvy computer. Help, please!

    Borrow a monitor from a friend and attach it to your computer, if possible, attach your monitor to your friend's computer.  If the monitor remains screwey computer your friend then the monitor is dying and needs to be replaced.  If the monitor of your friend looks like screwey on your computer, you'll have a hardware problem that must be solved.

  • automatic configuration is flashing on my monitor is a computer problem

    small window in the center of my e machine el1300g lights when I starts and constantly flashes on my screen, I have tried everything to get rid of it and cannot

    Hello

    I suggest that you try to change the resolution in Windows and see if still receive the alert.
     
    For more information about the resolution of the screen and the display on a monitor, check the Microsoft Help below & the how-to Articles:

    1:     change the screen resolution : -.
        http://Windows.Microsoft.com/en-us/Windows-Vista/change-screen-resolution

    2: Get the best display on your monitor : -.
        http://Windows.Microsoft.com/en-us/Windows-Vista/getting-the-best-display-on-your-monitor

    3: Resolution of problems with video card problems monitor : -.
        http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-monitor-and-video-card-problems

  • ASA 5505 Split Tunneling configured but still all traffic Tunneling

    Hello

    I installed an ASA 5505 running 8.3.2 and Cisco AnyConnect Client 2.5.2017.

    There are the DefaultRAGroup and a newly configured Group called SplitTunnelNets.

    I have 1 internal subnet (192.168.223.0/24) which has a matching ACL/AS configured on the DefaultRAGroup and the custom group policy called SSLClientPolicy.

    When I start the VPN with the ASA, I can indeed reach internal resources, but when I look at the routing table, I see a new default gateway route 0.0.0.0 / 0-> 192.168.25.2 (that is in the IP pool) with a metric of 2.  The default route before the start of the session AnyConnect now has a higher metric, so the 192.168.25.2 next hop is a priority.

    I don't see the routes in the routing table for 192.168.223.0/24 as I expect to see.  In the diagnosis of AnyConnect, I see that 0.0.0.0/0 is the policy applied to the client.

    Here's my setup.  Please tell me if you see something that I'm missing.

    ASA 8.3 Version (2)
    !
    host name asa

    names of
    !
    interface Vlan1
    nameif inside
    security-level 100
    IP 192.168.223.254 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    IP x.x.x.x 255.255.255.240
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    boot system Disk0: / asa832 - k8.bin
    passive FTP mode
    clock timezone IS - 5
    clock to summer time EDT recurring
    DNS lookup field inside
    DNS server-group DefaultDNS
    Server name 192.168.223.41
    domain Labs.com
    network obj_any object
    subnet 0.0.0.0 0.0.0.0
    vpn-client-net network object
    255.255.255.0 subnet 192.168.25.0
    network of the internal net object
    192.168.223.0 subnet 255.255.255.0
    the DM_INLINE_NETWORK_1 object-group network
    internal-net network object
    network-vpn-client-net object
    the DM_INLINE_NETWORK_2 object-group network
    internal-net network object
    network-vpn-client-net object
    SplitTunnelNets to access extensive ip list allow any 192.168.223.0 255.255.255.0
    pager lines 24
    Enable logging
    asdm of logging of information
    Within 1500 MTU
    Outside 1500 MTU
    mask 192.168.25.1 - 192.168.25.50 255.255.255.0 IP local pool SSLClientPool
    no failover
    ICMP unreachable rate-limit 1 burst-size 1
    ICMP allow any inside
    ASDM image disk0: / asdm - 635.bin
    don't allow no asdm history
    ARP timeout 14400
    NAT (inside, all) static source internal-net net internal static destination vpn client vpn client-Net
    !
    network obj_any object
    NAT dynamic interface (indoor, outdoor)
    Route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
    Timeout xlate 03:00
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-registration DfltAccessPolicy
    Labs-AAA protocol ldap LDAP-server
    AAA-server Lab-LDAP (inside) host 192.168.223.41
    Server-port 636
    LDAP-base-dn dc = labs, dc = com
    LDAP-scope subtree
    LDAP-naming-attribute sAMAccountName
    LDAP-login-password *.
    LDAP-connection-dn [email protected] / * /
    enable LDAP over ssl
    microsoft server type
    Enable http server
    http 192.168.223.0 255.255.255.0 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    Crypto ca trustpoint ASDM_TrustPoint0
    registration auto

    sslvpnkeypair key pair
    Configure CRL
    Crypto ca trustpoint ASDM_TrustPoint1
    ASDM_TrustPoint1 key pair
    Configure CRL
    string encryption ca ASDM_TrustPoint0 certificates

    Telnet 192.168.223.0 255.255.255.0 inside
    Telnet timeout 5
    SSH 192.168.223.0 255.255.255.0 inside
    SSH timeout 5
    Console timeout 0
    dhcpd outside auto_config
    !

    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    NTP 192.5.41.41 Server
    NTP 192.5.41.40 Server
    SSL-trust outside ASDM_TrustPoint1 point
    WebVPN
    allow outside
    No anyconnect essentials
    SVC disk0:/anyconnect-win-2.5.2017-k9.pkg 1 image
    SVC disk0:/anyconnect-macosx-i386-3.0.0629-k9.pkg 2 image
    Picture disk0:/anyconnect-linux-3.0.0629-k9.pkg 3 SVC
    enable SVC
    tunnel-group-list activate
    internal SSLClientPolicy group strategy
    attributes of Group Policy SSLClientPolicy
    value of server DNS 192.168.223.41
    VPN-tunnel-Protocol svc
    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list SplitTunnelNets

    field default value Labs
    split dns value Labs.com
    the address value SSLClientPool pools
    WebVPN
    SVC Dungeon-Installer installed
    attributes of Group Policy DfltGrpPolicy
    value of server DNS 192.168.223.41
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list SplitTunnelNets
    coyotelabs.com value by default-field
    type of remote access service
    type tunnel-group SSLClientProfile remote access
    attributes global-tunnel-group SSLClientProfile
    CoyoteLabs-LDAP authentication-server-group
    Group Policy - by default-SSLClientPolicy
    tunnel-group SSLClientProfile webvpn-attributes
    allow group-alias CoyoteLabs
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    Review the ip options
    !
    global service-policy global_policy
    context of prompt hostname
    Cryptochecksum:95b7ff58b54e02948a14b225eec1a990
    : end

    The split tunnel access list must be standard access-list, not extended access list.

    You must change the following:
    FROM: SplitTunnelNets access-list extended ip to allow all 192.168.223.0 255.255.255.0
    To: SplitTunnelNets standard access list allows 192.168.223.0 255.255.255.0

    You should be able to reconnect again and will be able to access the Internet after you set up the standard access-list split tunnel.

    Hope that helps.

  • Is it possible to save a configuration with NOR-XNET Bus Monitor?

    I'm trying to transition to use Vector canoe to use NOR-XNET Bus monitor.

    In Bus monitor is it possible to save the settings of the interface and the signals tab setting?

    Do not think that as Bus monitor, it's more like a low level tool to see if things work.  Very little effort seems to have entered the user experience or user interface.  OR prefer generally to develop tools, which you can use to request a wonderful, they generally don't do this wonderful application themselves.

    I would look at a few examples in LabVIEW, by going to help > find examples to see if any of these get close to the functionality you're looking for.  Then you can use as a starting point for your own application.

  • Best practices Check - Configuration of the Communication Service

    So, we have the following here the use case...

    Background:

    We have a FMS instance that has several teams using multiple applications, air conditioned and have their own specific communication needs. Teams of infrastructure, such as the database or Server team are also included on this FMS. We have services configured around applications and their dependencies, so a single object will exist in several services.

    To work around the lack of granularity configuration and horrible the service-based E-mail in the form, I created an event rule that queries for FSMServices affected for a given event and iterates over all the unique services, pulling on the notification settings through our way of soil and trigger Actions from the command line or appropriate accordingly EmailActions... we use of the-d in the field of shortDesc service options.

    Example:

    (You can ask for a detailed explanation of what do the settings, if you wish, or that the levels called - but they are just an additive representation of the levels of severity in foglight)

    Here's our new problem:

    We have teams who want notification on certain rules of certain severities (such as criticism), but not others. This has created the need for a 'white list' or the 'black list' of the original names of rule for the event to determine whether an event should be communicated to our NOC or paged on our teams.

    My solution of thought:


    We will create a new cartridge (FoglightCommunication) that contains a custom dashboard and the definition of the topology for a FSMServiceConfig object. This object contains a white list or black list for some rules should be provided for each service. This TopologyObject would also resume functionality which serve as my current shortDesc variables... Essentially, it would contain all THE information relevant to its corresponding FSMService object configuration. We have experience in creating modules advanced both in the creation of Foglight cartridge/agents/topology definitions.

    The dashboard would exist to facilitate the configuration of this new object and to facilitate the visualization of the current communication service. This would also allow our team to allow the teams less educated with Foglight feature more easily and completely configure their own communication service. Empowering the team owner is always a good thing

    My Question:

    Did someone in the quest (it's such a name cooler than Dell) sees a problem with this? My only concern is that we could lose all our configuration information to uninstall the cartridge for a upgrade problem. He might consider a work around with an option to export/import... but it's a messy solution and a non-human evidence. Is there a way to specify the data to be persisted, even if the cartridge that has defined this topology definition is uninstalled?

    I'd appreciate any comments or thoughts. Thank you!

    Hi Adam.

    This looks like a very useful customization. I don't see why your team should not move forward with that.

    I also like the idea of building an import/export feature in your cartridge in order to preserve the configurations in case you need to uninstall the cartridge. Note that even in this case, type of custom topology that was written to the repository data Foglight will always be there (i.e. it will not be served unless you specifically request this) - so you can be able to get Foglight to save the configuration information important for you.

    I encourage you to update the community on your progress on this and send questions, screencaps, etc., as needed.

    Thank you!

    Robert Statsinger

  • VPN-filer configuration on the VPN traffic

    Hello world

    We set up a site to ipsec with the seller.

    For security reasons we do not want to allow all traffic through the tunnel.

    ASA has 2 interfaces both inside and outside.

    We refuse any one on the external interface ip.

    I have config vpn run ACL to allow traffic on port ssh, icmp through the tunnel.

    Then I applied it under the group policy.

    name of VPN-filter value.

    Need to confirm that I must also allow ipec protocols as esp etc under VPN filter ACL?

    Concerning

    MAhesh

    The vpn-filter is applied to the traffic flowing through the tunnel. You don't need to allow all traffic that 'built' like IKE and IPsec VPN.

    On the SAA, you must also add this traffic to your external ACL is it necessary on IOS routers.

    For the vpn-filter, be aware that the syntax is not

    permit/deny PROTOCOL SOURCE DESTINATION
    It's
    permit/deny PROTOCOL REMOTE LOCAL
    This is relevant when you want to filter traffic from your network to the network of peers.

  • Configuration of AIP SSM to monitor only

    Hi all

    We bought an AIP-SSM-20 for our ASA5520. Is there a way to enable the IPS feature, but not block anything, i.e. just record events? It's just to see if any legitimate business traffic will be blocked.

    Thank you!

    Jacques

    Set the ASA to send traffic to IP addresses in promiscuous mode by using the following command in a sheet of policy:

    IPS hostname(config-pmap-c) # {inline | promiscuity} {failure-closing |}

    rescue} [sensor {sensor_name | mapped_name}]

    http://www.Cisco.com/en/us/docs/security/ASA/asa80/Getting_started/asa5500/quick/guide/aipssm.html

    Geroge

  • Checking Configuration Pmode RDM

    How can I use PowerCLI to check if pmode RDM are mapped / zoned properly everywhere in a cluster, so that they can run on any host and always see the LUN they need to connect to?

    Actually it checks both, and it lists to a node ESXi visible LUNS that are not in use.

  • Web traffic monitoring

    Hi all!

    My problem is that I want to count the number of bytes that have been sent and received and from the BlackBerry device. I can't find information about such a possibility.

    One of the varients is listening to all the actions that occur while the browser is in use. But I've yet to find anything.

    Thank you. Any help will be appreciated.

    The search engine on thie forum is a very useful tool.  I did a quick search and found these:

    http://supportforums.BlackBerry.com/T5/Java-development/number-of-bytes-send-receive/m-p/142802

    http://supportforums.BlackBerry.com/T5/Java-development/number-of-packets-send-receive/m-p/149185

Maybe you are looking for

  • photos sent via e-mail receiver cannot open their discovers, his computer stops immediately, will not open?

    I send photos that I take all the time through my email, I sent a few pictures of my sister and she said his computer is turned off and it would not even open the pictures. I had a virus in the past, it's a security thing, or maybe that I have sent t

  • Qosmio F10 get error 'IDE #0 ERROR.

    Hello all, just bought the Qosmio F10 installed all the things I had to do. installed and registered the norton anti-virus. everything went well. now a few hours later I want to boot my laptop and get the error "ERROR in IDE #0" so I put my recovery

  • Will there be any problem of reactivation after the XP system restore?

    I just do a system restore (if out-of-the-box original factory of the machine) to a disk image.  After starting in Windows XP Pro SP2 I have entered configuration information initial requested as well as (as requested) Windows product key, but I jump

  • Crash of Windows Vista after the SCREEN of HOME Toshiba

    Greetings, My father work laptop, a Toshiba Satellite L300D, running on Windows Vista, seems to have fallen, and it is promised (because he recently ordered a new laptop) that if I fix it it gives me. The problem is that as soon as the laptop turns o

  • Request for delivery of the traffic/VPN

    We have 5 sites in the United Kingdom, connected to internet configured as a fully meshed IPSec VPN. Each site also has an IPSec peering with a sister in France. We are moving UK connections to another WAN service provider and they will not be connec