Configuration of a DR Site

Similar Questions

• Possible to define strategies of OAM configuration on the same site on two different

  Is it possible to define strategies of OAM configuration on the same site on two different servers?
  
  One of the sites to have anonymous access but it to be protected. How to set up a policy without it automatically applies to all Web sites that match regardless of the host.
  
  How to differentiate the two OAM sites so that I can apply security different strategies for each of them?
  
  Thank you.

  You can refer to this [recent thread | http://forums.oracle.com/forums/thread.jspa?threadID=878094&tstart=0].

  Also, if one of the sites requires anonymous access for all the content and it's not going to change in the foreseeable future, just don't install/activate webgate on that.

  -Vinod

• Failed to configure two AnyConnect & IPSEC site to site VPN

  I have established a VPN IPSEC site-to-site

  When I configure the AnyConnect (make it work) and I lose the tunnel from site to site and vice versa.

  I think that my NAT syatements are incorrect.

  Here is the config NAT when AnyConnect works properly...

  Overall (101 outside interface)
  NAT (inside) 0-list of access sslnonat
  NAT (inside) 101 0.0.0.0 0.0.0.0

  access extensive list ip 192.168.65.0 sslnonat allow 255.255.255.0 192.168.66.0 255.255.255.0

  When the IPSEC tunnel site-to-site work properly, here's the NAT config...

  Overall (101 outside interface)
  NAT (inside) 0-list of access Inside_nat0_outbound
  NAT (inside) 101 0.0.0.0 0.0.0.0

  Access extensive list ip 192.168.65.0 Inside_nat0_outbound allow 255.255.255.0 ServerGroup object-group

  How do I get to the AnyConnect and the IPSEC Site to site both to work properly? I need not reach on the other.

  Network within 192.168.65.0/24

  AnyCOnnect address pool 192.168.66.0/24

  Any help would be appreciated.

  Hello

  Try this:

  Overall (101 outside interface)
  NAT (inside) 0-list of access Inside_nat0_outbound
  NAT (inside) 101 0.0.0.0 0.0.0.0

  Access extensive list ip 192.168.65.0 Inside_nat0_outbound allow 255.255.255.0 ServerGroup object-group
  Access extensive list ip 192.168.65.0 Inside_nat0_outbound allow 255.255.255.0 192.168.66.0 255.255.255.0

  The problem is that when you apply the IPsec NAT configuration, you remove the entry for the AnyConnect pool.
  Try the above and we will see if it works.

  Federico.

• How to configure Coldfusion on my site

  Hey, I just installed coldfusion on my laptop and I want to use Coldfusion to run the files on my lapt for my site, so I can preview on the web browser. It's just if I can preview the changes Ive made to the file before uploading to the site live. Now the browser is the culprit to the Coldfusion administration page, rather than my site files. Need help set coldfusion to my site files. Thank you.

  using DW? If you are, you want to create a new site in DW, and then make sure the cfm pages you want to view are in the root directory new sites. You can then edit and preview of DW.

  If you don't have DW and don't want to do this way you must file the cfm pages in a folder named wwwroot located here:

  c:\coldfusionmx7\wwwroot (I think that's where it is)
  or you could try dropping them in the cfdocs folder or in the folder CFIDE, not exacly sure. the best way is to create a site using the new wizard site DW.

  I'm only a beginner myslef so hopefully all the info Ive you gave here, ok, it should point you in the right direction anyway. :-)

• Can I configure UCM Content Server, Site Studio to use SQL Server?

  People,
  
  As a beginner of Stellent in my first day of training, I have to hand it to you guys. Excellent product! I will need to play with him a bit before I can really understand how it works... so I want to install it on my laptop where I already have SQL Server 2000, run the WebCenter Interaction (Plumtree) DB. Do I really need Oracle DB?
  
  Have an old laptop with not much memory and hard drive space. If Oracle DB is really needed, what is the DB instance footprint lighter ground that I can use with Stellent?
  
  I would like to hear from anyone who has been through this, especially tips, warnings, lessons...
  
  Thank you!
  Rob in Vermont

  Of course, you can use SQL Server with the AAU and WCM. No problem. The exact way - of are all covered in the guides to installation, but you should have no problem!

• Configuration VPN from Site to Site on two ASA5505

  I have two ASA5505 ver 8.4 (6) and ver 9.0 (2) configured for a laboratory site to site vpn, but without success.  I could do everything outside address from two ASA ping, but could not ping the LAN on the other end of the ASA.  Here is the error message when you try to check if the VPN tunnel is established. For reference, the configurations are provided below.  Any help is very appreciated.

  ASA1 # show crypto isakmp his

  There are no SAs IKEv1

  There are no SAs IKEv2

  ASA1 # show crypto ipsec his

  There is no ipsec security associations

  ASA1:

  crypto ISAKMP allow outside

  the local object of net network

  subnet 192.168.1.0 255.255.255.0

  net remote object network

  Subnet 192.168.2.0 255.255.255.0

  !

  outside_1_cryptomap list of allowed ip object local net net access / remote

  tunnel-group 200.200.200.1 type ipsec-l2l

  IPSec-attributes tunnel-group 200.200.200.1

  pre-shared-key pass1234

  ISAKMP retry threshold 10 keepalive 2

  !

  part of pre authentication isakmp crypto policy 10

  crypto ISAKMP policy 10 3des encryption

  crypto ISAKMP policy 10 sha hash

  10 crypto isakmp policy group 2

  crypto ISAKMP policy life 10 86400

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  card crypto outside_map 1 match address outside_1_cryptomap

  card crypto outside_map 1 set pfs Group1

  peer set card crypto outside_map 1 200.200.200.1

  card crypto outside_map 1 set of transformation-ESP-3DES-SHA

  outside_map interface card crypto outside

  !

  NAT (inside, outside) 1 local static source net net-local destination static remote net net / remote

  output

  ASA2:

  crypto ISAKMP allow outside

  the local object of net network

  Subnet 192.168.2.0 255.255.255.0

  net remote object network

  subnet 192.168.1.0 255.255.255.0

  !

  outside_1_cryptomap list of allowed ip object local net net access / remote

  tunnel-group 100.100.100.1 type ipsec-l2l

  IPSec-attributes tunnel-group 100.100.100.1

  pre-shared-key pass1234

  ISAKMP retry threshold 10 keepalive 2

  !

  part of pre authentication isakmp crypto policy 10

  crypto ISAKMP policy 10 3des encryption

  crypto ISAKMP policy 10 sha hash

  10 crypto isakmp policy group 2

  crypto ISAKMP policy life 10 86400

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  card crypto outside_map 1 match address outside_1_cryptomap

  card crypto outside_map 1 set pfs Group1

  peer set card crypto outside_map 1 100.100.100.1

  card crypto outside_map 1 set of transformation-ESP-3DES-SHA

  outside_map interface card crypto outside

  !

  NAT (inside, outside) 1 local static source net net-local destination static remote net net / remote

  output

  ASA1 # sh run int

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  ASA1 #.

  ASA1 # ping 192.168.2.1

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes 192.168.2.1, time-out is 2 seconds:

  ?????

  Success rate is 0% (0/5)

  ASA1 # ping google.com

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes to 173.194.46.71, wait time is 2 seconds:

  !!!!!

  Success rate is 100 per cent (5/5), round-trip min/avg/max = 12/10/20 ms

  ASA1 #.

  ASA2 # sh run int

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  Shutdown

  !

  interface Ethernet0/3

  Shutdown

  !

  interface Ethernet0/4

  Shutdown

  !

  interface Ethernet0/5

  Shutdown

  !

  interface Ethernet0/6

  Shutdown

  !

  interface Ethernet0/7

  Shutdown

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.2.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  ASA2 # ping 192.168.1.1

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes to 192.168.1.1, time-out is 2 seconds:

  ?????

  Success rate is 0% (0/5)

  !

  ASA2 # ping google.com

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes to 173.194.46.64, wait time is 2 seconds:

  !!!!!

  Success rate is 100 per cent (5/5), round-trip min/avg/max = 14/10/20 ms

  ASA2 #.

  If you see any debugs the SAA, there is no encryption of any kind negoiations.

  The problem may be that you need to generate an interesting to match the ACL traffic.  I don't know if you on a physical laboratory or on GNS3.  If you use a physical laboratory, attach a laptop computer inside the interface and configure an IP address for this subnet.  You may need to do this for the other ASA.  Then iniatiate a ping to the other network.

• Two links one for VPN Site to Site and another for internet on the same router configuration

  Hi all

  I have 2 internet links an ADSL and lease terminated on the same router. I need to configure ADSL for VPN site-to-site of HO and internet leased line dedicated for all users.

  my site IP subnet is 10.10.100.0/24 and HO subnet is 10.1.0.0/24.   Please find attached Config and advice it will be OK and works fine

  Thanks in advance...

  Mikael

  Hello

  For me, it looks like it has configured the route correctly;

  ip route 0.0.0.0 0.0.0.0 fastethernet4 -> for all traffic to the internet.

  Road 10.1.0.0 ip 255.255.255.0 Dialer1 -> for vpn traffic to HO.
  

  The public_IP_HO must be defined according to the map of encryption using the set by the peers command.

  I want to add is on the isakmp policy hash attribute, you can choose between sha/md5 or whatever available on your device. Make sure that the isakmp policy to match political isakmp of your HO.

  The other thing is the acl for the internet. You may want to consider replacing the deny statement if you want to deny traffic only to your jar currently it is said to deny all traffic 10.10.100.0 10.0.0.0 network, not to the 10.1.0.0 HO (network).

  HTH,

• a trusted site is considered to be an unreliable connection

  This connection is Untrusted

  You asked Firefox to connect safely to estore.thecmp.org, but we cannot confirm that your connection is secure.

  Normally, when you try to connect safely, sites will present a reliable identification to prove that you're in the right place. However, the identity of this site cannot be verified.
  What should I do?

  If you normally connect to this site without problems, this error can mean that someone is trying to impersonate the identity of the site, and you should not continue.

  I tried to enable an exception, but can't yet get into the site. This IS a TRUSTED SITE. How to replace this problem? New and improved Firefox seems not to be the case. I can't even record passwords or login IDs now. I'm upset and wish I could go back to a version more old where I never had these problems.

  Hi ltjake, this is an error in the configuration of the Web site that you referenced, because they fail to properly dispose the path of certificate of their intermediate certificate to the trusted root certificate by the browser (you should inform the webmaster of the site).

  to solve the problem locally, please simply visit this site once: https://certs.godaddy.com/repository - https://estore.thecmp.org should then load without errors...

• How to change the security settings for a particular Web site?

  I'm big fan of airplanes. There is a website: www.passur.com, which gives real-time traffic on some of the airports we. For example, the link: www4.passur.com/jfk gives all traffic inbound and outbound to and from JFK airport. This page requires Java. I installed it and everything was OK. But for some time - 2-3 months - whenever I try to open and watch the traffic there is message saying 'blocked application' and in the message from the Inbox is written - on the first line "name: has '; on the second line ' location: www4.passur.com'; " on the third (last) row is written "your security settings have blocked an application not approved to run." and on the bottom right there is a button 'OK '. The question is to know how to unlock it and display the Web page. Thanks in advance.

  There has been a change in the Java security settings, see:

  • http://KB.mozillazine.org/Java#Java_security_prompts
  • "What should I do when I see a security calls for Java?":
    http://www.Java.com/en/download/help/appsecuritydialogs.XML

  If you visit a Web site and then a possible solution is to add the URL to the list of Site of Java Exceptions, see:

  • "Why are Java applications blocked by your security settings?":
    http://www.Java.com/en/download/help/java_blocked.XML
  • "How can I configure the list of Site exceptions?":
    http://www.Java.com/en/download/FAQ/exception_sitelist.XML

• How can I allow the 'paste' based on a Web site, call direct me to line add to my profile which don't make sense and just causing more frustration

  I am trying to copy and paste text on a Web site, but Firefox seems to have a problem with that and then takes me to a page where I have to add a txt file and configure permissions for Web sites or something. Please provide a simple solution to this, and why is it even blocked!

  See if this add-on helps you.
  
  https://addons.Mozilla.org/en-us/Firefox/addon/nocopypaste/

• Restore iPad from Apple Configurator. Ask for credentials to connect?

  Most of he says title.  I'd just put up Server Manager so that we can manage the iPads at one of our client sites (we're a MSP file).  Given the "supervised: No. ' and started looking into it.  Apple Configurator downloaded 2.  Had some initial problems because find my iPad wasn't turned off, but eventually solve that.  Now he asks the iPad automatically configure credentials (name of site). I don't know what references here.  I tried the user accounts that are on the mac.  Nothing helps.  Any help?

  They must be accountable to the OS X server that runs on the Web site that you have listed as (name of site).  If your OS X server is bound to a server active directory, it will search for users.

• I can't load up a book cover of my images for a web site request form

  I can't load up a book cover of my images for a web site request form. Is there a method to do this?

  Hello

  This can depend on the configuration of the web site form. If can accept only text, may have a limit on the maximum characters lol, etc. Some Web site forms do not accept entries stuck, just live by typing.

  I suggest you contact the website for advice.

• Facebook is listed as a blocking of the site for my child however it is the most visited site on the activity report. How to be?

  Facebook appears on the report as a blocked site, but the number of visits is staggering. I believe that the child is somehow circumvent security controls.

  Hello

  It is possible that you experience this problem because you are using an older version of Windows Live Family Safety. To do this, connect to the client Windows Live parental controls with the parent account, once connected, click the question mark, and then select parental control. The latest version is 15.4.3555.0308.

  If you use the outdated version of the client, I recommend that you download and install the latest version. Please refer to this link: http://windows.microsoft.com/en-US/windows-live/essentials-other-programs

  I also want to confirm if lists of Web filtering is configured on the Web site of the parental control? Go to https://fss.live.com and sign in with the parent account, select the account of the child you are analyzing and confirm if the webiste is on the blocked list. Please also make sure that you enter the exact URL of the site you want to block.

  Finally, refresh the client of parental control filter. Sign in to the family of customer security with the parent account, on the top right click on the icon that has 2 arrows (get latest settings from the Web site).

  Thank you!

• Dynamic IP address of the remote VPN L2L ASA sites

  Hello

  I have a client who is to change their links to backup from ADSL to 4 G - LTE using Cisco 819 s.

  Unfortunately, access to 4G of PSI will have dynamic IP addressing. Online, I see configurations for one remote site with dynamic IP address, speaking to ASA, but I can't find anything on several sites of L2L linking to the ASA with dynamic addressing.

  Does anyone can help with examples of configuration

  concerning

  Richard

  Hi Richard,

  the next days I will also write a blogpost with triple recovery WAN by using this configuration.

  Michael

• IPSec VPN Site-to-Site router Cisco 837 to Firewall FortiGate 200 has

  I had a challege for a site to site vpn scenario that may need some brainstorming you guys.

  So far, I have had a prior configuration planned for this scenario, but I'm not very sure if the tunnel I created will work because I did not test it before with this scenario. I'll go next week on this project and hopefully get a solution of brainstorming you guys. Thanks in advance!

  Network diagram:

  http://cjunhan.multiply.com/photos/hi-res/5/3?xurl=%2Fphotos%2Fphoto%2F5%2F3

  Challenge:

  (1) configure CISCO R3 IPSec Site to Site VPN between 172.20.10.0 and 10.20.20.0 using cryptographic cards

  (2) IKE Phase I MainMode, lifetime 28000, md5, DH-Group1

  IKE Phase II: des-esp, hmac-md5, tunnel mode

  PSK: sitetositevpn

  Here is my setup for review:

  crypto ISAKMP policy 10

  the BA

  preshared authentication

  Group 1

  md5 hash

  ISAKMP crypto key sitetositevpn address 210.x.x.66

  !

  Crypto ipsec transform-set esp - esp-md5-hmac ciscoset

  !

  infotelmap 10 ipsec-isakmp crypto map

  the value of 210.x.x.66 peer

  Set transform-set ciscoset

  match address 111

  !

  !

  interface Ethernet0

  3 LAN description

  IP 10.20.20.1 255.255.255.0

  IP nat inside

  servers-exit of service-policy policy

  Hold-queue 100 on

  !

  ATM0 interface

  no ip address

  ATM vc-per-vp 64

  No atm ilmi-keepalive

  DSL-automatic operation mode

  !

  point-to-point interface ATM0.1

  IP address 210.x.20.x.255.255.252

  no ip redirection<-- disable="">

  no ip unreachable<-- disable="" icmp="" host="" unreachable="">

  no ip proxy-arp<-- disables="" ip="" directed="">

  NAT outside IP

  PVC 8/35

  aal5snap encapsulation

  !

  !

  IP nat inside source list 102 interface ATM0.1 overload

  IP classless

  IP route 0.0.0.0 0.0.0.0 ATM0.1

  IP route 0.0.0.0 0.x.0.x.190.60.66

  no ip http secure server

  !

  Note access-list 102 NAT traffic

  access-list 102 permit ip 10.20.20.0 0.0.0.255 any

  !

  access-list 111 note VPN Site-to-Site 3 LAN to LAN 2 network

  access-list 111 allow 0.0.0.x.x.10.0 ip 10.20.20.0 0.0.0.255

  Kind regards

  Junhan

  Hello

  Three changes required in this configuration.

  (1) change the NAT-list access 102 as below:

  access-list 102 deny ip 10.20.20.0 0.0.0.255 172.20.10.0 0.0.0.255

  access-list 102 permit ip 10.20.20.0 0.0.0.255 any

  (2) place the card encryption on interface point-to-point ATM.

  (3) remote all of a default route.

  Thank you

  Mustafa