Configure OBIEE to access remotely
Hi guys.I need to use from a remote location (machine) oracle business intelligence in the same network.
I had installed a POET in the remote machine and my machine too. Now I want to use my machine (local Administration tool) to work on the repository line mode remote .rpd. After that I want to consult the catalogue of remote web using my local browser. What should I do to achieve this? I need to set a web server and application server?
If the answer is Yes what I have to do in particular? you have some information on this?
Thanks in advance.
Direct them best.
Antonio
And here's a little tutorial: http://gerardnico.com/wiki/dat/obiee/obiee_client_tools
Tags: Business Intelligence
Similar Questions
-
Newbie question: in what configuration file < flex: access remote destination > tags go?
I seem to have read the document integration spring/Blaze about 10 times, but I don't know where to put all my < flex: access remote-Ref destination = "yaddayaddaService" / > tags. I don't want annotation allows you to set these remote destinations.
Should it go in the spring configuration file that I use for the servlet of AMF endpoint (as specified by the contextConfigLocation parameter). Or they go to a high-level cross-servlet configuration file?
What is the usual way to deal with these?
Hello
The convention is to declare:
1 declare the Spring beans (for example yaddayaddaService) in the files specified by the parameter contextConfigLocation.
2. Add the Spring - Flex specific configuration (configure message agent, declare destinations) in
WEB-INF\flex- servlet.xml, assuming that you have configured the model of Message Broker URL as follows in the web.xml file:
Flex
org.springframework.web.servlet.DispatcherServlet
1
Flex
messagebroker / *.
The repository SVN BlazeDS/distribution contains the spring sample webapp (spring - samples.war) that you can watch as well.
Hope that helps.
Rohit
-
1920 router access remote vpn LDAP living
Hello
What is required for a router in 1920 use AnyConnect and/or also integrate with AD LDAP?
Currently, this router supports legacy clients and has these licenses:
Technology for the Module package license information: "c1900".
-----------------------------------------------------------------
Technology-technology-package technology
Course Type next reboot
------------------------------------------------------------------
IPBase ipbasek9 ipbasek9 Permanent
Security securityk9 Permanent securityk9
given none none noneThe vpn to access remote client inherited integrate with AD LDAP?
Thank you.
As long as you are on IOS 15.3.3M3 or better, you have all the licenses you need for 3.1 AnyConnect run on your 1921.
The guide to directly connect your router to LDAP can be found here:
Personally, I would avoid directly interfacing with LDAP, because it can be a complex arrangement. While it can be done, it's easier to have your router to connect to the NPS Microsoft via RADIUS server for your authentication.
-
a public access remote vpn from an inside interface asa 5505
I'm trying to see if it is possible to accomplish what I am trying. I have an ASA 5505 with the following configuration.
1. There is an external connection, connected to the ISP. Let's say that it is 10.1.1.1/24 for ease. There is a remote VPN configuration as the access of people through this interface.
2. There's the inside network, which is the normal LAN. It's cable system in the office. to say that it is 172.20.0.1/24.
3. There is a wireless network on a VLAN separate called WLAN. It has an IP of 192.168.1.1/24. There is an ACL allowing traffic to that VLAN to the public internet.
Essentially, I would like users to be able to use the same VPN settings they use when connecting from outside of the Office when you are connected to WIFI.
Also, I would like that they can access public IP addresses that I have NAT would be to internal servers. In this way, they can use IP addresses when they use on the public internet.
Is this possible?
Hello
Well that's not going to be possible, the only thing you can really do is to activate the crypto map on the WLAN facing interface, by design, you cannot not access VPN, ping or manage the device on an interface which is not directly connected to you.
I hope this helps.
Mike
-
Split tunneling cannot access remote host
Hi guys,.
Having this problem by which I am able to connect the Anyconnect client but unable to ping / access of remote servers. See below for the config of the SAA;
Any ideas would be a great help, thank you!
ASA Version 9.1 (1)
!
ASA host name
enable the encrypted password xxxxxxx
xxxxxxxxxxxxx encrypted passwd
names of
mask of local pool AnyPool 10.0.0.1 - 10.0.0.10 IP 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
IP address 203.106.x.x 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 99
IP 172.19.88.254 255.255.255.0
!
interface Management0/0
management only
nameif management
security-level 100
IP 192.168.1.1 255.255.255.0
!
passive FTP mode
clock timezone 8 MYT
the SVR object network
Home 172.19.88.11
e-mail server in description
network of the NETWORK_OBJ_172.19.88.0_24 object
172.19.88.0 subnet 255.255.255.0
network of the VPN-POOL object
10.0.0.0 subnet 255.255.255.0
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
object-group service DM_INLINE_SERVICE_0
ICMP service object
area of service-purpose tcp - udp destination eq
the destination hostname eq tcp service object
the purpose of the tcp destination eq https service
the purpose of the tcp destination eq imap4 service
the purpose of the tcp destination eq nntp service
the purpose of the tcp destination eq pop3 service
the purpose of the tcp destination eq smtp service
the purpose of the tcp destination eq telnet service
Outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_0 any object SVR
Outside_access_in list extended access allow TCPUDP of object-group a
Outside_access_in access-list extended ip any any idle state to allow
Internal_access_in list extended access allow TCPUDP of object-group a
Internal_access_in access-list extended ip any any idle state to allow
SPLIT_TUNNEL list standard access allowed 10.0.0.0 255.255.255.0
pager lines 24
Enable logging
timestamp of the record
exploitation forest-size of the buffer 16384
buffered logging critical
asdm of logging of information
Debugging trace record
exploitation forest flash-bufferwrap
record level of the rate-limit 1000 1 2
management of MTU 1500
MTU 1500 internal
Outside 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
!
the SVR object network
203.106.x.x static NAT (indoor, outdoor)
!
source of auto after the cessation of NAT (inside, outside) dynamic interface
Internal_access_in in interface internal access-group
Access-group Outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 203.106.23.97 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
LOCAL AAA authorization command
Enable http server
http 192.168.1.0 255.255.255.0 management
http authentication certificate management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
No vpn sysopt connection permit
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
card crypto Outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
Outside_map interface card crypto outside
Crypto ca trustpoint ASDM_TrustPoint0
Terminal registration
name of the object CN = ASA
Configure CRL
Crypto ca trustpoint Anyconnect_TrustPoint
registration auto
name of the object CN = ASA
anyconnect_rsa key pair
Configure CRL
Crypto ca trustpoint _SmartCallHome_ServerCA
Configure CRL
trustpool crypto ca policy
string encryption ca Anyconnect_TrustPoint certificates
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 activate out of service the customer port 443
Crypto ikev2 access remote trustpoint Anyconnect_TrustPoint
Telnet timeout 3
SSH 172.19.88.0 255.255.255.0 internal
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 15
Console timeout 0
management of 192.168.1.100 - 192.168.1.200 addresses dhcpd
enable dhcpd management
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 119.110.97.148 prefer external source
SSL-trust outside Anyconnect_TrustPoint point
WebVPN
allow outside
AnyConnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
AnyConnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
AnyConnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
AnyConnect profiles AnyConnect_client_profile disk0: / AnyConnect_client_profile.xml
AnyConnect enable
attributes of Group Policy DfltGrpPolicy
VPN-tunnel-Protocol ikev1, ikev2 ssl clientless ssl ipsec l2tp client
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list SPLIT_TUNNEL
Group Policy 'GroupPolicy AnyConnect' internal
Group Policy attributes "GroupPolicy AnyConnect"
value of server WINS 172.19.88.11
value of server DNS 172.19.88.11
SSL VPN-tunnel-Protocol ikev2 client ssl clientless
WebVPN
AnyConnect value AnyConnect_client_profile type user profiles
attributes global-tunnel-group DefaultWEBVPNGroup
address pool AnyPool
tunnel-group "AnyConnect" type remote access
attributes global-tunnel-group "AnyConnect".
address pool AnyPool
strategy-group-by default "GroupPolicy AnyConnect"
tunnel-group "AnyConnect" webvpn-attributes
Group-alias "AnyConnect" activate
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
Hi Max,.
Please send me the output of 'see the anyconnect vpn-sessiondb' once connected with VPN.
And try to add the following configuration and see if that helps:
NAT (inside, outside) 1 static source NETWORK_OBJ_172.19.88.0_24 NETWORK_OBJ_172.19.88.0_24 static destination VPN-VPN-POOL no-proxy-arp-route search
And one more qusetion do you use split tunnel? If yes then you must make the following changes, because your split tunnel is incorrect, in the split tunnel, you have configured the address pool of vpn. Please make the following change:
no access list SPLIT_TUNNEL standards not allowed 10.0.0.0 255.255.255.0
Standard access list SPLIT_TUNNEL allow 172.19.88.0 255.255.255.0
Group Policy attributes "GroupPolicy AnyConnect"
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list SPLIT_TUNNEL
Let me know if this can help, or if you have any questions, more about it.
Thank you
Jeet Kumar
-
2 VPN SITE to SITE with ACCESS REMOTE VPN
Hello
I have a 870 router c and I would like to put 2 different VPN SITE to SITE and access remote VPN (VPN CLIENTS) so is it possible to put 3 VPN in the router even if yes can u give me the steps or the sample configuration
Concerning
Thus, on the routers will be:
Cisco 2611:
LAN: 10.10.10.0/24
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 100 permit ip 14.1.1.0 0.0.0.255 10.10.20.0 0.0.0.255--> VPNPOOL
!
10 ipsec-isakmp crypto map clientmap
defined by peer 172.18.124.199
match address 100
!
IP local pool ippool 14.1.1.1 14.1.1.254
!
access-list 120 allow ip 10.10.10.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 120 allow ip 10.10.20.0 0.0.0.255 14.1.1.0 0.0.0.255 --> NETWORK REMOTE
!
crypto ISAKMP client configuration group ra-customer
pool ippool
ACL 120
!
Please note that the configuration is incomplete, I added that relevant changes, you should bring to the allow clients of RA through the LAN-to-LAN tunnel, of course, the LAN-to-LAN settings should match to the other side of the tunnel that is mirror of ACL, NAT and so on.
HTH,
Portu.
-
Cannot access remote network by VPN Site to Site ASA
Hello everyone
First of all I must say that I have configured the VPN site-to site a million times before. Stuck with it. First of all I can't ping outside the interface of my ASA remote. Secondly, VPN is in place, but no connectivity between local networks
ASA local:
hostname gyd - asa
domain bct.az
activate the encrypted password of XeY1QWHKPK75Y48j
XeY1QWHKPK75Y48j encrypted passwd
names of
DNS-guard
!
interface GigabitEthernet0/0
Shutdown
nameif vpnswc
security-level 0
IP 10.254.17.41 255.255.255.248
!
interface GigabitEthernet0/1
Vpn-turan-Baku description
nameif outside Baku
security-level 0
IP 10.254.17.9 255.255.255.248
!
interface GigabitEthernet0/2
Vpn-ganja description
nameif outside-Ganja
security-level 0
IP 10.254.17.17 255.255.255.248
!
interface GigabitEthernet0/2.30
Description remote access
VLAN 30
nameif remote access
security-level 0
IP 85.*. *. * 255.255.255.0
!
interface GigabitEthernet0/3
Description BCT_Inside
nameif inside-Bct
security-level 100
IP 10.40.50.65 255.255.255.252
!
interface Management0/0
nameif management
security-level 100
IP 192.168.251.1 255.255.255.0
management only
!
boot system Disk0: / asa823 - k8.bin
passive FTP mode
DNS server-group DefaultDNS
name-server 192.168.1.3
domain bct.az
permit same-security-traffic intra-interface
object-group network obj - 192.168.121.0
object-group network obj - 10.40.60.0
object-group network obj - 10.40.50.0
object-group network obj - 192.168.0.0
object-group network obj - 172.26.0.0
object-group network obj - 10.254.17.0
object-group network obj - 192.168.122.0
object-group service obj-tcp-eq-22
object-group network obj - 10.254.17.18
object-group network obj - 10.254.17.10
object-group network obj - 10.254.17.26
access-list 110 scope ip allow a whole
NAT list extended access permit tcp any host 10.254.17.10 eq ssh
NAT list extended access permit tcp any host 10.254.17.26 eq ssh
access-list extended ip allowed any one sheep
icmp_inside list extended access permit icmp any one
icmp_inside of access allowed any ip an extended list
access list nat-ganja extended permit tcp any host 10.254.17.18 eq ssh
RDP list extended access permit tcp any host 192.168.45.3 eq 3389
rdp extended permitted any one ip access list
sheep-vpn access-list extended permits all ip 192.168.121.0 255.255.255.0
NAT-vpn-internet access-list extended ip 192.168.121.0 allow 255.255.255.0 any
NAT-vpn-internet access-list extended ip 172.26.0.0 allow 255.255.255.0 any
NAT-vpn-internet access-list extended ip 192.168.122.0 allow 255.255.255.0 any
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.60.0 255.255.255.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.50.0 255.255.255.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 172.26.0.0 255.255.255.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.254.17.0 255.255.255.0
GHC-ganja-internet access-list extended ip 192.168.45.0 allow 255.255.255.0 any
Standard access list Split_Tunnel_List allow 192.168.16.0 255.255.255.0
azans 192.168.69.0 ip extended access-list allow 255.255.255.0 any
permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.121.0 255.255.255.0
permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.80.0 255.255.255.0
pager lines 24
Enable logging
emblem of logging
recording of debug console
recording of debug trap
asdm of logging of information
Interior-Bct 192.168.1.27 host connection
flow-export destination inside-Bct 192.168.1.27 9996
vpnswc MTU 1500
outside Baku MTU 1500
outside-Ganja MTU 1500
MTU 1500 remote access
Interior-Bct MTU 1500
management of MTU 1500
IP local pool raccess 192.168.121.60 - 192.168.121.120 mask 255.255.255.0
IP local pool ssl 192.168.121.130 - 192.168.121.200 mask 255.255.255.0
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any outside Baku
ICMP allow access remotely
ICMP allow any interior-Bct
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
global (outside-Baku) 1 interface
global (outside-Ganja) interface 2
3 overall (RAS) interface
azans access-list NAT 3 (outside-Ganja)
NAT (remote access) 0 access-list sheep-vpn-city
NAT 3 list nat-vpn-internet access (remote access)
NAT (inside-Bct) 0-list of access inside_nat0_outbound
NAT (inside-Bct) 2-nat-ganja access list
NAT (inside-Bct) 1 access list nat
Access-group rdp on interface outside-Ganja
!
Router eigrp 2008
No Auto-resume
neighbor 10.254.17.10 interface outside Baku
neighbor 10.40.50.66 Interior-Bct interface
Network 10.40.50.64 255.255.255.252
Network 10.250.25.0 255.255.255.0
Network 10.254.17.8 255.255.255.248
Network 10.254.17.16 255.255.255.248
redistribute static
!
Access remote 0.0.0.0 0.0.0.0 85.*. *. * 1
Outside-Baku route 10.0.11.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 10.0.33.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 10.0.150.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 10.0.170.0 255.255.255.0 10.254.17.10 1
Route outside Baku 10.254.17.24 255.255.255.248 10.254.17.10 1
Route outside Baku 10.254.17.32 255.255.255.248 10.254.17.10 1
Route outside Baku 192.1.1.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 192.168.27.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 192.168.39.0 255.255.255.0 10.254.17.10 1
Route outside-Ganja 192.168.45.0 255.255.255.0 10.254.17.18 1
Route outside-Ganja 192.168.66.0 255.255.255.0 10.254.17.18 1
Route outside-Ganja 192.168.69.0 255.255.255.0 10.254.17.18 1
Outside-Baku route 192.168.80.0 255.255.255.0 10.254.17.11 1
Access remote 192.168.121.0 255.255.255.0 85.132.43.1 1
Route outside-Ganja 192.168.184.0 255.255.255.0 10.254.17.18 1
Route outside Baku 192.168.208.16 255.255.255.240 10.254.17.10 1
Route outside-Ganja 192.168.208.112 255.255.255.240 10.254.17.18 1
Route inside-Bct 192.168.254.0 255.255.255.0 10.40.50.66 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
AAA-server protocol Ganymede GANYMEDE +.
AAA-server GANYMEDE (Interior-Bct) 192.168.1.8
key *.
AAA-server GANYMEDE (Interior-Bct) 192.168.22.46
key *.
RADIUS protocol AAA-server TACACS1
AAA-server TACACS1 (Interior-Bct) host 192.168.1.8
key *.
AAA-server TACACS1 (Interior-Bct) host 192.168.22.46
key *.
authentication AAA ssh console LOCAL GANYMEDE
Console to enable AAA authentication RADIUS LOCAL
Console Telnet AAA authentication RADIUS LOCAL
AAA accounting ssh console GANYMEDE
Console Telnet accounting AAA GANYMEDE
Enable http server
http 192.168.1.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 Interior-Bct
http 192.168.139.0 255.255.255.0 Interior-Bct
http 192.168.0.0 255.255.255.0 Interior-Bct
Survey community SNMP-server host inside-Bct 192.168.1.27
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
Crypto ipsec transform-set newset aes - esp esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
Crypto ipsec transform-set esp-3des esp-md5-hmac raccess
Crypto ipsec transform-set esp-3des esp-sha-hmac vpnclienttrans
Crypto ipsec transform-set vpnclienttrans transport mode
life crypto ipsec security association seconds 2147483646
Crypto ipsec kilobytes of life security-association 2147483646
raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map
correspondence address card crypto mymap 10 110
card crypto mymap 10 peers set 10.254.17.10
card crypto mymap 10 transform-set RIGHT
correspondence address card crypto mymap 20 110
card crypto mymap 20 peers set 10.254.17.11
mymap 20 transform-set myset2 crypto card
card crypto mymap interface outside Baku
correspondence address card crypto ganja 10 110
10 ganja crypto map peer set 10.254.17.18
card crypto ganja 10 transform-set RIGHT
card crypto interface outside-Ganja ganja
correspondence address card crypto vpntest 20 110
peer set card crypto vpntest 20 10.250.25.1
newset vpntest 20 transform-set card crypto
card crypto vpntest interface vpnswc
vpnclientmap 30 card crypto ipsec-isakmp dynamic dyn1
card crypto interface for remote access vpnclientmap
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = gyd - asa .az .bct
sslvpnkeypair key pair
Configure CRL
map of crypto DefaultCertificateMap 10 ca certificatecrypto isakmp identity address
ISAKMP crypto enable vpnswc
ISAKMP crypto enable outside-Baku
ISAKMP crypto enable outside-Ganja
crypto ISAKMP enable remote access
ISAKMP crypto enable Interior-Bct
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 20
preshared authentication
aes encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
preshared authentication
aes encryption
sha hash
Group 2
life 86400
Crypto isakmp nat-traversal 30
No vpn-addr-assign aaa
Telnet timeout 5
SSH 192.168.0.0 255.255.255.0 Interior-Bct
SSH timeout 35
Console timeout 0
priority queue outside Baku
queue-limit 2046
TX-ring-limit 254
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
Server NTP 192.168.1.3
SSL encryption, 3des-sha1 rc4 - md5 aes128-sha1 sha1-aes256
SSL-trust point ASDM_TrustPoint0 to vpnlb-ip remote access
SSL-trust ASDM_TrustPoint0 remote access point
WebVPN
turn on remote access
SVC disk0:/anyconnect-win-2.4.1012-k9.pkg 1 image
enable SVC
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
internal group ssl policy
attributes of group ssl policy
banner welcome to SW value
value of DNS-server 192.168.1.3
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
group-lock value SSL
WebVPN
value of the SPS URL-list
internal vpn group policy
attributes of vpn group policy
value of DNS-server 192.168.1.3
Protocol-tunnel-VPN IPSec l2tp ipsec
disable the PFS
BCT.AZ value by default-field
ssl VPN-group-strategy
WebVPN
value of the SPS URL-list
IPSec-attributes tunnel-group DefaultL2LGroup
ISAKMP retry threshold 20 keepalive 5
attributes global-tunnel-group DefaultRAGroup
raccess address pool
Group-RADIUS authentication server
Group Policy - by default-vpn
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
IPSec-attributes tunnel-group DefaultWEBVPNGroup
ISAKMP retry threshold 20 keepalive 5
tunnel-group 10.254.17.10 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.10
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
type SSL tunnel-group remote access
attributes global-group-tunnel SSL
ssl address pool
Authentication (remote access) LOCAL servers group
Group Policy - by default-ssl
certificate-use-set-name username
Group-tunnel SSL webvpn-attributes
enable SSL group-alias
Group-url https://85. *. *. * / activate
tunnel-group 10.254.17.18 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.18
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
tunnel-group 10.254.17.11 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.11
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
type tunnel-group DefaultSWITGroup remote access
attributes global-tunnel-group DefaultSWITGroup
raccess address pool
Group-RADIUS authentication server
Group Policy - by default-vpn
IPSec-attributes tunnel-group DefaultSWITGroup
pre-shared key *.
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the rsh
inspect the rtsp
inspect sqlnet
inspect sunrpc
inspect xdmcp
inspect the netbios
Review the ip options
class flow_export_cl
flow-export-type of event all the destination 192.168.1.27
class class by default
flow-export-type of event all the destination 192.168.1.27
Policy-map Voicepolicy
class voice
priority
The class data
police release 80000000
!
global service-policy global_policy
service-policy interface outside Baku Voicepolicy
context of prompt hostnameCryptochecksum:4f35f975ba7a0c11f7f46dfd541d266f
: end
GYD - asa #.ASA remote:
ASA Version 8.2 (3)
!
ciscoasa hostname
activate the encrypted password of XeY1QWHKPK75Y48j
2KFQnbNIdI.2KYOU encrypted passwd
names of
DNS-guard
!
interface Ethernet0/0
nameif inside
security-level 100
IP 192.168.80.14 255.255.255.0
!
interface Ethernet0/1
nameif outside
security-level 0
IP 10.254.17.11 255.255.255.248
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
nameif management
security-level 100
no ip address
management only
!
boot system Disk0: / asa823 - k8.bin
passive FTP mode
access-list 110 scope ip allow a whole
192.168.80.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.0.0 255.255.0.0
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
management of MTU 1500
Within 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow all outside
ICMP allow any inside
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside) 0 access-list sheep
Route outside 0.0.0.0 0.0.0.0 10.254.17.9 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 management
http 192.168.80.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
Crypto ipsec transform-set newset aes - esp esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
life crypto ipsec security association seconds 2147483646
Crypto ipsec kilobytes of life security-association 2147483646
correspondence address card crypto mymap 10 110
card crypto mymap 10 peers set 10.254.17.9
mymap 10 transform-set myset2 crypto card
mymap outside crypto map interface
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 20
preshared authentication
aes encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
preshared authentication
aes encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPNtunnel-group 10.254.17.9 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.9
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostnameCryptochecksum:1c1ac60e2fb84f65269d15d53f27c21b
: end
ciscoasa # $Still, I can't ping ASA remote outside from outside of the Local interface. And there is no connectivity between the 192.168.80.0 distance and local don't say 192.168.1.0. I have run out of ideas
Would appreciate any help. Thank you in advance...
If the tunnel is up (phase 1), but no traffic passing the best test is the following:
Add order management-access to the Interior , and then try to PING the intellectual property inside ASA counterpart.
inside x.x.x.x ping --> x.x.x.x is the IP of the ASA peer inside
The test above shows if the traffic passes through the tunnel (check encrypted/decrypted packets of sh cry ips its).
Test on both directions.
Please post the results.
Federico.
-
My portfolio is currently configured to allow access when locked. I used to be able to double-click the home button and seems my card and I would enter my access code. I have updated to IOS 10 and I am no longer able to do this. All the settings are there. I have an IPhone 6.
Are? you double click in front of the screen of the iPhone are? (pending). This is what seems to work for me.
I hope this can help.
-
Our computer was accessed remotely this afternoon, how can we prevent this?
We have a Mac Mini, with OS X 10.6.8 using NetZero DSL as our internet provider and Firefox as your browser. Our computer was accessed remotely through LogMeIn (rescue), but it seems that the person or the group failed to hack into our computer. Are there settings in Firefox that could prevent this from happening in the future? Thank you...
Firefox is a web browser not a firewall.
I agree that it's more to do with your operating system and the LogMeIn software on ensuring that only you have access when you need to.
-
My camera iPhone 5s is accessed remotely? Whenever I use my phone torch ends up taking videos. Is it possible for a person to access my camera through the torch. We share the same Apple ID
N °
but maybe you tap the camera icon (bottom-right) when you press the icon of the torch (with the other hand maybe?)
-
How a cRIO can access remote systems VISA resources?
I have a NI 9871 RS485 module on an ethernet 9148 RIO.
I have also a laptop and a cRIO 9073.
I can access each of the 9871 serial ports on the computer but not the 9073.
When you try to access it from the cRIO, I get error:-1073807192, VISA: (Hex 0xBFFF00A8) is denied access to the resource or to the remote machine. This is due to the lack of sufficient privileges for the current user or the machine.
How the cRIO can access the serial ports of the module 9871 on the ethernetRIO?
Or how a remote access cRIO visa resources?
Or how a cRIO can have sufficient privileges to access remote resources from visa?
Thank you for your help.
LabVIEW 2010 & VISA 5.1 on pc
NOR-RIO 4.0 and 5.1 VISA & NI 9871 SERIES scan engine support on cRIO and eRIO
Hi Woss,
It is possible that your RIO Ethernet has some parameters of active access which is to prohibit the connection to serial ports. You can change these settings in a position and Automation Explorer (MAX) for your device by going to the device under remote systems, expanding the category of software under it and choosing NI-VISA. There will be a tab in the right pane of MAX called Options of VISA. In this tab, select Server VISA > security to access these settings.
From there, you should be able to add the IP address of the RIO device that needs to access the VISA on the RIO Ethernet server. Once you have changed these settings, just click on register at the top of the window and allow the unit to restart. Let me know if that helps!
-
How to configure the VLAN-access plan on Cisco 3650
Hello
I would like to configure the VLan-access plan to filter some of the traffic VLAN, but I am unable to run vlan-map command on the cisco L3 3650 v03.06.00E
Hello ahmed,.
According to the command search tool, 3650 v03.06.00E does not support the vlan-access plan.
You will need to catalyst 3650, 3SE to configure "vlan access map.
https://Tools.Cisco.com/support/CLILookup/cltSearchAction.do
Show vlan-plan of access (catalyst 3650, 3SE)
VLAN-access plan (catalyst 3650, 3SE)
I hope this helps.
Please evaluate the useful messages.
Thank you.
-
Configure ASA5055 as a remote access VPN client
Hello world
I'm trying to configure a 5505 as a remote access VPN client. I have several old hubs VPN 3002, but in the new sites I'll use a 5505 instead of these 3002.
I think that the configuration is very simple. I have the IP address of the peer (remote server), I know it is an IPsec tunnel without certificate and I have passwords and user name and group.
How can I translate this configuration for an ASA5505? I have attached a screenshot.
Here ya go:
http://www.Cisco.com/en/us/docs/security/ASA/asa83/configuration/guide/ezvpn505.html
Federico.
-
configuration problem pix515 to access remote vpn using the vpn client
Hello
My chart is simple:
a client pc with customer vpn cisco 3.X
try to connect to a remote site via a pix 515E.
What happened:
the pc can connect, the pix give it an ip address, but no traffic not encrypted so no access to the remote network.
My config is:
---------------------------------------
START THE CONFIG
--------------------------------------
access-list 102 permit ip 192.168.80.0 255.255.255.0 10.10.10.0 255.255.255.0
IP local pool clientpool 10.10.10.5 - 10.10.10.50
NAT (inside) - 0 102 access list
Permitted connection ipsec sysopt
Crypto ipsec transform-set robust esp - esp-md5-hmac
Crypto-map dynmap 10 transform-set robust Dynamics
map mymap 10-isakmp ipsec crypto dynamic dynmap
mymap outside crypto map interface
ISAKMP allows outside
ISAKMP identity address
part of pre authentication ISAKMP policy 10
encryption of ISAKMP policy 10
ISAKMP policy 10 md5 hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
vpngroup address clientpool pool vpn30002
vpngroup password 123daniel456789 vpn30002
vpngroup split tunnel 102 vpn30002
-------------------------------------
END CONFIG
-------------------------------------
Please help me!
Concerning
Can you upgrade to a new vpn client or try to disable the firewall in XP sp 2? I think the problem is that this old clients are not supported on xp sp2 or will have problems with the firewall in SP2. Try to run a higher customer or 4.0 x.
-
Access remote USB to E3000 problem?
Hello
I recently got the E3000 router because it has USB and is simultaneous dual band router.
It is connected to the ATT modem + router. I disabled wireless 2wire ATT modem and connected the linksys router.
Now, after much playing with it, I have configured the USB key to work and being visible on the network, Media Server also seems to work very well.
Now I need help with the following:
Now what I'm trying to do is have remote access to my USB connected hard drive on the internet.
Also, I want to put the USB HDD as media download drive. For example if I'm downloading a large file or download torrent I want it either directly into the USB connected HDD.
Also in my computer/network, I have the disc visible as a computer and when I double click on it, it ask me for the admin and password user id and I have access available files, that I do not understand why is this? Because the same thing can be achieved by "map network drive" then what is the difference between the two?
Waiting for answer
Thanks for the help guys
For your 1st question: Yes, the problem is with your configuration. The E4200 needs direct access to the internet, but in this case it is "hidden" behind a NAT (your att gateway) device. You must find a way to dumb down your front door so that it becomes just a modem.
If you have att u-verse, then you must look for a story on your gateway 2wire called demilitarized zone more and put in place to allow your router to be seen on the internet that will allow you to remote access to the storage unit.
As for your 2nd question: there is no way to do it. Your pc should be while you download files.
Maybe you are looking for
-
Hi guys,. Since the official update is available for 3 WatchOs, I can't seem to do the update on my watch. I click on software update as you would, and it comes up with ' watch OS 3 - awaiting installation... ". » then click on install and enter my p
-
Why Firefox 16.0.1 keep turn off my newest version of java?
Pogo.com cites a security problem and a fix for Java. Oracle provides a version update. Mozilla disables this new version. Now, mozilla disables ANY version. Website of Oracle is unable to check the new installation of java. Oracle cannot check ANY v
-
Toshiba EXCITE Pro - WiFi. Authentication failed after update
Hello. Just got this tablet.Everything seemed ok by updating to the latest version (because first of all to solve the problems of heat). After the update * I lost my WIfi connection. Failed authentication * (has not changed anything - linked - update
-
Qosmio F30-117: A single HARD drive is recognized after upgrade to 120 GB
I have a Qosmio F30-117 with 2 x 60 GB Toshiba hard drives installed. I want to switch to 2 x 120 GB HARD drive, but my Slot 1 does not recognize the HARD drive as being present. Slot 2 recognizes that a 120 GB HARD drive is present. This happens wit
-
Z570: Plugged in but not charging status message
Hello I recently had a computer laptop z570. I get status above message "trendy but no charging current. What is the reason for this? What is an adapter or battery problem or one other change of parameter to enable this I tried the 'Balanced' & 'High