Create crypto via several public interfaces

Similar Questions

• VPN via a different interface of the "outside" interface

  I have two ASA5510 each with two external interfaces, we're connecting to an ISP for the Internet and the other connects to an MPLS network. And I have the LAN on the interface of "inside".

  In my lab, I have each external interface connected to a separate router, and the router connects to an another ASA5510 who will be at the other end of the VPN.

  Enough of this scheme:

  LAN
  |
  |
  |
  |
  ASA--------------
  | defaultroute | specificroute
  |                       |
  |                       |
  |                       |
  Router router
  |                       |
  |                       |
  |                       |
  | defaultroute | specificroute
  ASA--------------
  |
  |
  |
  |
  LAN

  I bring a VPN on the interface either as long as I get the interface default route (0.0.0.0 0.0.0.0). So it seems that the configuration is correct. But given that I have only one default route, I can never raise the second VPN.

  I have a static route pointing to the peer through the correct interface and next hop for the second VPN IP and can ping and traceroute to the public address just fine so routing is correct, but...

  whenever I ping from LAN to LAN to make appear the second VPN log just shows it as an attempt to create a translation.

  It is as if it does not have it as "interesting traffic" but as a regular traffic to the Internet.

  Any thoughts on this?

  Thanks in advance.

  Hello

  If you need to configure the tunnel interface on the ASA (ISP or MPLS)... While you apply the card encryption on both interfaces.

  Then... routing will take care through which interface to negotiate the tunnel.

  Say that the remote site has this configuration:

  Public IP = 1.1.1.1

  Remote LAN = 10.1.1.0/24

  You should have this:

  Route ISP 1.1.1.1 255.255.255.255 NEXT_HOP 10

  Route MPLS 1.1.1.1 NEXT_HOP 20 255.255.255.255

  Route ISP 10.1.1.0 255.255.255.0 NEXT_HOP 10

  Route MPLS 10.1.1.0 255.255.255.0 NEXT_HOP 20

  In addition, configure IP SLA.

  Whenever the ISP interface goes down, the ASA will attempt to negotiate the tunnel via the MPLS interface (because is one that can be used to reach the other site).

  Federico.

• Creating ent via API and post processing event handlers

  I have a number of post-processing-event handlers defined for the creation of the organization. They all work fine and do what they need to do when I create an organization via the web interface. However if I create an organization that uses the Java API, managers of events do not run. They are not supposed to run? I think that IOM should handle all the same applications - everywhere where they are generated.
  
  Here is my example of API:
  
  Import Thor.API.Exceptions.tcAPlException;
  Import Thor.API.Operations.tcOrganizationOperationslntf;
  import java.util.Hashtable;
  import java.util.HashMap;
  Import javax.security.auth.login.LoginException;
  Import oracle.iam. platform. OIMClient;
  
  public class test {}
  Public Shared Sub main (string [] args)
  {
  Hashtable env = new HashtableQ;
  approx. put (0IMc1 I ent. jAvA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitiialContextFactory");
  env.put (mpta OIMC]. JAVA_NAMING_PROVIDER_URL, "t3: / / localhost:14000");
  OIMClient oimclient = new olMClient (env);
  try {}
  oimclient. Login ("xelsysadm", args [O] .tocharArrayO); II the password is the only argument
  } catch (System.Exception e)
  System.out.println ("ERROR: connection exception.") Please check your username / password are correct. ») ;
  }
  tcorganizationOperationsintf orgManager = (tcOrganizationOperationsintf.class) oimclient.getservice;
  < String, String > HashMap hmorgDetails = new HashMap < String, String > ();
  hmOrgDetails.put ('Organizations.organizationName', 'org test');
  hmorgDetails.put ('Organizations.Type', 'Branch')
  Try
  {
  orgManager.createOrganization (hmorgDetails);
  } catch (Exception e) {}
  System.out.println (e. getMessage())
  e.printStackTraceQ;
  }
  return;
  }
  }
  
  and my definition of post processing:
  <? XML version = 'l.O' encoding = "uTF - 8"? >
  < eventhandlers xmlns = "http://www.oracle.com/schema/oim/platform/kernel."
  xmlns: xsi = "http://www.w3.org/2001/xMLschema-instance".
  xsi: schemaLocation = "http://www.oracle.com/schema/oim/platform/kernel%2dorchestrat-jon."
  -hand] ers. XSD">
  <! - custom preprocess event handlers - >
  < entity-type of the action handler = operation 'Organization' = 'CRΘER. '
  Class =' ' corn.corp.AutoCreateRoles
  name = 'Run in creating org'
  Stadium = "post-processing".
  order = "2000".
  Sync = "TRUE" / >

  Try to use OrganizationManager service class in your java code instead of the tcOrganizationOperationsIntf inheritance. Which should trigger the event handler. Recently, I had a problem where using the EntityManager on user has not triggered the eventhandler but only when using the UserManager triggered it.
  It would be possible only when you are using the legacy API, a new orchestration is not produced, and therefore the event handler is not called.

  -Marie

• VPN client with counterpart on secondary ip address on the public interface of the router

  Hello

  On our office LAN, we have a Linux server than it hosting a VPN connection to a remote client.

  Do this to ISAKMP card on our Cisco router port connections to the internal ip address of the Linux host.

  However, we now want to allow our users to establish VPN connections to our local network using the unit of Cisco VPN Client.

  Of course, this would present challenges, as the ISAKMP our router port is mapped through an internal host.

  So, we tried to set up a secondary ip address on the router and VPN clients to connect to that.

  What we see in our newspapers is as follows:

  Phase 1 is very well established, and the VPN Client prompts the user for a user name and password.

  Authentication of the phase 2 starts, but the router says it's is not to receive a proposal of hash of the client.

  185 12:18:06.943 09/03/11 Sev = Info/4 IKE / 0 x 63000014
  RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">

  (in this case, where x.x.x.x is the secondary ip address on the public interface)

  After that, the Phase 1 SA is removed and the connection fails.

  My understanding is that the Phase 2 negotiation takes place with the ip address assigned to the client in Phase 1, which suggests that the problem occurs because the client communicates with the main on the interface ip address, and no secondary ip address.

  When remove us the mapping of port isakmp and the VPN client to connect to the primary ip address, everything works fine.

  Question:

  It is possible to establish 2 router VPN Client uses a secondary ip address?

  If not, is there some way I can implement the port mapping so that it occurs, the connection comes from a specific ip address?

  Garreth

  Should be supported on IOS.

  The command is crypto ctcp port...

  Check this link:

  http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/prod_white_paper0900aecd8061e2b3.html

  Federico.

• Is it possible to several user interface screens to manage in the only user interface project in oracle BPM...

  Hi Experts,

  In my process I use multitask user regarding my needs. Now, I need to create screens of the user interface to the user of the task. Is it possible to several user interface screens to manage in the only user interface project in oracle BPM... Please let me know if you have an idea

  .

  Thanks and greetings

  Charm_Narra

  http://youtu.be/bpVVpDJLE1o   This video explains how to ensure that the UIS of multiple human tasks in a single project ADF.

  Dan

• Service Manager Console 2012 can create tickets via email through any kind of process/workflow?

  Original title: create tickets by e-mail

  Hey guys,.

  I need to create a support metric and most of our users are used for sending emails to the support mailbox and do not connect a ticket. Service Manager Console 2012 can create tickets via email through any kind of process/workflow? I know another system that can - I did not know if the MSC can?
  I hope that makes sense.  THX,

  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• How can I secure my laptop when I surf the internet via a public router at work?

  How can I secure my laptop when I surf the internet via a public router at work? I mean if I use a router to work and others use too and I use a private laptop! I heard that someone hase the knoladge he can enter my laptop the couscous that he uses the same router I do. you have a special program for that, or is there a place in my computer that I need to enable to avoid the unwanted entries?

  If your Windows is updated and your Windows Firewall is enabled and that you have updated anti-virus, that would be fine. In Windows 7, you must check Action Center in Control Panel to see your security status, if something is wrong that it will show a message in Windows XP and Windows Vista, he calls the center of security.

  They may only enter your laptop or hack, if your firewall is disabled or there is a vulnerability in your system or a Malware would cause of vulnerability, and in all cases to ensure that your Windows updates and anti-virus is running, you are protected.

  Another thing is that if your router requires the password, then choose strong password and change it regularly, if it is public without password or authentication, then you need to careful when visiting Web sites because they could be monitor and publicly display information. Some websites have encryption that in Internet Explorer, it shows as a lock icon pad indicating that your transaction is encrypted and you're safe.

  It depends also wireless encryption in your company that will be in service by admin or SOUND Department if it's WPA2 which is good but for WEP or WPA, you should be very careful. I suggest to discuss this issue with your COMPUTER service too.

• share a video from my computer to my laptop via the public folder, the error message: failed to connect

  Computer is Vista's Window and laptop is Windows 7, I turned on the sharing of files and public folders under Network Center and sharing. He said that I have a connection every time failure.

  I want to share a video from my computer to my laptop via the public folder.

  Hello
  You can view these methods:
  Method 1:
  I suggest you to turn off the firewall and any security on your computer program and check if it solves the problem.
  After reviewing the question you must reactivate the security on your computer program.

  Note: Run the computer without antivirus software or firewall is a potential threat to the computer; Be sure to activate security software after completing the troubleshooting steps and after identifying the problem.

  Method 2:
  Troubleshoot "access denied" when opening files or folders
  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-access-denied-when-opening-files-or-folders
  See also:
  Sharing files with the Public folder
  http://Windows.Microsoft.com/en-us/Windows-Vista/sharing-files-with-the-public-folder

• create a description of the interface if no ip address received from the dhcp server

  Hi Experts,

  I would like to create simple script revved my interface isn't getting an IP address, it will add the description of this interface. I tried writing but no luck. BTW, this is my first attempt of EEM. Thanks in advance...

  Event Manager applet change-address_2
  model event syslog "DHCP_Description."
  order cli action 001 'enable '.
  action 002 cli command "show int G0/0 | address Internet Inc. will be negotiated"
  football action 003 cli match $_cli_result
  action 004, «config t» cli command
  005 action, command cli "int g0/0".
  action 006 cli "description of the command NO IP ASSIGN"

  I built a task of laboratory for this kind of thing for CiscoLive.  In the laboratory, a static IP address is assigned to the interface, but it's easy to change to simply put a description.  The following policies:

  "event Manager environment q.
  Dhcp-intf-up applet event handler
  event syslog LINEPROTO.*GigabitEthernet0/0,.*changed state model up to
  order cli action 001 'enable '.
  action 002, «config t» cli command
  action 003 cli command "event manager applet dhcp-intf-timer."
  action 004 cli command 'event timer countdown 60 '.
  005 action, command cli "action 1.0 cli command enable."
  action 006 cli command "action 2.0 cli command $q config t$ q.
  action 007 cli command "action 3.0 $q interface cli command Gi0/0$ q.
  action 008 cli command "action 4.0 cli don't command $q description NO ATTRIBUTION of IP $q.
  action 010 cli command "action 6.0 cli don't command $q no event manager applet dhcp-intf-timer-disable$ q.
  action 011 cli command "action 7.0 cli don't command $q no event manager applet dhcp-intf-timer$ q.
  action 012 cli command "event manager applet dhcp-intf-timer-disable.
  action 013 cli command "syslog events model $q%DHCP-6-ADDRESS_ASSIGN:.*GigabitEthernet0/0 $q.
  action, command cli 014 'action 1.0 cli enable command '.
  action 015 cli command "action 2.0 cli command $q config t$ q.
  action 016 cli command "action 3.0 cli don't command $q no event manager applet dhcp-intf-timer$ q.
  action 017 cli command "action 4.0 cli don't command $q no event manager applet dhcp-intf-timer-disable$ q.
  action 018 cli command 'end '.

• Public interface on VPN 3000

  Hello

  It is as sure to fix the public interface on a VPN 3000 Concentrator on the internet? Or should there be a firewall in front.

  I understand that the public interface is "hardcoded" and only open ports you'd pass firewall anyway, but I just wanted to check with experts to ensure that :-)

  Peter

  Hi Peter,.

  I don't think there are major problems involving the public interface of VPN 3030 Internet. It is means in reality for public access... it is a little hardened to allow only specific protocols... If you have an ID, you can monitor the traffic on this interface and shun unnecessary connections if necessary... you also have filters on the public interface, which allows you to restrict the traffic...

  set the vpn behind a firewall increases the complexity of your network. You may as well have this behind, but it will be a little complicated.

  I hope this helps... all the best

  REDA

• A few questions about the video conference via the public network

  Hi all

  I have a few questions that need your help:

  1. normally, I connect endpoints to MCU via local network (extended WAN) so everything is OK. But if I want to connect to the MCU via the public network (e.g. Internet FTTH), am I any equipment more or MCU settings? Need video firewall option?

  2 Cisco Telepresence does support VPN for remote endpoint to join video conference?

  Thank you

  Hi yours!

  (1) If you are looking in the connectivity, I would recommend that you speak to someone in sales of cisco (partner)

  to tell you a little more about the deployment of VCS-E and VCS - C.

  You need something to do good firewall/nat traversal, not only for the nat in your organization,

  but also for remote users with endpoints behind a nat home router,...

  (2) the endpoints and the infrastructure do not have a vpn client, but you can of course use VPN router between the two.

  But you should know that the video uses a certain packets per second and bandwidth so the vpn router could

  in trouble and a vpn also adds the overhead rate ip then you have MTU problems.

  But yes, I saw people using Cisco Telepresence via VPN.

  Yours: Please note the answers using the stars below!

• Disable the HTTP/HTTPS on public Interface Management

  I was able to do this on a VPN 3030 using the Configuration 3.6.7.F code running > Policy Management > traffic management > filters, select 'Public', click "Assign rules to filter", delete In incoming and Out for HTTP and HTTPS, then Save Config. I don't get the same behavior when I apply the same changes to a VPN 3030 running 4.1.7.F as I am still able to show management on the public interface. I want to keep managing HTTPS on the private interface.

  Hello

  Take a look in the folder 'WebVPN' under ' Configuration. Interfaces | Ethernet 2'. There you should find the point "Sessions allow management HTTPS.

  HTH

  Mark

• Create table with several Collections of data control

  Hello

  I have a requirement about to display data in a table. It shows simple, but certain columns in the table are within a collection, and the others are in another collection. I read this chapter Creation of ADF Databound Tables - 11 g Release 1 (11.1.1.7.0), and she explains to create the table with a collection.

  I have no knowledge on the model, I know just as control data, so what should I do? :

  -Ask for the template designer to redraw the control of data to include a collection with all the data?

  -Try to work with the actual data control? If so, how can I create the table several Collections of data control?

  Plese let me know if there is another solution. I work with JDeveloper 11.1.1.7.

  Thank you!

  AAPDL

  Hello

  You can have a managed bean that e... g exposes an ArrayList of objects. This can then binds to the value property of the table. If the object sets the information of table row combination that you get multiple iterators (collections), then the table will display the joined data.

  Frank

• Problem creating DEV_PORTAL via the remote control

  Hello
  
  I would really appreciate your help to meet slot problem:
  
  in OBIE11g when creating patterns via the remote control, all the patterns, I chose to be created are working well except DEV_PORTAL, which throws the error
  
  SQL error when connecting with thin driver (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST=HOST_NAME) (PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = SERVICE_NAME))): ORA-01017: invalid user name password login denied
  
  The problem is this role/user/password is correct, because:
  
  1 other patterns are created by using the same credentials (with SYSDBA rola)
  2. I can connect (via SQL developer) to database using the same settings and everything works
  
  I encountered a similar problem on the forum under
  
  Creating DEV_PORTAL schema for Oracle Forms
  
  but without any solution working :(
  
  Thanks in advance

  Why you install DEV_PORTAL scheme, for the installation of obiee 11g select Oracel Business Intelligence in the performance of the remote control. It will install only two MDS and BIPlatform patterns.

• Change the public Interface on Clusterware

  Hello
  
  I have a node RAC 4 10.2.0.3 under RedHat Linux AS 3. Recently I noticed that eth0 on one of the departures nodes up and down for short periods of time. If this happens long enough it affects connections established for her etc.
  
  I'm afraid that the network card is about to fail, because this material is old enough. The machine has 2 other NICs unused on it and I want to change the public interface the clusterware uses one of these ex eth2.
  
  I know how to do, is using oifcfg, but my question is. If I change the interface on node 4 ex $ORA_CRS_HOME/bin/oifcfg setif-eth2/192.168.1.0:public overall, this would amount to this public interface uses eth2 to node 4 or 3 elsewhere. Just to be clear, I would like to than the other 3 nodes to always use their interface public current IE eth0.
  
  Thanks in advance.

  You must have the same interface name on all nodes to the public. You could ensure that the other card on the 4 node becomes eth0.

  Kind regards
  Marielle Naud
  Global technical Manager / Oracle Clusterware and RAC
  Support of Oracle.