External interface for overall activity
Hi allAnother question: a global activity can launch an external user interface?
I'm able to run our application J2EE as a user interface for interactive activities (external) normal pages, but with a global activity I do not seem a possibility to specify my custom URL...
Thank you
Igor
P.S. I'll miss points at this rate? :)
Hi Igor,.
It is not possible to implement a global activity as external in the same way you would with an interactive activity. However there is a solution that I put in place in some clients this is to implement the world with a screenflow and to the screenflow redirects to your external application.
If you need additional information on this implementation, I can share with you.
HTH
Published by: ruben.vidaurre on 30-sep-2009 15:23
Tags: Fusion Middleware
Similar Questions
-
Network for access to the external interface inside
Hey,.
I have an ASA5520 7.2 (1) I have a few probs with - which is something I struggle with that.
I'm trying to hit a website of a host on the inside network that is actually hosted internally, but decides the static NAT would focus on the external interface of the firewall.
Now I can see the TCP built, translation occurring at a port on the external interface, this port high dialogue to one of the static electricity would be addresses on the external interface, then that's all. There are no more entries in my journal in regards to the connection and I get not syn on the internal web server is so the connection is not back in.
IP address outside 222.x.x.9 255.255.255.248
IP address inside 192.168.87.1 255.255.255.0
Static NAT to Web servers: -.
public static 222.x.x.10 (Interior, exterior) 192.168.87.5
access lists access... :-
list of allowed inbound tcp extended access any host 192.168.87.5 eq http
Access-group interface incoming outside in
Everything works fine when creating a global internet address - just not when address from inside and dynamic PAT is performed to the original address.
Here's a capture session by using the following access to capture list inside and outside interfaces simultaneously
permit for line of web access-list 1 scope ip host 222.222.222.10 all
web access-list extended 2 line ip allow any host 222.222.222.10
on the INSIDE interface (nothing is connected to the outside) (ip addresses have been replaced by nonsense) - but address 222 is would take into account the interface static and the other is on the internal network.
316: 19:14:02.900206 192.168.87.10.2275 > 222.222.222.10.80: S 2029971541:2029971541 (0) win 64512
317: 19:14:05.973185 192.168.87.10.2275 > 222.222.222.10.80: S 2029971541:2029971541 (0) win 64512
192.168.87.10 is my client is trying to connect
Someone of any witch hunt, which is stop this function work?
All networks are directly attached and there is no route summary ancestral anywhere.
I hope you guys can help!
Concerning
Paul.
To my knowledge the ASA supports only hairpining on a VPN tunnel. The security apparatus does not allow traffic that is sent to an interface to go back in the direction of what she received.
-
Problem adding external interface CSA to 6 IPS
I have configured my AIP - SSM sensor run 6 FPS to connect to the CSA MC, but I have a connection failure. The sensor shows the following error message when you try to connect:
evError: eventId gravity = 1168311248090659938 = WARNING = Cisco vendor
Author:
hostId: os - ips
appName: externalProductInterface
appInstanceId: 317
time: 2007-01-20 02:50:22 2007/01/19 20:50:22 GMT - 06:00
errorMessage: name = errNotAvailable failure opening a subscription on the Management Center for the external interface of Cisco security to 1.1.1.1: response analysis found a different element when waiting for the SOAP Envelope element
If your™ is version 5.0 so can you please set the url/csamc50/CETS-server and try again after activation of the interface.
THX
Madhu
-
ASDM does not work in the external interface
Hello
I'm new to ASA. I have ASA 5510 and strives to enable ASDM access through the external interface. but is not working for me... not. I set up a public ip address on the external interface and activated the ssh and asdm. SSH works but asdm does not work. This is a test environment, so I have not yet set up an ACL.
VPN-TEST # show version
Cisco Adaptive Security Appliance Version 8.2 software (1)
Version 6.2 Device Manager (1)
Updated Wednesday, 5 May 09 22:45 by manufacturers
System image file is "disk0: / asa821 - k8.bin.
The configuration file to the startup was "startup-config '.
VPN TEST up to 4 hours and 33 minutes
Material: ASA5510, 1024 MB RAM, Pentium 4 Celeron 1600 MHz processor
Internal ATA Compact Flash, 256 MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024 KB
Hardware encryption device: edge Cisco ASA - 55 x 0 Accelerator (revision 0 x 0)
Start firmware: CN1000-MC-BOOT - 2.00
SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03
Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.04
0: Ext: Ethernet0/0: the address is d0d0.fd1d.8758, irq 9
1: Ext: Ethernet0/1: the address is d0d0.fd1d.8759, irq 9
2: Ext: Ethernet0/2: the address is d0d0.fd1d.875a, irq 9
3: Ext: Ethernet0/3: the address is d0d0.fd1d.875b, irq 9
4: Ext: Management0/0: the address is d0d0.fd1d.8757, irq 11
5: Int: not used: irq 11
6: Int: not used: irq 5
The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 50
Internal hosts: unlimited
Failover: disabled
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 0
GTP/GPRS: disabled
SSL VPN peers: 2
The VPN peers total: 250
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect for Linksys phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled
This platform includes a basic license.
VPN-TEST # http see race
Enable http server
http 0.0.0.0 0.0.0.0 outdoors
VPN-TEST # display running asdm
ASDM image disk0: / asdm - 621.bin
enable ASDM history
Could someone please help me know what Miss me?
Kind regards
Praveen
That's it, please add any combination of encryption by using the command "ssl encryption" algorithms, please add them in one line next to each other, and you can use '? ' to check available combinations.
Kind regards
Mohammad
-
Can I connect an external keyboard for Portege A100?
Portege A100 laptop can be used with an external USB keyboard? If so, is it important that the brand that I use? I finally convinced my wife to learn typing, but the keyboard of the laptop is not the easiest keyboards to learn.
Hello
Of course, it is possible. It s no matter what brand you use, but the connection is important.
It must be an external USB keyboard because the A100 protégé supports only this interface for the connection of the keyboard -
Static and VPN on the external interface
Hello
Can someone tell me if it is possible (and if so, how) do vpn enabled on the external interface and to have something like:
public static x.x.x.x interface (indoor, outdoor)
IE: I have two addresses ip - one for the router an e0 on the pix. I create a static and lists of access to allow inbound http/https server inside but I also want to allow vpn hit e0 and work. My configs work if I use an ip address 3 for the static, but not if they share. I can imagine that the static method takes the vpn traffic before the pix can use it OR maybe as the pix has no route to the now (due to the static method) that it cannot answer?
Hope I'm making sense
Thanks for the time spent on this
see you soon
Andy
I think you want something like this:
public static tcp (indoor, outdoor) interface http 10.10.10.10 http netmask 255.255.255.255 0 0 (where 10.10.10.10 is your web server)
public static tcp (indoor, outdoor) interface https 10.10.10.10 https netmask 255.255.255.255 0 0
access-list 101 permit tcp any host x.x.x.x eq 80 (where x.x.x.x is your IP interface)
access-list 101 permit tcp any host x.x.x.x eq 443
Access-group 101 in external interface
It will be useful.
Steve
-
Access ASDM ASA on the external Interface
We have three ASA5510s, each configured for ssh and http access to the Cel outside. One of them has aaa users/passwords defined for both ssh and http. I can access the ASA configured for aaa of the designated host allowed in the external interface normally using credentials of the aaa. When I try to access one of the other two, they will refuse the enable login password. The configured aaa ASA is version 8.2 with ASDM 6.21. The other two are the two ASA version 7.0 with ASDM 5.07. The ASA requires aaa is configured for https access? How can I make these other two accept the ASDM login? Thank you!
If you do not have aaa then configured for ASSISTANT Deputy Ministers, you must use empty username and password enable.
Also, you can use the "aaa authenticate http LOCAL console" and use a user/pwd to a private 15 user name to connect to the ASDM.
To resolve what is a failure you can activate "debug http" and "debug aaa" on the SAA to see the reasons for which the user is rejected.
I hope it helps.
PK
-
Can't ssh on pix from the external interface
I am using s/w ver 7.0 (4).
The config for ssh is:
generate crypto module rsa keys 1024
WR mem
SSH a.b.c.d 255.255.255.255 outside
but it does not work.
Help, please
Yes, if your external interface is mapped to y.y.y.y, then you will be not able to ssh to x.x.x.x as it will be pass on to y.y.y.y.
You can change the static 1 to 1 to the port for each particular port address translation you need sent to y.y.y.y.
Please evaluate the useful messages.
-
How to configure ssh on the external interface of the asa? I have defined an applied, external interface access list, but it did not work for some reason any
Here is a list of access
interface GigabitEthernet0/1
nameif outside
security-level 0
IP 10.254.17.9 255.255.255.248
!
interface GigabitEthernet0/2
No nameif
security-level 100
no ip address
!
interface GigabitEthernet0/3
EIGRP 2008 description
nameif eigrp
security-level 100
IP 10.40.50.65 255.255.255.252
!
interface Management0/0
nameif management
security-level 100
IP 192.168.251.1 255.255.255.0
management only
!
boot system Disk0: / asa821 - k8.bin
passive FTP mode
access-list 110 scope ip allow a whole
NAT allowed ip extended access list a whole
allow_ping list extended access permit icmp any any echo response
allow_ping list extended access permit icmp any any source-quench
allow_ping list extended access allow all unreachable icmp
allow_ping list extended access permit icmp any one time exceed
allow_ping list extended access udp allowed any any eq isakmp
allow_ping list extended access allow esp a whole
allow_ping ah allowed extended access list a whole
allow_ping list extended access will permit a full
allow_ping list extended access permit tcp any any eq ssh
access-list extended ip allowed any one sheep
icmp_inside list extended access permit icmp any one
icmp_inside of access allowed any ip an extended list
pager lines 24
asdm of logging of information
Outside 1500 MTU
EIGRP MTU 1500
management of MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow all outside
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
Access-group allow_ping in interface outside
Can't say I've seen this before, but SSH is easy to do on the SAA.
I recommend you to take out the first interface access list to see if that would be it.
You have published only a partial section of the config, but make sure you have the SSH command with the address of the subnet that you connect from. Your config is no longer visible as I type this but try "SSH 0.0.0.0 0.0.0.0 outdoors. This allows all subnets access to the external interface. This command works as an access list to restrict connectivity to approved subnets. i.e. ' SSH 10.0.0.0 255.0.0.0 out "only allow hosts on the 10.x.x.x network to connect via SSH.
Turn 'debug ssh' to see what errors are too.
And, you can always remove your keys (related encryption rsa key) and rebuild their return (encryption key generate rsa 1024 mod gen). This will make your ssh client, I use PuTTY, think that this is a new feature and invites the OK to connect.
Good luck.
Kevin
-
WebVPN - no external interface connectivity
Hello
I have configured WebVPN on a router 1811W running IOS 12.4 (11) XW5, and even if the gateway is located directly on an external interface, port 443 seems filtered to the clients that connect through this interface (inside the interface, the traffic is allowed). What can I do to force the router to listen for incoming connections on the external interface (as it is supposed to)? I have no firewall or ACL that can potentially interfere with the VPN.
Thank you!
It comes to you main road
IP route 0.0.0.0 0.0.0.0 FastEthernet0 10 track 123
You backup route
IP route 0.0.0.0 0.0.0.0 Dialer0 20 track 124
If you try Dialer0 access from the outside, you return traffic passes through FastEthernet0.
You have to 'Local ACB' for the correction...
-
VPN; list of access on the external interface allowing encrypted traffic
Hi, I have a question about the access list on the external interface of a router 836. We have several routers on our clients site, some are lan2lan, some are client2router vpn.
My question is; Why should I explicitly put the ip addresses of the client vpn or tunnel lan to the access list. Because the encrypted traffic to already allowing ESPs & isakmp.
The access list is set to the outgoing interface with: ip access-group 102 to
Note access-list 102 incoming Internet via ATM0.1
Note access-list 102 permit IP VPN range
access-list 102 permit ip 192.123.32.0 0.0.0.255 192.123.33.0 0.0.0.255
access-list 102 permit ip 14.1.1.0 0.0.0.255 any
access-list 102 permit esp a whole
Note access-list 102 Open VPN Ports and other
access-list 102 permit udp any host x.x.x.x eq isakmp newspaper
I have to explicitly allow 192.123.32.0 (range of lan on the other side) & 14.1.1.0 (range of vpn client) because if I'm not I won't be able to reach the network.
The vpn connection is not the problem, all traffic going through it.
As far as I know, allowing ESPs & isakmp should be sufficient.
Can anyone clarify this for me please?
TNX
Sebastian
This has been previously answered on this forum. See http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.ee9f970/0#selected_message for more details.
-
Can a VPN 3005 cause multiple IP addresses on the external interface?
Nice day
Can a VPN 3005 cause several IPS on an external interface?
I expect to use it in an environment that has 2 ADSL connections to an internet service provider. For the sake of the exercise, we could call them ROUTER1 and ROUTER2.
We have a few VPN we always want to spend by ROUTER1 and some VPN we always want going through ROUTER2.
Is this possible?
Thank you very much
No, not possible, sorry.
-
PIX - Polo or not in function external interface used
I'm still digging into that, but need not NAT all traffic begins inside for 2 of my low-security interfaces (dmz1 & dmz2), but have the same traffic PATed at the address of the interface if it goes on the external interface.
I use nat (inside) 0 0.0.0.0 0.0.0.0 for the necked traffic that goes inside to dmz1 & dmz2. Then, this prevent me to put in another statement of nat [like nat (inside) (1 0.0.0.0 0.0.0.0)] as causing an error message saying the nat statements overlap. Makes some sense.
It looks like a "static (inside, outside) interface 10.1.1.0 netmask 255.255.255.0" would be the ideal solution. But I get an error message "Invalid netmask interface option" when I try to enter that. So, who should not be able to address groups. It also won't let me do a static unique to the address of the interface, so that's going to not steal even though I was ready to toss around all the guests individually.
I was hoping that static control let me to overload all inside responds to the address of the external interface when the data is out the 'external' interface, while the "nat (inside) 0" Let me NAT not nothing will dmz1 & dmz2, but not dice. "»
Any thoughts on what I'm missing here? It must have a way to do.
Thank you!
Have you tried that?
Let's say you have:
192.168.0.0/24 inside
192.168.1.0/24 on DMZ1
192.168.2.0/24 on DMZ2
permit access ip 192.168.0.0 list NoNATinside 255.255.255.0 192.168.1.0 255.255.255.0
permit access ip 192.168.0.0 list NoNATinside 255.255.255.0 192.168.2.0 255.255.255.0
NAT (inside) 0-list of access NoNATinside
NAT (inside) 1 192.168.0.0 255.255.255.0
Global 1 interface (outside)
-
Telnet on PIX with the external interface
Is there a way to telnet in PIX Firewall through the external interface?
SSH is a valid method to access the site, but I wonder if there is another way to do it. PDM is another tool for access and modification of the configuration.
Any help will be useful.
Best wishes
Onur
I'm pretty sure that Telent directly to the external interface of a PIX is not available. It is such a big security risk that it is not offered as an option.
SSH is a much better way to go (even if it's only SSH1).
You can probably VPN in your network and Telnet from inside.
Good luck
Scott
-
MULTIPLE ADDRESSES ON THE EXTERNAL INTERFACE IP
Hi all
We put in place a number of ASAs for use with corporate VPN. When remote users connect using anyconnect they can hairpin on the Internet from Headquarters and must assign a public IP address for this purpose. To avoid people getting the same public address every time they go to the internet, we want to set up a pool of public addresses which will be awarded at random to the user of the VPN. Also, for their incoming connection requests, we have a ddns that solves a unique ip address for incoming connections. So, in summary clients connect to a single IP address on our ASAs, then hairpin at the internet and receive a public IP address from a pool. Look at us a few options to do so, but would appreciate any suggestions as to how best to achieve this goal.
Thank you
Hello
It seems to me that the order of the chosen one NAT IP address of the NAT pool is random. I tested on my home with a pool of public addresses small ASA5505.
I don't know if there is difference between different levels of Software ASA or rather the NAT configuration format. Since the 8.2 (and below) and 8.3 format (and more recent) is completely different.
If we guess you configure NAT pool for VPN Client users connected to the ASA then configurations need you so
Software of 8.3 and above
permit same-security-traffic intra-interface
object-group, network VPN-POOL
Description the user VPN address Pools
object-network 10.10.10.0 255.255.255.128
object-network 10.10.20.0 255.255.255.128
network of the PUBLIC-POOL object
1.1.1.1 range 1.1.1.254
interface of VPN-POOL PUBLIC POOL dynamic NAT (outside, outside) after auto source
8.2 software and below
permit same-security-traffic intra-interface
NAT (outside) 200 10.10.10.0 255.255.255.0
NAT (outside) 200 10.10.20.0 255.255.255.0
Global 1.1.1.1 - 1.1.1.254 200 (outside)
Global 200 (external) interface
I don't know what is the amount of your user, but I guess you don't such a pool of important public addresses for users. The configurations above also contain a dynamic PAT when the NAT pool runs out.
Is that what you're looking for?
Hope this helps
-Jouni
Maybe you are looking for
-
Parachute does not not between my MacBook and iPhone6s
I'm really tired of working on my drop between my Macbook 13 "(non-retine) El-Capitan running and my iPhone running iOS 6s 9.3.1." The thing is that my Macbook does never show in my phone for sharing and my phone sometimes shows in the Macbook for sh
-
DesignJet Z6100: Cancellation of work, just hangs
I cacelled a job in the queue while in the processing stage. Now, it seems to be stuck on Cancel. I waited for an hour, tried to restart the printer. After restarting work goes back to the State of treatment and freezes there as well. Work done thr
-
I like the look of older versions of firefox (pre V4) how do the same toolbar in previous versions as with firefox 8?
-
HP EliteBook 8440p: white horizontal lines on the screen who retreat down in the minute
Hi again. I've already posted about this so there are pictures and a full description of my post a few days ago. In short, when the laptop was arrested or sleep for more than a few hours, it is white horizontal lines on the lower part of the screen t
-
Should T530 - I better put the thermal grease on it?
I have 2359CTO t530. I bought it as refurb Lenovo more that year pass, is no longer under warranty. There 3740QM I7, NVIDIA graphics card NVS 5400 M, 16G of ram and 480G mSATA as main HD (I upgraded RAM and HD. When I run TPFC.63 7 manual setting, te