http2
When we get the http2 and it will improve the web browser? It will replace the terrible adobe flash plug?
Tags: Firefox
Similar Questions
-
11g http2-port http2-Protocol xdbconfig.xml
Hello
I use 11g, I tried to configure HTTPS for my xdb.
I followed the "Guide of Oracle® XML DB Developer"-> "28 Using protocols to access the repository.
to configure the "http2-port" and "http2 Protocol" settings, but it did not work.
Here's what I did:
SQL > DECLARE
* 2 v_cfg XMLType; *
* BÉGIN 3 *.
* UpdateXML (DBMS_XDB.cfg_get (SELECT) 4, *)
* 5 ' / xdbconfig/sysconfig/protocolconfig/httpconfig/http2-port / text () ', *.
* 6 '433', *.
* 7 ' / xdbconfig/sysconfig/protocolconfig/httpconfig/http2-protocol / text () ', *.
(* 8 "TCPS") *.
* 9 v_cfg *.
* 10 FROM DUAL; *
* 11 DBMS_XDB.cfg_update (v_cfg); *
* VALIDATION 12; *
* 13 exception *.
* 14 so that others then *.
* 15 dbms_output.put_line (sqlerrm); *
* 16 END; *
* 17 *.
PL/SQL procedure successfully completed.
SQL > SELECT DBMS_XDB.cfg_get () FROM DUAL;
DBMS_XDB. CFG_GET()
--------------------------------------------------------------------------------
* < xdbconfig xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi: schemaLocation = "http://xmlns.oracle.com/xdb/xdbconfig.xsd http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < sysconfig > *.
* < acl-max-age > 15 < / acl-max-age > *.
* < acl-cache-size > 32 < / size of the acl cache-> *.
* < invalid-pathname-tanks / > *.
* < break > true < / case sensitive > *.
* < call-timeout > 6000 < / timeout call > *.
* < max-link-tail > 65536 < / max-link-tail > *.
* < max-session-use > 100 < / max-session-use > *.
* < fake sessions - permanent > < / permanent sessions > *.
* < by default-lock-timeout > 3600 < / by default-lock-timeout > *.
* < xdbcore-logfile-path > /sys/log/xdblog.xml < / path-logfile-xdbcore > *.
* < xdbcore-journal-level > 0 < / level-journal-xdbcore > *.
* < cache > 1048576 resource-display-size < / view-resources-cache size > *.
* < protocolconfig > *.
* < shared > *.
* < - extension mappings > *.
* < maps mime - > *.
* < mapping mime - > *.
* < to the extension > < / extension > *.
* < mime type > audio/basic < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < avi extension > < / extension > *.
* < mime type video/x-msvideo > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < bin extension > < / extension > *.
* application/octet-stream mime-type <>< / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < bmp extension > < / extension > *.
* < mime type > image/bmp < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < css extension > < / extension > *.
* < mime type > text/css < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < doc extension > < / extension > *.
* <>mime-type application/msword < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < eml extension > < / extension > *.
* < mime type > message/rfc822 < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < gif extension > < / extension > *.
* < mime type > image/gif < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < htm extension > < / extension > *.
* <>mime-type text/html < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > html < / extension > *.
* <>mime-type text/html < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < jpe extension > < / extension > *.
* < mime type > image/jpeg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < jpeg extension > < / extension > *.
* < mime type > image/jpeg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < jpg extension > < / extension > *.
* < mime type > image/jpeg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < js extension > < / extension > *.
* <>mime-type application/x-javascript < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > jsp < / extension > *.
* <>mime-type text/html < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > medium < / extension > *.
* < audio > type mime/mid < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < mov extension > < / extension > *.
* < mime type > video/quicktime < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < film extension > < / extension > *.
* < mime type > video/x-sgi-movie < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < mp3 extension > < / extension > *.
* < mime type > audio/mpeg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > mpe < / extension > *.
* < mime type > video/mpg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > mpeg < / extension > *.
* < mime type > video/mpg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < mpg extension > < / extension > *.
* < mime type > video/mpg < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < msa extension > < / extension > *.
* <>mime-type application/x-msaccess < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < msw extension > < / extension > *.
* <>mime-type application/x-msworks-wp < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > pcx < / extension > *.
* <>mime-type application/x-pc-brush < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < pdf extension > < / extension > *.
* mime-type application/pdf <>< / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < png extension > < / extension > *.
* < mime type > image/png < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < ppt extension > < / extension > *.
* < application / vnd.ms - powerpoint mime-type > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < ps extension > < / extension > *.
* <>mime-type application/postscript < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < qt extension > < / extension > *.
* < mime type > video/quicktime < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < ra extension > < / extension > *.
* < mime type audio/x-realaudio > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < ram extension > < / extension > *.
* < mime type audio/x-realaudio > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < rm extension > < / extension > *.
* < mime type audio/x-realaudio > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < rtf extension > < / extension > *.
* <>mime-type application/rtf < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > rv < / extension > *.
* < mime type video/x-realvideo > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > sgml < / extension > *.
* < mime type > text/sgml < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < svg extension > < / extension > *.
* < mime type > image/svg + xml < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < tif extension > < / extension > *.
* < mime type > image/tiff < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < tiff extension > < / extension > *.
* < mime type > image/tiff < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < txt extension > < / extension > *.
* <>mime-type text/plain < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < url extension > < / extension > *.
* <>mime-type text/plain < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > vrml < / extension > *.
* < mime type > x-world/x-vrml < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < wav extension > < / extension > *.
* < mime type > audio/wav < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < wpd extension > < / extension > *.
* <>mime-type application/wordperfect5.1 < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > xls < / extension > *.
* < application / vnd.ms - excel mime-type > < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > xml < / extension > *.
* < mime type > text/xml < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > xsd < / extension > *.
* < mime type > text/xml < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < extension > xsl < / extension > *.
* < mime type > text/xml < / mime-type > *.
* < / mime map > *.
* < mapping mime - > *.
* < zip extension > < / extension > *.
* <>mime-type application/x-zip-compressed < / mime-type > *.
* < / mime map > *.
* < mime-mapping xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < htc extension > < / extension > *.
* < mime type > text/x-component < / mime-type > *.
* < / mime map > *.
* < mime-mapping xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < xbl extension > < / extension > *.
* < mime type > text/xml < / mime-type > *.
* < / mime map > *.
* < / mime mappings > *.
* < lang-mappings > *.
* < lang-mapping > *.
* < en extension > < / extension > *.
* < lang > English < / lang > *.
* < / lang-mapping > *.
* < / lang-mappings > *.
* < charset mappings / > *.
* < encoding-mappings > *.
* < encoding-mapping > *.
* < gzip extension > < / extension > *.
* < zip encoding > < / encoding > *.
* < / encoding mapping > *.
* < encoding-mapping > *.
* < tar extension > < / extension > *.
* < tar encoding file > < / encoding > *.
* < / encoding mapping > *.
* < / encoding-mappings > *.
* < / extension mappings > *.
* < session-pool-size > 50 < / session-pool-size > *.
* < session-timeout > 6000 < / session-timeout > *.
* < / common > *.
* < ftpconfig > *.
* < ftp-port > 0 < / ftp-port > *.
* < ftp-listener > local_listener < / ftp-listener > *.
* <-> tcp ftp protocol < / ftp protocol > *.
* < logfile-path > /sys/log/ftplog.xml < / logfile-path > *.
* <>newspapers-level 0 < / the log level > *.
* < session-timeout > 6000 < / session-timeout > *.
* <>size of 8192 buffer < / buffer size > *.
* < / ftpconfig > *.
* < httpconfig > *.
* < > 80 http-port < / http-port > *.
* <-> local_listener http listener < / http listener > *.
* <>tcp http-protocol < / http-protocol > *.
* < max-http-headers > 64 < / max-http-headers > *.
* < max-in-head-size > 16384 < / max-in-head-size > *.
* < max-request-body > 2000000000 < / max-request-body > *.
* < session-timeout > 6000 < / session-timeout > *.
* < HTTP XDB servername server > < / server name > *.
* < logfile-path > /sys/log/httplog.xml < / logfile-path > *.
* <>newspapers-level 0 < / the log level > *.
* < servlet-Kingdom > base = & quot; XDB & quot; < / servlet-Kingdom > *.
* < webappconfig > *.
* < Welcome-file-list > *.
* < Welcome file > index.html < / welcome-file > *.
* <>Welcome-file index.htm < / welcome-file > *.
* < / Welcome-file-list > *.
* <-error pages / > *.
* < servletconfig > *.
* < servlet-mappings > *.
* < servlet-mapping > *.
* < servlet-model > / Test < / servlet-model > *.
* < servlet-name > TestServlet < / servlet-name > *.
* < / servlet-mapping > *.
* < servlet-mapping > *.
* < servlet-pattern > /oradb / * < / servlet-model > *.
* < servlet-name > DBURIServlet < / servlet-name > *.
* < / servlet-mapping > *.
* < servlet-mapping > *.
* < servlet-pattern > /orarep / * < / servlet-model > *.
* < servlet-name > ReportFmwkServlet < / servlet-name > *.
* < / servlet-mapping > *.
* < servlet-mapping xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < servlet-pattern > /i / * < / servlet-model > *.
* < servlet-name > PublishedContentServlet < / servlet-name > *.
* < / servlet-mapping > *.
* < servlet-mapping xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < servlet-model > / * < / servlet-model > *.
* < APEX name servlet - > < / servlet-name > *.
* < / servlet-mapping > *.
* < servlet-mapping xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < servlet-pattern > /apex / * < / servlet-model > *.
* < APEX name servlet - > < / servlet-name > *.
* < / servlet-mapping > *.
* < / servlet-mappings > *.
* <>list of servlet *.
* < servlet > *.
* < servlet-name > TestServlet < / servlet-name > *.
* < Java servlet language > < / servlet language > *.
* < display name > XDB Test Servlet < / name >. *
* < description > a servlet to test the operation internal to the API Servlet XDB < / description >. *
* the xdbtserv servlet class <>< / class of the servlet > *.
* < servlet-pattern xdb > < / servlet-schema > *.
* < / servlet > *.
* < servlet > *.
* < servlet-name > DBURIServlet < / servlet-name > *.
* < C servlet language > < / servlet language > *.
* < display name > DBURI < / name >. *
* < Servlet to access DBURIs description > < / description >. *
* < security-role-ref > *.
* < authenticatedUser role name > < / role name > *.
* < authenticatedUser role link > < / role link > *.
* < / security-role-ref > *.
* < / servlet > *.
* < servlet > *.
* < servlet-name > ReportFmwkServlet < / servlet-name > *.
* < C servlet language > < / servlet language > *.
* < display name > REPT < / name >. *
* < description > Servlet to access reports < / description >. *
* < security-role-ref > *.
* < authenticatedUser role name > < / role name > *.
* < authenticatedUser role link > < / role link > *.
* < / security-role-ref > *.
* < / servlet > *.
* < servlet xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < servlet-name > PublishedContentServlet < / servlet-name > *.
* < C servlet language > < / servlet language > *.
* < display name > unauthenticated access Servlet file < / name >. *
* < description > Servlet for files for unauthenticated users < / description >. *
* < init-param > *.
* < RootFolder param-name > < / param-name > *.
* < param-value > / images < / param-value > *.
* < description > RootFolder < / description >. *
* < / init-param > *.
* < security-role-ref > *.
* < role name > anonymousServletRole < / role name > *.
* < role-link > anonymousServletRole < / role link > *.
* < / security-role-ref > *.
* < / servlet > *.
* < servlet xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < APEX name servlet - > < / servlet-name > *.
* < PL/SQL servlet-language > < / servlet language > *.
* < APEX display name > < / name >. *
* < plsql xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < username database xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > ANONYMOUS < / database-username > *.
* < pages by default xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > apex < / default pages > *.
* < name-table-document xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > wwv_flow_file_objects$ < / document-table-name > *.
* <-path xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > docs < / path > *.
* < document-procedure xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > wwv_flow_file_mgr.process_download < / procedure document > *.
* < nls language xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > american_america.al32utf8 < / nls language > *.
* < application-validation-function xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > wwv_flow_epg_include_modules.authorize < / application-validation-service > *.
* < / plsql > *.
* < security-role-ref xmlns = "http://xmlns.oracle.com/xdb/xdbconfig.xsd" > *.
* < role name > anonymousServletRole < / role name > *.
* < role-link > anonymousServletRole < / role link > *.
* < / security-role-ref > *.
* < / servlet > *.
* < / servlet-list > *.
* < / servletconfig > *.
* < / webappconfig > *.
* < authentication > *.
* < basic mechanism allow > < / allow mechanism > *.
* < digest-auth > *.
* < > 300 Nuncio-timeout < / nonce-timeout > *.
* < / digest-auth > *.
* < / sign > *.
* < / httpconfig > *.
* < / protocolconfig > *.
* < xdbcore-xobmem-bound > 1024 < / xdbcore-xobmem-bound > *.
* < xdbcore-loadableunit-size > 16 < / xdbcore-loadableunit-size > *.
* < acl assessment method > ace-order < / acl-evaluation-method > *.
* < / sysconfig > *.
* < / xdbconfig > *.
You can see that there is no "http2-port" or "http2 Protocol" in xdbconfig.xml.
Then, I tried this:
SQL > DECLARE
* 2 v_cfg XMLType; *
* BÉGIN 3 *.
* InsertXMLbefore (DBMS_XDB.cfg_get (SELECT) 4, *)
* 5 "/ xdbconfig/sysconfig/protocolconfig/httpconfig/authentication" *
(* 6 XMLType ("< http2-port > 433 < / http2-port > '")) *.
* 7 v_cfg INTO *.
* 8 FROM DUAL; *
* 9 DBMS_XDB.cfg_update (v_cfg); *
* 10 VALIDATION; *
* exception 11 *.
* 12 so that others then *.
* 13 dbms_output.put_line (sqlerrm); *
* 14 END; *
* 15 *.
ORA-30937: no schema definition for "http2-port" ("##local" namespace) in parent ' / xdbconfig/sysconfig/protocolconfig/httpconfig.
It seems that I can not insert "http2-port" in xdbconfig.xml either.
I don't know why...
Please help, thanks in advance!Namespaces :)
SQL> SELECT insertXMLBefore 2 ( 3 DBMS_XDB.cfg_get(), 4 '/xdbconfig/sysconfig/protocolconfig/httpconfig/authentication', 5 XMLType('433 '), 6 'xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd' 7 ) 8 from dual;15 32 true 6000 65536 100 false 3600 /sys/log/xdblog.xml 0 1048576 .... en english gzip zip file tar tar file 50 6000 21 local_listener tcp /sys/log/ftplog.xml 0 6000 8192 80 local_listener tcp 64 16384 2000000000 6000 XDB HTTP Server /sys/log/httplog.xml 0 Basic realm="XDB" .... true 433 basic 300 http://earth.google.com/kml/2.1 kml http://code.google.com/apis/kml/schema/kml21.xsd http://earth.google.com/kml/2.2 kml http://code.google.com/apis/kml/schema/kml21.xsd 1024 16 ace-order -
HTTP/2 project-14 section 8.1. allows a frame to headers optional ("trailers") following frames of DATA in the HTTP request and response.
https://Tools.ietf.org/html/draft-ietf-httpbis-http2-14#section-8.1
This is necessary to support the implementations as Smoc in the browser (and future protocols built on HTTP/2).
Firefox does support HTTP trailers or just ignore them? Thank you.
Hi Alexander_Litus, I asked in the channel developer for the network component this topic...
apparently trailers are not supported now in firefox (or rather ignored) - they not get read in order to maintain the appropriate State in the compressor of the header, but then they are simply thrown away. -
36 Firefox very slow connection - says 'connection '. "- while the other browsers work
Since FF 36 users within our network have problems connecting to the web sites.
The entire page load time is in the range of Minutes.
Same behavior for different users after upgrade to FF36.
Create a profile - same behavior
With the help of the portable version - same behavior
enabled / disabled:
network.dns.disableIPv6
network.dns.disablePrefetch
Network.http.SPDY.Enabled.http2
Network.http.SPDY.Enabled.http2draft
-same behaviorManaged using F - Secure Client Security
No problem at all with Chrome and IE11.
Very strange - an idea?Try to toggle network.dns.get - ttl to false on the topic: config page.
-
Cisco ASA 5505 site for multiple subnet of the site.
Hello. I need help to configure my cisco asa 5505.
I set up a VPN between two ASA 5505 tunnel
Site 1:
Subnet 192.168.77.0
Site 2:
Have multiple VLANs and now the tunnel goes to vlan400 - 192.168.1.0
What I need help:
Site 1, I need to be able to reach a different virtual LAN on site 2. vlan480 - 192.168.20.0
And 1 site I have to reach 192.168.77.0 subnet of vlan480 - 192.168.20.0
Vlan480 is used for phones. In vlan480, we have a PABX.
Is this possible to do?
Any help would be much appreciated!
Config site 2:
: Saved
:
ASA Version 7.2 (2)
!
ciscoasa hostname
domain default.domain.invalid
activate the password encrypted x
names of
name 192.168.1.250 DomeneServer
name of 192.168.1.10 NotesServer
name 192.168.1.90 Steadyily
name 192.168.1.97 TerminalServer
name 192.168.1.98 eyeshare w8
name 192.168.50.10 w8-print
name 192.168.1.94 w8 - app
name 192.168.1.89 FonnaFlyMedia
!
interface Vlan1
nameif Vlan1
security-level 100
IP 192.168.200.100 255.255.255.0
OSPF cost 10
!
interface Vlan2
nameif outside
security-level 0
IP address 79.x.x.226 255.255.255.224
OSPF cost 10
!
interface Vlan400
nameif vlan400
security-level 100
IP 192.168.1.1 255.255.255.0
OSPF cost 10
!
interface Vlan450
nameif Vlan450
security-level 100
IP 192.168.210.1 255.255.255.0
OSPF cost 10
!
interface Vlan460
nameif Vlan460-SuldalHotell
security-level 100
IP 192.168.2.1 255.255.255.0
OSPF cost 10
!
interface Vlan461
nameif Vlan461-SuldalHotellGjest
security-level 100
address 192.168.3.1 IP 255.255.255.0
OSPF cost 10
!
interface Vlan462
Vlan462-Suldalsposten nameif
security-level 100
192.168.4.1 IP address 255.255.255.0
OSPF cost 10
!
interface Vlan470
nameif vlan470-Kyrkjekontoret
security-level 100
IP 192.168.202.1 255.255.255.0
OSPF cost 10
!
interface Vlan480
nameif vlan480 Telefoni
security-level 100
address 192.168.20.1 255.255.255.0
OSPF cost 10
!
interface Vlan490
nameif Vlan490-QNapBackup
security-level 100
IP 192.168.10.1 255.255.255.0
OSPF cost 10
!
interface Vlan500
nameif Vlan500-HellandBadlands
security-level 100
192.168.30.1 IP address 255.255.255.0
OSPF cost 10
!
interface Vlan510
Vlan510-IsTak nameif
security-level 100
192.168.40.1 IP address 255.255.255.0
OSPF cost 10
!
interface Vlan600
nameif Vlan600-SafeQ
security-level 100
192.168.50.1 IP address 255.255.255.0
OSPF cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 500
switchport trunk allowed vlan 400,450,460-462,470,480,500,510,600,610
switchport mode trunk
!
interface Ethernet0/3
switchport access vlan 490
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd encrypted x
passive FTP mode
clock timezone WAT 1
DNS server-group DefaultDNS
domain default.domain.invalid
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
Lotus_Notes_Utgaaande tcp service object-group
UT og Frim Notes Description til alle
area of port-object eq
port-object eq ftp
port-object eq www
EQ object of the https port
port-object eq lotusnotes
EQ Port pop3 object
EQ pptp Port object
EQ smtp port object
Lotus_Notes_inn tcp service object-group
Description of the inn og alle til Notes
port-object eq www
port-object eq lotusnotes
EQ Port pop3 object
EQ smtp port object
object-group service Reisebyraa tcp - udp
3702 3702 object-port Beach
5500 5500 object-port Beach
range of object-port 9876 9876
object-group service Remote_Desktop tcp - udp
Description Tilgang til Remote Desktop
3389 3389 port-object range
object-group service Sand_Servicenter_50000 tcp - udp
Description program tilgang til sand service AS
object-port range 50000 50000
VNC_Remote_Admin tcp service object-group
Description Fra ¥ oss til alle
5900 5900 port-object range
object-group service Printer_Accept tcp - udp
9100 9100 port-object range
port-object eq echo
ICMP-type of object-group Echo_Ping
echo ICMP-object
response to echo ICMP-object
object-group service Print tcp
9100 9100 port-object range
FTP_NADA tcp service object-group
Suldalsposten NADA tilgang description
port-object eq ftp
port-object eq ftp - data
Telefonsentral tcp service object-group
Hoftun description
port-object eq ftp
port-object eq ftp - data
port-object eq www
EQ object of the https port
port-object eq telnet
Printer_inn_800 tcp service object-group
Fra 800 thought-out og inn til 400 port 7777 description
range of object-port 7777 7777
Suldalsposten tcp service object-group
Description send av mail hav Mac Mail at - Ã ¥ nrep smtp
EQ Port pop3 object
EQ smtp port object
http2 tcp service object-group
Beach of port-object 81 81
object-group service DMZ_FTP_PASSIVE tcp - udp
55536 56559 object-port Beach
object-group service DMZ_FTP tcp - udp
20 21 object-port Beach
object-group service DMZ_HTTPS tcp - udp
Beach of port-object 443 443
object-group service DMZ_HTTP tcp - udp
8080 8080 port-object range
DNS_Query tcp service object-group
of domain object from the beach
object-group service DUETT_SQL_PORT tcp - udp
Description for a mellom andre og duett Server nett
54659 54659 object-port Beach
outside_access_in of access allowed any ip an extended list
outside_access_out of access allowed any ip an extended list
vlan400_access_in list extended access deny ip any host 149.20.56.34
vlan400_access_in list extended access deny ip any host 149.20.56.32
vlan400_access_in of access allowed any ip an extended list
Vlan450_access_in list extended access deny ip any host 149.20.56.34
Vlan450_access_in list extended access deny ip any host 149.20.56.32
Vlan450_access_in of access allowed any ip an extended list
Vlan460_access_in list extended access deny ip any host 149.20.56.34
Vlan460_access_in list extended access deny ip any host 149.20.56.32
Vlan460_access_in of access allowed any ip an extended list
vlan400_access_out list extended access permit icmp any any Echo_Ping object-group
vlan400_access_out list extended access permit tcp any host NotesServer object-group Lotus_Notes_Utgaaande
vlan400_access_out list extended access permit tcp any host DomeneServer object-group Remote_Desktop
vlan400_access_out list extended access permit tcp any host TerminalServer object-group Remote_Desktop
vlan400_access_out list extended access permit tcp any host http2 object-group Steadyily
vlan400_access_out list extended access permit tcp any host NotesServer object-group Lotus_Notes_inn
vlan400_access_out list extended access permit tcp any host NotesServer object-group Remote_Desktop
vlan400_access_out allowed extended access list tcp any host w8-eyeshare object-group Remote_Desktop
vlan400_access_out allowed extended access list tcp any host w8 - app object-group Remote_Desktop
vlan400_access_out list extended access permit tcp any host FonnaFlyMedia range 8400-8600
vlan400_access_out list extended access permit udp any host FonnaFlyMedia 9000 9001 range
vlan400_access_out list extended access permitted tcp 192.168.4.0 255.255.255.0 host DomeneServer
vlan400_access_out list extended access permitted tcp 192.168.4.0 255.255.255.0 host w8 - app object-group DUETT_SQL_PORT
Vlan500_access_in list extended access deny ip any host 149.20.56.34
Vlan500_access_in list extended access deny ip any host 149.20.56.32
Vlan500_access_in of access allowed any ip an extended list
vlan470_access_in list extended access deny ip any host 149.20.56.34
vlan470_access_in list extended access deny ip any host 149.20.56.32
vlan470_access_in of access allowed any ip an extended list
Vlan490_access_in list extended access deny ip any host 149.20.56.34
Vlan490_access_in list extended access deny ip any host 149.20.56.32
Vlan490_access_in of access allowed any ip an extended list
Vlan450_access_out list extended access permit icmp any any Echo_Ping object-group
Vlan1_access_out of access allowed any ip an extended list
Vlan1_access_out list extended access permit tcp any host w8-print object-group Remote_Desktop
Vlan1_access_out deny ip extended access list a whole
Vlan1_access_out list extended access permit icmp any any echo response
Vlan460_access_out list extended access permit icmp any any Echo_Ping object-group
Vlan490_access_out list extended access permit icmp any any Echo_Ping object-group
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_FTP
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_FTP_PASSIVE
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_HTTPS
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_HTTP
Vlan500_access_out list extended access permit icmp any any Echo_Ping object-group
vlan470_access_out list extended access permit icmp any any Echo_Ping object-group
vlan470_access_out list extended access permit tcp any host 192.168.202.10 - group Remote_Desktop object
Vlan510_access_out list extended access permit icmp any any Echo_Ping object-group
vlan480_access_out of access allowed any ip an extended list
Vlan510_access_in of access allowed any ip an extended list
Vlan600_access_in of access allowed any ip an extended list
Vlan600_access_out list extended access permit icmp any one
Vlan600_access_out list extended access permit tcp any host w8-print object-group Remote_Desktop
Vlan600_access_out list extended access permitted tcp 192.168.1.0 255.255.255.0 host w8-printing eq www
Vlan600_access_out list extended access permitted tcp 192.168.202.0 255.255.255.0 host w8-printing eq www
Vlan600_access_out list extended access permitted tcp 192.168.210.0 255.255.255.0 host w8-printing eq www
Vlan600_access_in_1 of access allowed any ip an extended list
Vlan461_access_in of access allowed any ip an extended list
Vlan461_access_out list extended access permit icmp any any Echo_Ping object-group
vlan400_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0
outside_20_cryptomap_1 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0
outside_20_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0
access-list Vlan462-Suldalsposten_access_in extended ip allowed any one
access-list Vlan462-Suldalsposten_access_out extended permit icmp any any echo response
access-list Vlan462-Suldalsposten_access_out_1 extended permit icmp any any echo response
access-list Vlan462-Suldalsposten_access_in_1 extended ip allowed any one
pager lines 24
Enable logging
asdm of logging of information
MTU 1500 Vlan1
Outside 1500 MTU
vlan400 MTU 1500
MTU 1500 Vlan450
MTU 1500 Vlan460-SuldalHotell
MTU 1500 Vlan461-SuldalHotellGjest
vlan470-Kyrkjekontoret MTU 1500
MTU 1500 vlan480-Telefoni
MTU 1500 Vlan490-QNapBackup
MTU 1500 Vlan500-HellandBadlands
MTU 1500 Vlan510-IsTak
MTU 1500 Vlan600-SafeQ
MTU 1500 Vlan462-Suldalsposten
no failover
Monitor-interface Vlan1
interface of the monitor to the outside
the interface of the monitor vlan400
the interface of the monitor Vlan450
the interface of the Vlan460-SuldalHotell monitor
the interface of the Vlan461-SuldalHotellGjest monitor
the interface of the vlan470-Kyrkjekontoret monitor
Monitor-interface vlan480-Telefoni
the interface of the Vlan490-QNapBackup monitor
the interface of the Vlan500-HellandBadlands monitor
Monitor-interface Vlan510-IsTak
Monitor-interface Vlan600-SafeQ
the interface of the monitor Vlan462-Suldalsposten
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 522.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
vlan400_nat0_outbound (vlan400) NAT 0 access list
NAT (vlan400) 1 0.0.0.0 0.0.0.0 dns
NAT (Vlan450) 1 0.0.0.0 0.0.0.0 dns
NAT (Vlan460-SuldalHotell) 1 0.0.0.0 0.0.0.0
NAT (Vlan461-SuldalHotellGjest) 1 0.0.0.0 0.0.0.0
NAT (vlan470-Kyrkjekontoret) 1 0.0.0.0 0.0.0.0
NAT (Vlan490-QNapBackup) 1 0.0.0.0 0.0.0.0 dns
NAT (Vlan500-HellandBadlands) 1 0.0.0.0 0.0.0.0
NAT (Vlan510-IsTak) 1 0.0.0.0 0.0.0.0
NAT (Vlan600-SafeQ) 1 0.0.0.0 0.0.0.0
NAT (Vlan462-Suldalsposten) 1 0.0.0.0 0.0.0.0
static (vlan400, external) 79.x.x.x DomeneServer netmask 255.255.255.255
static (vlan470-Kyrkjekontoret, external) 79.x.x.x 192.168.202.10 netmask 255.255.255.255
static (vlan400, external) 79.x.x.x NotesServer netmask 255.255.255.255 dns
static (vlan400, external) 79.x.x.231 netmask 255.255.255.255 TerminalServer
static (vlan400, external) 79.x.x.234 Steadyily netmask 255.255.255.255
static (vlan400, outside) w8-eyeshare netmask 255.255.255.255 79.x.x.232
static (Vlan490-QNapBackup, external) 79.x.x.233 192.168.10.10 netmask 255.255.255.255 dns
static (Vlan600-SafeQ, external) 79.x.x.235 w8 - print subnet mask 255.255.255.255
static (vlan400, outside) w8 - app netmask 255.255.255.255 79.x.x.236
static (Vlan450, vlan400) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
(Vlan500-HellandBadlands, vlan400) static 192.168.30.0 192.168.30.0 netmask 255.255.255.0
(vlan400, Vlan500-HellandBadlands) static 192.168.1.0 192.168.1.0 netmask 255.255.255.0
(vlan400, Vlan450) static 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400, external) 79.x.x.252 FonnaFlyMedia netmask 255.255.255.255
static (Vlan462-Suldalsposten, vlan400) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
static (vlan400, Vlan462-Suldalsposten) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400, Vlan600-SafeQ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Vlan600-SafeQ, vlan400) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ, Vlan450) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ, vlan470-Kyrkjekontoret) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan450, Vlan600-SafeQ) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (vlan470-Kyrkjekontoret, Vlan600-SafeQ) 192.168.202.0 192.168.202.0 netmask 255.255.255.0
Access-group interface Vlan1 Vlan1_access_out
Access-group outside_access_in in interface outside
Access-group outside_access_out outside interface
Access-group vlan400_access_in in the vlan400 interface
vlan400_access_out group access to the interface vlan400
Access-group Vlan450_access_in in the Vlan450 interface
Access-group interface Vlan450 Vlan450_access_out
Access-group interface Vlan460-SuldalHotell Vlan460_access_in
Access-group interface Vlan460-SuldalHotell Vlan460_access_out
Access-group interface Vlan461-SuldalHotellGjest Vlan461_access_in
Access-group interface Vlan461-SuldalHotellGjest Vlan461_access_out
Access-group vlan470_access_in in interface vlan470-Kyrkjekontoret
vlan470_access_out access to the interface vlan470-Kyrkjekontoret group
access to the interface vlan480-Telefoni, vlan480_access_out group
Access-group interface Vlan490-QNapBackup Vlan490_access_in
Access-group interface Vlan490-QNapBackup Vlan490_access_out
Access-group interface Vlan500-HellandBadlands Vlan500_access_in
Access-group interface Vlan500-HellandBadlands Vlan500_access_out
Access-group interface Vlan510-IsTak Vlan510_access_in
Access-group interface Vlan510-IsTak Vlan510_access_out
Access-group Vlan600_access_in_1 interface Vlan600-SafeQ
Access-group Vlan600_access_out interface Vlan600-SafeQ
Access-group Vlan462-Suldalsposten_access_in_1 Vlan462-Suldalsposten interface
Access-group Vlan462-Suldalsposten_access_out_1 Vlan462-Suldalsposten interface
Route outside 0.0.0.0 0.0.0.0 79.x.x.225 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
x x encrypted privilege 15 password username
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.210.0 255.255.255.0 Vlan450
http 192.168.200.0 255.255.255.0 Vlan1
http 192.168.1.0 255.255.255.0 vlan400
No snmp server location
No snmp Server contact
SNMP-Server Community public
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
card crypto outside_map 20 match address outside_20_cryptomap_1
card crypto outside_map 20 set pfs
peer set card crypto outside_map 20 62.92.159.137
outside_map crypto 20 card value transform-set ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow outside
ISAKMP crypto enable vlan400
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
tunnel-group 62.92.159.137 type ipsec-l2l
IPSec-attributes tunnel-group 62.92.159.137
pre-shared-key *.
Telnet 192.168.200.0 255.255.255.0 Vlan1
Telnet 192.168.1.0 255.255.255.0 vlan400
Telnet timeout 5
SSH 171.68.225.216 255.255.255.255 outside
SSH timeout 5
Console timeout 0
dhcpd update dns both
!
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan1
!
dhcpd option 6 ip 81.167.36.3 81.167.36.11 outside interface
!
dhcpd address 192.168.1.100 - 192.168.1.225 vlan400
dhcpd option ip 6 DomeneServer 81.167.36.11 interface vlan400
dhcpd option 3 ip 192.168.1.1 interface vlan400
vlan400 enable dhcpd
!
dhcpd address 192.168.210.100 - 192.168.210.200 Vlan450
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan450
dhcpd ip interface 192.168.210.1 option 3 Vlan450
enable Vlan450 dhcpd
!
dhcpd address 192.168.2.100 - 192.168.2.150 Vlan460-SuldalHotell
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan460-SuldalHotell
dhcpd 192.168.2.1 ip interface option 3 Vlan460-SuldalHotell
dhcpd enable Vlan460-SuldalHotell
!
dhcpd address 192.168.3.100 - 192.168.3.200 Vlan461-SuldalHotellGjest
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan461-SuldalHotellGjest
dhcpd ip interface 192.168.3.1 option 3 Vlan461-SuldalHotellGjest
dhcpd enable Vlan461-SuldalHotellGjest
!
dhcpd address 192.168.202.100 - 192.168.202.199 vlan470-Kyrkjekontoret
interface of dhcpd option 3 ip 192.168.202.1 vlan470-Kyrkjekontoret
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan470-Kyrkjekontoret
dhcpd enable vlan470-Kyrkjekontoret
!
dhcpd option 3 192.168.20.1 ip interface vlan480-Telefoni
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan480-Telefoni
!
dhcpd address 192.168.10.80 - 192.168.10.90 Vlan490-QNapBackup
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan490-QNapBackup
dhcpd 192.168.10.1 ip interface option 3 Vlan490-QNapBackup
!
dhcpd address 192.168.30.100 - 192.168.30.199 Vlan500-HellandBadlands
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan500-HellandBadlands
dhcpd ip interface 192.168.30.1 option 3 Vlan500-HellandBadlands
dhcpd enable Vlan500-HellandBadlands
!
dhcpd address 192.168.40.100 - 192.168.40.150 Vlan510-IsTak
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan510-IsTak
dhcpd 3 ip Vlan510-IsTak 192.168.40.1 option interface
Vlan510-IsTak enable dhcpd
!
dhcpd address 192.168.50.150 - 192.168.50.199 Vlan600-SafeQ
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan600-SafeQ
Vlan600-SafeQ enable dhcpd
!
dhcpd address 192.168.4.100 - 192.168.4.150 Vlan462-Suldalsposten
interface option 6 ip DomeneServer 81.167.36.11 Vlan462-Suldalsposten dhcpd
interface ip dhcpd option 3 Vlan462-Suldalsposten 192.168.4.1
Vlan462-Suldalsposten enable dhcpd
!
!
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
!
context of prompt hostname
Cryptochecksum:x
: end
Site 1 config:
: Saved
:
ASA Version 7.2 (4)
!
ciscoasa hostname
domain default.domain.invalid
activate the password encrypted x
passwd encrypted x
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.77.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
PPPoE Telenor customer vpdn group
IP address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 15
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
DNS server-group DefaultDNS
domain default.domain.invalid
outside_access_in list extended access permit icmp any any disable log echo-reply
access extensive list ip 192.168.77.0 outside_1_cryptomap allow 255.255.255.0 192.168.1.0 255.255.255.0
access extensive list ip 192.168.77.0 inside_nat0_outbound allow 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 524.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
Access-group outside_access_in in interface outside
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
Enable http server
http 192.168.77.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs
peer set card crypto outside_map 1 79.160.252.226
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow inside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet 192.168.77.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
VPDN group Telenor request dialout pppoe
VPDN group Telenor localname x
VPDN group Telenor ppp authentication chap
VPDN x x local store password username
dhcpd outside auto_config
!
dhcpd address 192.168.77.100 - 192.168.77.130 inside
dhcpd dns 192.168.77.1 on the inside interface
dhcpd option 6 ip 130.67.15.198 193.213.112.4 interface inside
dhcpd allow inside
!
dhcpd option 6 ip 130.67.15.198 193.213.112.4 outside interface
!
tunnel-group 79.160.252.226 type ipsec-l2l
IPSec-attributes tunnel-group 79.160.252.226
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:x
: end
Hello
The addition of a new network to the existing VPN L2L should be a fairly simple process.
Essentially, you need to add the network of the Crypto present ACL configurations "crypto map" . You also need to configure the NAT0 configuration for it in the appropriate interfaces of the SAA. These configurations are all made on both ends of the VPN L2L connection.
Looking at your configurations above it would appear that you need to the following configurations
SITE 1
- We add the new network at the same time the crypto ACL and ACL NAT0
access extensive list ip 192.168.77.0 outside_1_cryptomap allow 255.255.255.0 192.168.20.0 255.255.255.0
access extensive list ip 192.168.77.0 inside_nat0_outbound allow 255.255.255.0 192.168.20.0 255.255.255.0
SITE 2
- We add new ACL crypto network
- We create a new NAT0 configuration for interface Vlan480 because there is no previous NAT0 configuration
outside_20_cryptomap_1 to access extended list ip 192.168.20.0 allow 255.255.255.0 192.168.77.0 255.255.255.0
Comment by VLAN480-NAT0 NAT0 for VPN access-list
access-list VLAN480-NAT0 ip 192.168.20.0 allow 255.255.255.0 192.168.77.0 255.255.255.0
NAT 0 access-list VLAN480-NAT0 (vlan480-Telefoni)
These configurations should pretty much do the trick.
Let me know if it worked
-Jouni
-
Help cannot access internal resources
Hello I am trying to configure an ASA 5505 at home and connecting through the Cisco Secure mobility Client
Internal network: 10.37.1.0/24
Guest network: 10.37.2.0/24
DHCP VPN: 10.37.3.0/24
I am only able to connect with the local account of ASA, not LDAP as I want. After I connect I get my 10.37.1.0/24 (my internal network) secure route but I can't ping, RDP, SSH, etc. anything inside. I get the message below...
4 October 30, 2013 12:08:36 10.37.3.130 Refuse icmp outside CBC: 10.37.3.130 dst host: SPIDERMAN (type 8, code 0) by access-group "outside_access_in" [0x0, 0x0] Any help would be greatly appreciated! Thank you.
Registered
: Written by enable_15 to the 09:09:04.925 EDT Wednesday, October 30, 2013
!
ASA Version 8.2 (5)
!
hostname aquaman
domain batcave.local
activate the encrypted password of O8X.8O1jZvTr6Rh3
zHg4tACBjpuqj6q5 encrypted passwd
names of
name 10.37.1.99 GREEN-ARROW
name OpenDNS1 description resolver1.opendns.com 208.67.222.222
name OpenDNS2 description resolver2.opendns.com 208.67.220.220
name 208.67.222.220 OpenDNS3 resolver3.opendns.com description
name 208.67.220.222 OpenDNS4 resolver4.opendns.com description
name 10.37.1.15 DU-HULK
name 178.33.199.65 ComodoMX1 mxsrv1.spamgateway.comodo.com description
name 178.33.199.66 ComodoMX2 mxsrv2.spamgateway.comodo.com description
name 10.37.1.101 SPIDERMAN
name 10.37.1.10 DAREDEVIL
name 65.73.180.177 WorkIP
name 10.37.1.254 OpenVPNAS
name 10.37.3.0 VPN_DHCP
name 10.37.2.10 GuestWirelessAP
name 10.37.1.20 DU-FLASH
name 10.37.1.200 BR_1
name 10.37.1.201 BR_2
name 10.37.1.30 IRONMAN
name 10.37.1.25 WIKI
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif House
security-level 100
IP 10.37.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Vlan5
nameif comments
security-level 50
IP 10.37.2.254 255.255.255.0
!
!
interval M-F_9-16
periodical Monday to Friday 09:00 to 16:00
!
Banner motd
boot system Disk0: / asa825 - k8.bin
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS domain-lookup outside
DNS server-group DefaultDNS
Server name OpenDNS1
Server name OpenDNS2
Server name OpenDNS3
Server name OpenDNS4
domain batcave.local
permit same-security-traffic inter-interface
object-group service RDP - tcp
Remote Desktop Protocol Description
EQ port 3389 object
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
the ComodoSpamFilter object-group network
host of the object-Network ComodoMX1
host of the object-Network ComodoMX2
the OpenDNSServers object-group network
host of the object-Network OpenDNS2
host of the object-Network OpenDNS4
host of the object-Network OpenDNS3
host of the object-Network OpenDNS1
VNC tcp service object-group
EQ port 5900 object
smartmail tcp service object-group
object-port 9998 eq
http2 tcp service object-group
EQ object of port 8080
RDP2 tcp service object-group
port-object eq 3789
DM_INLINE_TCP_1 tcp service object-group
EQ port ssh object
port-object eq telnet
object-group network Netflix
host of the object-Network BR_1
the object-BR_2 Network host
object-group service tcp MOP3
port-object eq 3999
outside_access_in list extended access permit tcp any interface outside of the object-group RDP log disable
outside_access_in list extended access permit tcp any interface outside eq ftp log disable
outside_access_in list extended access permit tcp any interface outside eq www disable journal
outside_access_in list extended access permitted tcp object-group ComodoSpamFilter interface outside eq smtp log disable
outside_access_in list extended access permit tcp any interface outside of the object-group smartmail disable journal
access-list extended outside_access_in permit tcp host WorkIP log disable interface outside object-group VNC
outside_access_in list extended access permit tcp any interface outside of the object-group http2 disable journal
outside_access_in list extended access permit tcp any interface outside of the object-group RDP2 journal disable
outside_access_in list extended access permit icmp any interface outside disable newspaper echo-reply
home_access_in list extended access allowed object-group TCPUDP 10.37.1.0 255.255.255.0 OpenDNSServers eq field journal disable object-group
home_access_in list extended access allowed host TCPUDP object-group SPIDERMAN turn off no matter what field eq journal
home_access_in list extended access denied object-group TCPUDP 10.37.1.0 255.255.255.0 disable any log domain eq
home_access_in allowed extended access list ip all all disable Journal
guest_access_in list extended access allowed object-group TCPUDP 10.37.2.0 255.255.255.0 OpenDNSServers eq field journal disable object-group
guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper ftp EQ
guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper of DM_INLINE_TCP_1-group of objects
guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper RDP-group of objects
guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper VNC object-group
guest_access_in list extended access denied object-group TCPUDP 10.37.2.0 255.255.255.0 disable any log domain eq
guest_access_in to access extended list ip any any newspaper disable time-range allow M-F_9-16
Standard access list Split_Tunnel_List allow 10.37.1.0 255.255.255.0
pager lines 24
Enable logging
timestamp of the record
logging trap notifications
asdm of logging of information
logging - the id of the device hostname
logging host home-FLASH
Home of MTU 1500
Outside 1500 MTU
Comments of MTU 1500
local pool VPN_DHCP 10.37.3.130 - 10.37.3.139 255.255.255.0 IP mask
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any home
ICMP permitted outside the host WorkIP
ICMP deny everything outside
ICMP deny any guest
ASDM image disk0: / asdm - 714.bin
Location THE-HULK 255.255.255.255 ASDM home
Location WIKI 255.255.255.255 ASDM home
Location GREEN-ARROW 255.255.255.255 ASDM home
Location OpenDNS2 255.255.255.255 ASDM home
Location OpenDNS4 255.255.255.255 ASDM home
Location OpenDNS3 255.255.255.255 ASDM home
Location OpenDNS1 255.255.255.255 ASDM home
Location ComodoMX1 255.255.255.255 ASDM home
Location ComodoMX2 255.255.255.255 ASDM home
Location SPIDERMAN 255.255.255.255 ASDM home
Location DAREDEVIL 255.255.255.255 ASDM home
Location WorkIP 255.255.255.255 ASDM home
Location OpenVPNAS 255.255.255.255 ASDM home
Location VPN_DHCP 255.255.255.0 ASDM home
Location GuestWirelessAP 255.255.255.255 ASDM home
Location LA-FLASH 255.255.255.255 ASDM home
Location IRONMAN 255.255.255.255 ASDM home
don't allow no asdm history
ARP timeout 14400
NAT-control
Overall 101 (external) interface
NAT (House) 101 0.0.0.0 0.0.0.0
NAT (guest) 101 0.0.0.0 0.0.0.0
3389 GREEN ARROW 3389 netmask 255.255.255.255 interface static tcp (home, outdoor)
public static tcp (home, outside) THE-HULK netmask 255.255.255.255 ftp ftp interface
public static tcp (home, outside) interface www THE-HULK www netmask 255.255.255.255
public static tcp (home, outside) interface smtp smtp netmask 255.255.255.255 IRONMAN
9998 IRONMAN 9998 netmask 255.255.255.255 interface static tcp (home, outdoor)
5900 5900 SPIDERMAN netmask 255.255.255.255 interface static tcp (home, outdoor)
public static (home, outside) udp interface tftp THE tftp netmask 255.255.255.255 FLASH
3789 THE FLASH 3789 netmask 255.255.255.255 interface static tcp (home, outdoor)
8080 8080 WIKI netmask 255.255.255.255 interface static tcp (home, outdoor)
Access-group home_access_in in interface House
Access-group outside_access_in in interface outside
Access-group guest_access_in in the comments of the interface
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
AAA-server protocol ldap BATCAVE
AAA-server BATCAVE (home) host DAREDEVIL
LDAP-base-dn = Users, OR =, DC = batcave, DC = local
LDAP-group-base-dn memberOf = CN = Cisco VPN Users, OR = Groups, OU = staff, DC = batcave, DC = local
LDAP-naming-attribute sAMAccountName
LDAP-login-password npYDApHrdVjOTcj8kJha
LDAP-connection-dn CN = Cisco account LDAP, OU = Service accounts, DC = batcave, DC = local
microsoft server type
the ssh LOCAL console AAA authentication
LOCAL AAA authentication serial console
LOCAL AAA authorization exec
http server enable 3737
http WorkIP 255.255.255.255 outside
http 10.37.1.0 255.255.255.0 House
redirect http outside 80
http redirection 80 home
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
No vpn sysopt connection permit
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
No vpn-addr-assign aaa
VPN-addr-assign local reuse / time 5
Telnet timeout 5
SSH GREEN-ARROW 255.255.255.255 House
SSH SPIDERMAN 255.255.255.255 House
SSH daredevil 255.255.255.255 House
SSH WorkIP 255.255.255.255 outside
SSH timeout 10
SSH version 2
Console timeout 30
dhcpd outside auto_config
!
dhcprelay Server DAREDEVIL home
dhcprelay enable comments
dhcprelay setroute comments
time-out of 60 dhcprelay
Host priority queue
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP Server 64.90.182.55 prefer external source
Server TFTP FLASH-home of THEftp://10.37.1.20/ t
WebVPN
Enable home
allow outside
SVC disk0:/anyconnect-win-3.1.04066-k9_3.pkg 1 image
enable SVC
attributes of Group Policy DfltGrpPolicy
value of server DNS 10.37.1.10
VPN - connections 1
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list Split_Tunnel_List
Batcave.local value by default-field
WebVPN
SVC request to enable default webvpn
aquaman encrypted KKOPGG99Bk0xyhXS privilege 15 password username
jared YlQ4V6UbWiR/Dfov password user name encrypted privilege 15
attributes global-tunnel-group DefaultWEBVPNGroup
address VPN_DHCP pool
type tunnel-group HomeVPN remote access
attributes global-tunnel-group HomeVPN
address VPN_DHCP pool
authentication-server-group BATCAVE
!
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
!
10.37.1.30 SMTP server
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:65c8e856cde7d73200dd38f670613c2b
: end
Hi Jared,
Because your configuration has the statement without sysopt connection VPN-enabled -'re missing you an exempt nat rule. This is why you must configure an access list to allow traffic between your network VPN of RA and your inside the subnet - apply rule to your house where the 10.37.1.0/24 of the interface.
Example:
access extensive list ip 10.37.1.0 nonat_rule allow 255.255.255.0 10.37.3.0 255.255.255.0
NAT (House) access 0-list nonat_ruleGive that a try
Concerning
-
Failed to connect to the server of the JDeveloper app - opmn?
Hello
I am completely new to the application server. The one we use is Oracle Application Server 10g Release 10.1.3.1.0.
I started a stand-alone server that is included in JDeveloper and create a connection to it of JDeveloper and deployed an application without problem.
But when I tried to create a connection to the above mentioned application server which implies the port for opmn, I got stuck.
In the opmn.xml file, I find:
When you try to create a connection to this server from JDeveloper application, here's what I entered and got:<notification-server interface="ipv4"> <port local="6101" remote="6201" request="6004"/> <ssl enabled="true" wallet-file="$ORACLE_HOME/opmn/conf/ssl.wlt/default"/> </notification-server>
The opmnctl order out any of these three ports numbers listed in the opmn.xml file in:Connection type: Oracle Application Server 10g 10.1.3 User name: devuser1 Password: xxxxxxxx Connect to: Single Instance Host name: dbapp.domain.edu OC4J instance name: orappserver1.dbapp OPMN port: 6004 Error: No OC4J process up for AS instance identified by domain: opmn-orappserver1.dbapp+oc4j-dbapp.domain.edu-6004-default
What is the problem? Is opmn a process to be launched first?$ ./opmnctl status -l Processes in Instance: orappserver1.dbapp ---------------------------------+--------------------+---------+----------+------------+----------+-----------+------ ias-component | process-type | pid | status | uid | memused | uptime | ports ---------------------------------+--------------------+---------+----------+------------+----------+-----------+------ OC4JGroup:default_group | OC4J:oc4j_soa | 8039 | Alive | 1814298877 | 93564 | 97:01:40 | jms:12603,ajp:12504,rmis:12704,rmi:12404 OC4JGroup:default_group | OC4J:home | 8040 | Alive | 1814298876 | 65184 | 97:01:40 | jms:12604,ajp:12503,rmis:12703,rmi:12403 ASG | ASG | N/A | Down | N/A | N/A | N/A | N/A HTTP_Server | HTTP_Server | 12451 | Alive | 1814298875 | 93956 | 269:44:39 | https1:4444,http2:7201,http1:7778
It is an application server installed by someone who has no experience and gave me a nonadministrator account. It seems to me that the problem is that opmn is not started, but I'm not absolutely sure.
These descriptions of the scenario, can experienced people give a diagnosis?
Thank you very much!
NewmanYour understanding is quite correct.
opmn start - starts opmn only
opmn startall - begins to opmn and all the components it manages. (IE. OSH, OC4J, etc..)You need to do the later so that everything works and that your connect properly to OC4J.
If you continue to read the documentation to opmn, you will discover that opmn has more options to start and stop processes managed by opmn.
-olaf
Maybe you are looking for
-
With hp LaserJet MFP M125nw Pro installation problem
I have a problem with you reinstall the drivers from the printer in the address for Windows 7, in fact, when I start the installation disk all goes well until the collection of data on the site of the installation, when it comes to 99% seem to me a s
-
Problem of video player on Satellit P850-12 x - different build version update
Update of VideoPlayer on Satellit P850-12 x Anyone else had problems with this?The installer complains about source and target build different versions
-
A beep sound when you use the Tablet after closing lid
Hello I'm having a problem that drives me crazy! When I cover my laptop closed for awhile in its docking station, or on the battery, when I opened the lid and start using the key pad, the device beeps loud and a bunch of random windows pop up on the
-
My D-latch won't work. I've been troubleshooting for awhile; Anyone have any ideas?
I can't go to Q'. Any help would be greatly appreciated.
-
Is there a validation for original Dell windows xp installation which does not pass the test now?