Impossible to accelerate SSL/HTTPS traffic
Hello
I tried to speed up SSL/HTTPS traffic without success.
I start with this technology, and maybe I have configuration errors. I followed the guides, but I'm not able to speed up that kind of traffic. Can someone help me?
Both of my servers WASS footstool is attached. I'm their administration in the WAAS central Manager.
Version of the software Cisco Wide Area Application Services (accelerator-k9) 5.3.5f (build b7 February 10, 2016)
Version: sm-sre-710 - 5.3.5f.7
Is it possible to WAAS accelerate traffic from SHA - 1? Do I need my server CA certificates in "certification authorities"?
Kind regards
Heriberto.
This time no other.
I got to see all my internal docs, because as said that it was so long I don't have WAAS.
I would check that I'll be back if I found something
Tags: Cisco DataCenter
Similar Questions
-
How to monitor the HTTP traffic by programming?
Hello
I want to follow any type of HTTP traffic on the BlackBerry device programmatically. With the help of HttpFilterRegistry we can monitor specific area, but my requirement is to monitor any kind of traffic regardless of field.
Any idea or suggestion wqould be great.
Thank you!
Short answer is that you can not monitor other application data traffic. I'm sorry.
-
DMVPN divide tunnling question, not able to pass http traffic to end spoke.
Hi all
I would appreciate it please help me solve after publication.
I've used installation DMVPN (EIGRP routing protocol) for 20 site no problem at all, and everything works perfectly.
Now, I have received a request that I would need to divide the legitimate business and internet traffic to end talks, so all internet traffic via a local ADSL connection, but I tried to solve it but router speaks constantly forward all traffic to the tunnel.
Moreover, I found on internet DMVPN a limitation that split tunneling isn't possible.
Please can you suggest me how can I send internet traffic (HTTP) via a DSL connection local
Thank you and best regards,DMVPN is not based on politics, split tunneling concepts not apply.
DMVPN relies on the road to understand what traffic should be sent by tunnel.
In your case, you also have to distinguish between the company and the Internet HTTP traffic, better correct routing in place.
-
Re-reading the HTTP traffic to a CF Server
It is a technical question. I recorded a bunch of HTTP traffic to my CF application do the actions I want to replay at a later date for testing purposes. These records relate to a user by logging into the application followed by the user who runs a bunch of actions. In order to read this traffic accurately I set up traffic re-read for adjust its cookies to maintain session as the session used when recording will be expired at this time there.
This approach works very well for 1 customer or if, but when I start this scaling up to many customers, he begins to intermittently fail. The replay debugging clients who fail, I see that the server generates a new JSESSIONID cookie for each answer even if I send the correct cookie in the query. However, for a proofreading client that works correctly, I see the cookie JSESSIONID remains the same for the entire session. After a time of execution of many clients using this method CF server seems unable to accept any client proofreading. Restarting the server seems to correct this problem, but then it starts to reproduce.
My guess is it has something to do with the internal components of the configuration of CF or J2EE session configuration. Someone with more knowledge of these applications there an idea what could be wrong?
Well, I managed to solve this problem. It turns out that the reset of the session came from a CF error that says double Session detected. It was because there was still another variable of State management passed around the http message body called Iddm. I managed to pull this of the response from the server and send it to the following applications. This seems to have solved the problem.
-
The SWF file HTTPS traffic is visible without source Flex?
I have a Flex application that uses HTTPService HTTPS URL (such as myService.url = "https://example.com/path/to/resource" ""). When I deploy this application but do not provide the source code, is there some way that a hypothetical attacker could find the URL or some other details without decompile SWF? In other words, a tool such as Fiddler or Charles Proxy could be used to intercept HTTPS traffic? (These tools can do for traffic from the browser but seem to fail for Flash Player, even if I install the self-signed certificate that these tools typically use a trust.)
Thank you
Borek
Well, if it runs in a browser, FireBug in Firefox's 'see' and inform of all connections and as I saw there is a full URL.
-
Impossible to accelerate traffic RDP 4.5 view with the of Riverbed Steelhead appliance
Hello
We are currently assessing two of Riverbed Steelhead appliances to see what that capacity in terms of acceleration of the RDP. Our intention is to use these devices to accelerate RDP traffic on our network at our branch.
While we can easily demonstrate optimization applied to traffic enforcement and standard RDP connection (with encryption and compression disabled), we are not able to see any optimization with the Protocol RDP for VMware View 4.5. Instead, we see traffic optimization at the launch of the Customer View point click on 'Connect' on the virtual machine you want. At this point, the RDP connection is established and the Riverbed camera seems to get through the traffic display without any optimization at all.
Since we are able to get the optimization with applications and stand-alone RDP traffic, I was wondering if there is anything else we could be missing in the configuration for use with view, not to mention that turning off compression and encryption RDP as we already have in troubleshooting with Riverbed.
Do you have successfully obtained a Riverbed appliance to optimize the RDP traffic such as initiated by the customer to view? If so, what configuration steps you took.
Thanks for any help/advice,.
-Arin Puckett
No problem... Good luck!!!
WP
-
Hello
I have configured the client SSL VPN on SAA. I'm able to establish SSL VPN with the ASA and obtaining the IP address of subnet defined (CorporateVPN 172.16.0.100 - 172.16.0.110). But when I try to ping inside the property intellectual treats which is 172.16.0.1 and other machine in the range LAN getting loss of packets to the remote machine.
What could be the problem?
Below is the configuration of the SAA.
ASA Version 7.2 (1)
!
Cisco - ASA host name
test.com domain name
activate the password password
names of
DNS-guard
!
interface Ethernet0/0
Description connected to ISP
nameif outside
security-level 0
IP address "public IP".!
interface Ethernet0/1
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/2
Description connected to the local network
nameif inside
security-level 100
172.16.0.1 IP address 255.255.255.0
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 0
IP 192.168.1.1 255.255.255.0
management only
!
2KFQnbNIdI.2KYOU encrypted passwd
boot system Disk0: / asa721 - k8.bin
passive FTP mode
clock timezone GMT 3 30
management of the DNS domain-lookup service
DNS server-group DefaultDNS
Server name 203.123.165.75
test.com domain name
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
mask 172.16.0.100 - 172.16.0.110 255.255.255.0 IP local pool CorporateVPN
IP verify reverse path to the outside interface
IP verify reverse path inside interface
no failover
ASDM image disk0: / asdm521.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 172.16.0.0 255.255.255.0
Route outside 0.0.0.0 0.0.0.0 Gateway 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
internal GroupPolicy1 group strategy
attributes of Group Policy GroupPolicy1
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
WebVPN
enable SVC
SVC Dungeon-Installer installed
time to generate a new key of SVC 30
SVC generate a new method ssl key
internal Netadmin group strategy
Group Policy attributes Netadmin
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
WebVPN
Required SVC
SVC Dungeon-Installer installed
time to generate a new key of SVC 30
generate a new key SVC new-tunnel method
dpd-interval SVC 500 customer
dpd-interval SVC 500 gateway
username cisco password encrypted privilege 15 ffIRPGpDSOJh9YLq
attributes username cisco
VPN-group-policy Netadmin
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outdoors
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
attributes global-tunnel-group DefaultWEBVPNGroup
address pool CorporateVPN
tunnel-group NetForceGroup type webvpn
attributes global-tunnel-group NetForceGroup
address (inside) CorporateVPN pool
address pool CorporateVPN
Group Policy - by default-Netadmin
No vpn-addr-assign aaa
No dhcp vpn-addr-assign
Telnet 192.168.1.0 255.255.255.0 management
Telnet timeout 10
SSH timeout 5
Console timeout 0
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
WebVPN
allow outside
SVC disk0:/crypto_archive/sslclient-win-1.1.1.164 2 image
enable SVC
context of prompt hostname
Cryptochecksum:13f5616c7345efb239d7996741ffa7b3
: endYes, 'inside access management' is only to manage/ping of the SAA within the interface. Without this command, they would still be able to access the internal network. This command is only used to manage the SAA within the interface itself.
-
How to make SOAP client ssl (https) request call with c# in Visual Studio 2010?
Hello
I have https wsdl as https://128.107.155.166:8443/nbapi/event /? WSDL path and I would use as tool for vs2010 with proxy class add 'a service reference. At the present time, the proxy class already created by "a service reference" of vs2010 as the "Reference.cs" call So the question is "with the ssl Protocol, how can I write the client ssl request soap call of this class (Reference.cs) proxy that is generated by a service of vs2010. reference.Please let me know, and if you have examples of code that will be great. I need ASAP for my project.Thank you.Anderson LinYou will need to create a new post on MSDN for assistance: http://social.msdn.microsoft.com/forums/en-US/categories/
-
We are conducting a slow in connectivity between the clients of the company and the application server in the same company, while working on the application (loading Java Applet by HTTP) server, we disabled parameter receive window auto level control, the performance was much better.
My question is this parameter will affect other client HTTP on the same traffic?
Hi Naday,
Thanks for posting your query in Microsoft Community.
- These computers are connected to the domain network?
If so, your question is beyond the scope of what is generally answered in this forum of consumer and would be better suited for the IT Pro TechNet public.
Please ask your question in the TechNet Forumsof .
-
Impossible to access internal HTTPS via conn VPN
Whenever I have internal sites with HTTPS connections that do not have valid certificates, VPN users are unable to establish a connection. Wireshark trace number of thanks = TCP broken. I've run Packet Tracer and a problem on my DMZ? don't know why, as the traffic is flowing inside inside the interface. I'm a total lost as to why...
+++++++++++++++++++++++++++++++
ASA 5520 with code 8.4 (1)
VPN address = 172.25.17.0/24
HTTP = 172.18.2.13 Server (port 8443)
Can ping by IP address or server name
Can consult the site in-house after answering the certificate warning
++++++++++++++++++++++++++++
Any help is greatly appreciated!
Dave
Hello
Configuring NAT mentioned in your screencapture is causing all traffic from the VPN users to be diverted to the 'Independent' interface because 'everything' is configured
You would be to make this more specific rule by deleting "any any" and adding the real networks
OR
You can add a new rule BEFORE the above mentioned NAT configurations
I'm not sure what the interface real local "nameif" is (the one where actually the IP of the server) but you would need this kind of configurations
the SERVER object network
Home 172.18.2.13
network of the VPN-POOL object
172.25.17.0 subnet 255.255.255.0
SERVER server static NAT (serverint, outside2) 1 static source VPN-VPN-POOL
This rule must match the POOL of VPN traffic to the SERVER. The number "1" in the CLI format configurations means that it would be added to the upper part of the rules. The "serverint" is supposed to mean the actual name of the interface where the server as I assume that it is not located behind the 'Independent'
-Jouni
-
SSL (https) &; amp; sendAndLoad
Hello!
I'm trying to connect a flash via the ssl protocol application and I can't get it to work, it works very well without ssl, but with ssl, using https, it does not work.
any idea?
Thanks in advanceI solved this problem, if anyone needs help on, message me.
Ave!
-
Impossible to update SSL certificate for Mail account
My SSl certificate has expired. I bought a new one installed and all other mail client works fine... except this junk called Mac Mail. Now, I can't check my email at all.
I have 14 accounts on the same server. One account was asked to accept the new certificate (hostname mismatch). All other accounts are now with one! and "taking into accounts online" does nothing. Remove the SSL account does nothing. Remove the old certificate to keychain does nothing.
It is a valid, rather than a self-signed certificate.
So while I'm reconfigure everything on a real email client, anyone happen to know how to solve this problem? Every solution proposed elsewhere (other discussions, forums) do not work. Short to delete all accounts and recreate them will work hoping, this seems to be a lost cause...
Apple, why do they hate you us so much?
Fixed by wiping the mailbox completely...
-
Intermited SSL/HTTPS problems
Hello
I do port forwarding, one public IP address.
www go x.x.x.x works everyt weather
HTTPS will y.y.y.y sometimes works and sometimes does not work, any ideas?
Hello
Best guess is that you have also enabled HTTPS on the PIX. Try to disable the HTTP server on the PIX and see if that helps
Thank you
Nadeem
-
Impossible to compile Oracle HTTP 11.1.1.7 32 bit on 64 bit OEL6
I try to install the Middleware part for the Oracle HTTP server. I get this error when compiling.
/ usr/bin/make-f ins_net_client.mk mkldflags ORACLE_HOME = / export/home/oracle/Middleware/Oracle_WT2 / / usr/bin/make-f ins_net_client.mk ntcontab.o ORACLE_HOME = / export/home/oracle/Middleware/Oracle_WT2/rm - f ntcontab.*
(if ['compile' = "compile"]; then------)
/ export/home/Oracle/middleware/Oracle_WT2/bin/gennttab > ntcontab.c
GCC - c ntcontab.c.
RM-f /export/home/oracle/Middleware/Oracle_WT2/lib/ntcontab.o
MV ntcontab.o/export/home/oracle/Middleware/Oracle_WT2/lib /.
/ usr/bin/AR rv /export/home/oracle/Middleware/Oracle_WT2/lib/libn11.a /export/home/oracle/Middleware/Oracle_WT2/lib/ntcontab.o; FI)
GCC.orig: no input file
MV: cannot stat 'ntcontab.o': no such file or directory
/ usr/bin/AR: /export/home/oracle/Middleware/Oracle_WT2/lib/ntcontab.o: no such file or directory
make: * [ntcontab.o] error 1
Here is a run down of my installed packages.
[SERVER ~] $ rpm - qa | grep gcc
4.4.7 - GCC - 16.el6.x86_64
compat-gcc-34 - 3.4.6 - 19.el6.x86_64
4.4.7 - libgcc - 16.el6.x86_64
GCC - c++ - 4.4.7 - 16.el6.x86_64
[SERVER ~] $ rpm - qa | grep glib
dbus-glib-0, 86 - 6.el6_4.x86_64
glibc-common - 2.12 - 1.166.el6_7.1.x86_64
glibc-headers - 2.12 - 1.166.el6_7.1.x86_64
glibc - 2.12 - 1.166.el6_7.1.i686
glibc - 2.12 - 1.166.el6_7.1.x86_64
glibc-devel - 2.12 - 1.166.el6_7.1.x86_64
glibc-devel - 2.12 - 1.166.el6_7.1.i686
glib2 - 2.28.8 - 4.el6.x86_64
[SERVER ~] $ rpm - qa | grep libstdc
libstdc ++ - 4.4.7 - 16.el6.x86_64
compat-libstdc ++-33 - 3.2.3 - 69.el6.x86_64
libstdc ++ - devel - 4.4.7 - 16.el6.x86_64
The fixed. My script does not properly create the gcc41 file.
Here is the link that I speak to you.
Specifications and Oracle® Fusion Middleware system requirements
-
Impossible to browse the http url in the internal LAN
Hello
I can miss a few simple adjustments, but it really gets me upset. I managed to install the vCloud Director on RHEL 5.5 and I am able to access the portal of vcloud Director with vcloud Director server but cannot access the portal anywhere in the local network.
The installation program is something like this:
Director of cloud is installed on RHEL 5.5
SQL database (the instanace of sql is shared between vcenter and vcloud Director DB)
I am able to resolve host names i.e. forward and reverse search scopes
Not really sure that I'm missing here, something really stupid?
Help, please!
Kind regards
Mohammed
You can check out the complete domain name in your local hosts file, and then you must be sorted.
c:\Windows\system32\drivers\etc
If it sorts could you assign to this post a response?
Thank you
Tim
Maybe you are looking for
-
How can I change the network address of my Time Machine drive?
Hi people, This is my second question in 12 hours. Thanks to help I received here, I abandoned my doomed attempt to use my old AirPort Extreme and a USB key for Time Machine backups. I've used my ReadyNAS for Time Machine backups, but it has never be
-
Hi allI have a s S2410-304, which worked properly until today.After trying to fix the speaker, I removed all pieces to open Notepad to reach the meachanic parts near the speaker. But I could not remove the upper part of the lower panel and put it all
-
Hello I have the iphone 6 in warranty period... .working perfectly, but I want to exchange it with the iphone 6 s. Please suggest.
-
I try to print from a tablets KindleFire HDX and Samsung Galaxy Tab on my HP Officejet Pro 7600 but have not found a way to do it.
-
MPrint spooler does not not on my Windows XP
My print spooler does not work on my windows xp. I tried to restart on the way to the print spooler service and click Start, I get an error 1068, when I try to run the software for my Office jet 5780, which he continues to stop the print spooler does