Internal untrusted clients directed to the external IP address for traffic PCoIP
I have a network segment disable my firewall for some untrusted clients. When untrusted clients connect to view (5.3), they use a DNS name that resolves to a DMZ (view Security Server) host. That's where I think the problem is: it seems that security server responds with its external IP address, and then all the PCoIP traffic is routed to my router (where the external IP address can be found), then back into view and the customer. Traffic of SSL connection works fine, the traffic remains inside and does not get directed to the external IP address. It is only the PCoIP traffic that gets invited to use the external IP address.
It seems that DNS is not enough - Security Server seems to respond and connect using only the external IP address configured in the external URL field PCoIP - is this correct? If so, then to do a substitution for the external URL so that internal untrusted traffic doesn't get routed the external IP address - this creates a lot of unnecessary traffic, mess with QoS, etc..
Another idea would be to allow untrusted clients to connect directly to a login server instead of sending them on the Security Server, but I don't think that it is a best practice...?
Mike
As Linjo says the simplest solution is to set up a server for additional security to point these clients (no need of another server connection, you can pair it with the existing one). Today, you are required to provide an IP address for PSG, so if you need to send it to another, you will need a second server.
Of course, if they are completely not reliable customers, then you can force through the external access point still but looks like you need avoid the cost of additional traffic from this approach.
Mike
Tags: VMware
Similar Questions
-
Remote Desktop for the external IP address is no longer works
Hello and thanks for your help.
For months I could access my desktop from my laptop (via Remote Desktop) / Tablet (via PocketCloud), both inside and outside my network.
Recently, the external IP address for my router has changed. As this happened, I was not able to access my desktop to the outside.
Other possible factors:
-A had a problem of invalid system disk on my desktop which has been resolved by changing the boot order.
-J' I registered a domain name, which I redirected to the old IP address. I have since updated the domain to redirect to the new IP address.
I tried the IP address and the URL (using my domain name) to try and MOP with no luck.
Any suggestions?
Thank you
Hello
I suggest you post this question in this forum to improve assistance:
http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads
-
When I search using the address field, I am is more directed directly on the site I look for ex-BBC, as I was before.
Instead Google web page appears with a list of proposals, and I have to click on the link to the BBC it to get on the site.
Ways you can give me the code to insert in the "topic: config" keyword. URL
r
Take a look at this module.
https://addons.Mozilla.org/en-us/Firefox/addon/keywordurl-hack/ -
PAP2T loses the connection when the external ip address changes
I have a PAP2T adapter connected behind a Netgear DG834GT router. Usually, I have no problem, however, my ISP has been known to change the dynamic IP address from time to time. In this case the adapter will stay online until the reg expires during which he is not able to save the time and I get the error "unable to connect to the server. Therefore, the only way I can get the adapter to work again is to restart the router, then restart the adapter. If I reboot the adapter only it will not connect.
I have the router providing a fixed ip address via DHCP. I have active STUN and the I the active NAT and NAT keepalive mapping. The "reg expires" is set to 60. When the adapter is connected correctly, it shows the external IP correctly. However, it will not update after the external ip address change until I have restart the router and adapter. I thought to get a static IP address, but try to avoid paying for it. Is this a common problem?
I'm rather new to VOIP and I hope I have given you enough information. Any help would be appreciated.
Thank you
Kirk
I finally got to work. It turns out that I had to do an update of the firmware on the router and then place the card in the demilitarized zone.
-
Retrieve the external IP address of the router from a paralytic
Hello
I'm working on a workflow, that the provisions, a complete paralytic, I have nearly all that work, the only issue I am running into is not able to shoot/get the external IP address of the router once that vApp is put into service. Does anyone know which API can I gives the floor to get that information? I have attached a screenshot of the NAT tab in the firewall of vApp to give more details on the specific element, I'm trying to recover. Any help would be greatly appreciated.
Thank you
J
Here's an excerpt from one of my workflows in test I use to inspect a vApp on vCloud Director with vCO 5.5 5.5:
System.log("=== Network Configurations ==="); var networkConfigurations = vApp.getVappNetworkConfigurations(); for each (cfg in networkConfigurations){ System.log("href: "+cfg.href); System.log("Description: "+cfg.description); System.log("isDeployed: "+cfg.isDeployed); var netConfig = cfg.configuration; System.log("ipScope: "+netConfig.ipScope); var routerInfo = netConfig.routerInfo; if (routerInfo != null){ System.log("External IP: "+routerInfo.externalIp); } }I would like to know if this is useful, I just double it checked by running against one of my vApps has a similar configuration (NAT and Port Forwarding) and it displays the correct external IP address for me.
[2014-02-18 11:41:33.514] [I] === Network Configurations === [2014-02-18 11:41:33.515] [I] href: null [2014-02-18 11:41:33.515] [I] Description: This is a special place-holder used for disconnected network interfaces. [2014-02-18 11:41:33.515] [I] isDeployed: false [2014-02-18 11:41:33.515] [I] ipScope: null [2014-02-18 11:41:33.516] [I] href: null [2014-02-18 11:41:33.516] [I] Description: [2014-02-18 11:41:33.516] [I] isDeployed: true [2014-02-18 11:41:33.516] [I] ipScope: null [2014-02-18 11:41:33.516] [I] External IP: 192.168.1.61
-
Hello
I've implemented vCloud Director on my network, when I create an organization network that is NAT-Routed I give him a pool of external IP addresses.
My Question is that when an organization network is deleted what is happening with this pool of IP, how can retrieve us these IP address.
Y at - it no vCloud API Java, who can give me the pool of the external IP address list for a particular network of org. ?
Kind regards
SachinJ
Check the examples 6-10 and 6-11 in the vCloud API Programming Guide ("' an Administrative organization network overview").
Although the 6-11 is abbreviated, 6-10 seems to suggest that the AllocatedIpAddresses element may contain what you are looking for.
http://pubs.VMware.com/vCloud-API-1/vCloud_API_Guide_Admin.8.7.html#1039433
I don't know how the Java SDK surfaces this information.
-
your external IP address for port forwarding
OK, so I want to do a game server, but... There need Port Forwarding, so I called my InternetServiceProvider "Clear."
Claire told me that "WE DO NOT support the external Ip addresses: then I was then told that I have to call HP because that's what my PC is under.
I decided to go to the site and ask because they want a $ 60 million tax which is good, but... I don't have the money! This is why I need a server. In any case if you can please give me a video or tell me how do it in the response that would be LARGELY APPRECIATED!
-Sincerely
VladmirTodd
Go to portforward.com and use their tutorials.
-
How to find the e-mail address for my HP 6700? Printer shows E-Print connected.
I am using the Forum to get a new code to the printer and the printer shows homepage that's on, but now I don't know how to find the e-mail address for my computer.
Hello
In the front of the printer, go to configuration. Locate and enter the Web Services. Aprove any step to activate the service... leave the system a few minutes to complete your registration, a page will be printed automatically with the code printer and directions to select the email address of hpeprint.com.
Kind regards.
-
Cannot configure the static IP address for Cisco Touch 8 "
Hi all
I found that I can not configure the static IP address for Cisco Touch on TC7.0.1 / 7.0.2 with the procedure described below.
1. upgrade a codec (e.g. SX20 TC6.3 or less) and a touch paired with the codec for TC7.0.2.
2. after the upgrade, désapparier (with the help of désapparier Touch button) touch and it reboot.
3. tap on "IP settings."
4. Select "Manual IP allocation".
5. Enter the IP address, subnet mask, default gateway, and then press "Save".
Even though we have configured the static IP address with the above procedure, IP allocation remains 'Auto' (= DHCP) and the IP address, subnet mask, default gateway is also empty.
In this situation, the only way to configure the IP address for the Touch is to use the DHCP server.
I guess many users uses the static IP assignment like us, so please fix it as soon as POSSIBLE.
Best regards
Kotaro Hashimoto
Hi Kotaro,
It is a known problem in TC7.0.1 and TC7.0.2. The id of the bug is CSCum82147.
To work around the problem, set IP address you want the button before moving on to TC7.0.x.
The bug has been fixed and will be included in the next version of the TC software.
Kind regards
Jonas Tysso
-
Where can I find the e-mail address for my printer HP 5520?
Where can I find the e-mail address for my printer HP 5520?
zubzub wrote:
Where can I find the e-mail address for my printer HP 5520?
Press the 'ePrint' on your printer - which will display your e-mail address of printer.
If you have not enabled web services, you can do this from the settings button on the screen that appears on the printer screen when you press the ePrint.
-
Hi, the creative cloud continues to send my inactive email account validation e-mail. How can I change the e-mail address for verification
email https://forums.adobe.com/thread/1446019 or
-http://helpx.adobe.com/x-productkb/global/didn-t-receive-expected-email.html
-
Portege Z830: I want to disable internal LCD and use only the external monitor
I have a Toshiba Portege z830.
I use my laptop in "Extended desktop", mode with an external monitor, which is the main display.
In this mode, the two screens are still on, but I want the built-in LCD screen to be opened only when I use it.Is this possible?
Thank you.Hello
In my opinion, this is not possible.
In extended mode, you use and display internal but extended and the long part is visible on the external monitor.
In such a case its any that your external monitor is set as main display.If you want to use an external monitor only, you can only export the video signal on external monitor by pressing FN + F5
-
46HX800 directly on the external speakers?
I have a 46HX800. Is it true that both audio outputs (both RCA and digital audio output plugs) are designed to go to an amplifier or powered speakers and there is no way to connect directly to external speakers?
Hello homeboy.
Yes, the red and white Audio Out connection and the digital audio output require the use of a receiver or speakers.
Speakers can be connected directly to the Audio Out jacks.
Kind regards
Colby
-
The IP address private VC directly to the public IP address
Hello
I'm a bit puzzled as to why a specific call, I saw worked for a couple of guests and wonder if there was no change in the situation in the H.323 protocol that allows a form any NAT crossing built natively into the codec without involving and external gateway function.
the reason I ask is the following
I got a call from a customer with a codec on a private no routable IP to my system that is located on a public IP address, the client had no details of NAT configuration in the endpoint and was able to call my system directly without issue by calling directly to my public IP address.
historically now if I had a system on a private IP address was sitting behind a NAT, I expect that the public system IP would see no routable IP address of the H.225 message and try to answer the private IP RTP media that would not go through, it does not seem to occur.
the call that I have lived seemed ends without problem, media flowed in both directions.
My endpoint is a Cisco edge 85 on the version of the firmware F9.x
the other codec parts is an 85 edge on the version of the firmware F9.x
My codec is on a public IP address that is completely open to the H.323 ports
the other codec parts is on a private IP address.
while I can't call the other party, the other party may call for me, and I wonder how it worked, taking into account the fact that there is no gateway service aware H.323 in the call, either a VCS or aware firewall H.323.
Experience, firewalls and other gateways outside of Cisco, Tandberg, Polycom, have struggled to deal with the new H.323 version, again this is why I'm puzzled as to why the call worked.
I did a bit of reading on the new version of H.323 and noticed the option multiplex logical channel, however on a call where I saw this apparently works again of a life-size codec for a Codian MCU 4505 shows no sign of this logical channel multiplex, unless that is named differently in the newspapers that the ITU document calls the function.
greatly appreciated all all all the answers, I don't understand exactly how the firewall impact VC calls.
Thinking with portals
The MXP has NAT builtin functions. Please take a look at the guide admin 9.x:
The description of the NAT setting is on page 77.
EX series admin guide http://www.cisco.com/en/US/docs/telepresence/endpoint/ex-series/tc6/administration_guide/ex-series-administrator-guide-tc62.pdf has the same details on page 63.
-
Restoration of the external hard drive for Windows 7 System Image
I created a System Image on my external hard drive. Now when I choose ' select another backup to restore files of "the hard drive is not detected. Even after you reconnect the hard drive and click Refresh it is still not detected. Help!
For any question on Windows 7:
http://social.answers.Microsoft.com/forums/en-us/category/Windows7
Link above is Windows 7 Forum for questions on Windows 7.
Windows 7 questions should be directed to the it.
You are in the Vista Forums.
See you soon.
Mick Murphy - Microsoft partner
Maybe you are looking for
-
Spectrum of HP x 360 13-4100nn: dead touchscreen HP spectrum x 360 - early failure
Hello I recently bought a HP spectrum x 360 13-4100nn and after two days the touch screen stops working. I have tryied all of the recommended patches: -updates to drivers, BIOS, OS -Recovery system + factory reset (http://h20564.www2.hp.com/hpsc/doc/
-
Manipulation of table (delete the lines which are > lines after them)
I have a table of entry I want to manipulate. We measure a rotation device. In the measurement sequence we want to display the data on a slope that is constantly growing, although when we let off the coast of the acceleration of our mobile device at
-
Hur jag som raderats bilder hittar permanent?
Hur jag som raderats bilder hittar permanent? behover help som f * king God. Bilderna fan allt kan help.
-
Create or open the sqlite db in webworks for playbook
I have a sqlite database. I want to open the db using javascript. Also I have to keep the db locally and wrap it up. Can someone let me know with a sample code how to do CRUD features in sqlite db using JS. Please answer soon, if anyone has an idea.
-
Before browser does not anchor?
Seem to have a little problem. It seems that HTML anchors do not work in the browser on the Palm Pre. Something like a link "Go to the top of the page" who jumps right back up to a certain point in the page for long pages. Does anyone else have this