Make the remote web server accessible via VPN Site to website
We have two test sites that are connected by a tunnel IPSEC VPN site-to-site (hosted on a SAA each site) over the Internet. We are trying to set up an environment to test two web applications running side by side. Two web servers are running on the Site of Test 1. We don't have the same public IP available at each site.
To address the public site 1 unique IP address restriction, we try to install ACL and NAT rules to have 2 Site accept traffic from the internet and send it on the site to the other tunnel. So 1 Web server would accept the ASA 1 internet traffic and Web Server 2 accept traffic from ASA 2 to the other site. Here's a network diagram:
We have difficulties to get this configuration works correctly. Please note that the network 192.168.3.0/24 clients are able to access the servers Web1 and Web2. This question seems to be due to our NAT configuration. This is the type of error, we see on the two firewalls:
Asymmetrical NAT rules matched for flows forward and backward; Connection for tcp src outside:4.4.4.4/443 dst outside:192.168.1.10/443 refused due to path failure reverse that of NAT
Our situation seems similar to this post: https://supportforums.cisco.com/thread/2242230
Any help would be appreciated.
Hello
What Karsten said above is true. While it is possible and works, it also means that the configuration is a little more complex to manage. I have done no such features in a real-life network environment and have always used additional public IP addresses on the local site when a server is hosted.
If you want to continue to move forward with this so here's a few points to consider and the configurations that you need.
First off it seems to me that the other server will be organized by the local Site 1 so a simple static PAT (Port Forward) must manage the Site 1.
network of the WEB-HTTP object
host 192.168.1.10
NAT (inside, outside) interface static tcp 443 443 service
And if you need TCP/80 also then you will need
network of the HTTPS WEB object
host 192.168.1.10
NAT (inside, outside) interface static service tcp 80 80
Now, 2 Site will naturally a little different that the server is hosted on the Site 1 and Site 2 is the public IP address used to publish the server on the external network.
Essentially, you will need to configure NAT that both makes dynamic PAT for the addresses of the source of the connection to your server Web 2, but also makes the static PAT (Port Forward) for the IP address of the Web Server 2. Additionally, you have to set the area of encryption on the Site 1 and Site 2 to match this new addition to the L2L VPN connection.
Unless of course you use an existing IP address on the field of encryption in the dynamic translation of PAT for the source address. In this case, it would take no change VPN L2L. I'll use that in the example below.
The NAT configuration might look like this
service object WWW
destination eq 80 tcp service
service object HTTPS
destination eq 443 tcp service
the object SOURCE-PAT-IP network
host 192.168.3.254
network of the WEB-SERVER-2-SITE1 object
host 192.168.1.11
NAT (outside, outside) 1 dynamic source no matter what static SOURCE-PAT-IP destination interface WEB-SERVER-2-SITE1 service WWW WWW
NAT (outdoors, outdoor), 2 dynamic source no matter what static SOURCE-PAT-IP destination interface WEB-SERVER-2-SITE1 service HTTPS HTTPS
So, essentially, NAT configurations above should ake 'all' traffic coming from behind 'outside' interface intended to "outside" "interface" IP address and translate the source to ' SOURCE-PAT-IP ' address and untranslate destination to "WEB-SERVER-2-SITE1".
Make sure that the IP address chosen (in this case 192.168.3.254) is not used on any device. If she is then replace it with something that is not currently used in the network. Otherwise, configure an IP address of some other subnet and include in the L2L VPN configurations on both sites.
Unless you already have it, you also have this configuration command to activate the traffic to make a U-turn/pin on the ' outside ' of the Site 2 ASA interface
permit same-security-traffic intra-interface
Hope this helps
Remember to mark a reply as the answer if it answered your question.
Feel free to ask more if necessary.
-Jouni
Tags: Cisco Security
Similar Questions
-
Not displaying PHP pages is not the Remote/Web server
All,
Be nice, faithful of DW. I'm a n00b this field as a whole and the use of PHP, DW, etc.. I have a few questions... I use ~ 2008 Macbook Pro DW5 and MAMP.
Put up my site with PHP files, got up a local test and running, got the Games records/requests to look and work the way that I love on my local server. In other words, the site is great locally. Signed up for bluehost to use my remote control, downloaded all the files correctly. BUT, when I went to see my site on the remote server, the php pages that are limited to members only are not displayed at all (HTTP 500 error). I guess that's not a mistake in coding that the pages display correctly on the local, but not the remote (therefore, a DB connection problem). Here's what I did to try to address.
- Exported local DB, imported remotely (so its structure / named exactly the same apart from the host-insterted characters entered)
- Activated my IP update remote site host cPanel (my C-class?)
The first line of PHP code on all these pages of restricted Member begins with:
<? php require_once('.. / Connections/TBO_Golf.php');? >
The "TBO_Golf.php" contains:
<? PHP
# FileName = "Connection_php_mysql.htm"
# Type = 'MYSQL '.
# HTTP = 'true '.
$hostname_TBO_Golf = "localhost";
$database_TBO_Golf = "TBO_Golf".
$username_TBO_Golf = "*"
$password_TBO_Golf = "*"
$TBO_Golf = mysql_pconnect ($hostname_TBO_Golf, $username_TBO_Golf, $password_TBO_Golf) or trigger_error (mysql_error (), E_USER_ERROR);
? >
Issue 1) -I'm sure that with the files on the remote server, run the script tries to connect to a 'localhost', which is causing my error. Can I change the settings in the connection file or in the connection window of database to what works for my remote server? I know what they are like a second connection to the remote database (so now I have one for local and remote), I created that I have to "Redo" queries by using the remote connection?
Question 2) Changes the settings as follows best practices when moving locally proved remotely (and test remote local to) regarding the display of dynamic pages? If not, what is?
Question 3) In my attempt to research, I read somewhere that DW can't handle multiple database connections at a time. I find it hard to believe, so is it true that?
If anyone can help, it will be greatly appreciated!
Thanks in advance!
SnakeEyez02,
Thanks for the reply. Very much appreciated!
(1) according to your answer, it seems that I have just to keep the name of the server as localhost, but just change the name of user and pword to match my remote user profiles?
(2) re-reading of this issue, I guess I wonder what are some best practices when going from local to remote? I guess the same things like maintaining username/pw for local remote control, import and export, for help. But I was more focused on the transfer of DB connections that operate on local to the remote control. I find that it is not as simple as transferring the entire site, import/export of the DB.
(3) sorry, wasn't clear on what I meant by multiple databases. He was referring to connect to the local computer and the remote control. It would be in the window "Database". So I run RS against either DB?
Thanks for the direction on the error log. I think I know where it is on the cPanel, so I hope it will shed light on the issue.
One last question... When I test the site locally and run off the coast of the local db, recordsets when I publish remotely, should I rewrite the recordsets to make reference to the distance db? Or can I just change the DB login information to access the remote versus local?
Thanks for your patience!
-
VPN error 868 the name of the remote access server is not resolved
I use Windows 7 Home Premium and you want to configure a VPN with my office network that uses the Check Point Safe@Office. I am unable to log in and get the error that does not resolve the name of the remote access server and Windows cannot find the host using DNS name. Any suggestions on what to try to fix the problem? I set up the VPN connection according to the instructions of our network administrator. We use XP in the office.
Hello
Welcome to the Microsoft answers siteThe question that you'd be better suited in the TechNet community. Please visit the link below to find a community that will provide the best support.
http://social.technet.Microsoft.com/forums/en-us/ForefrontedgeVPN/threadsIt may be useful
Thanks and greetings
Support Microsoft-dieng
Visit our Microsoft answers feedback Forum and let us know what you think
http://social.answers.Microsoft.com/forums/en-us/answersfeedback/threads/ -
ORA-17629: unable to connect to the remote database server
Hello
I have put Dataguard in place with primary and 1 physical standby for learning/test database:
I do NOT plan the unloading of RMAN backups on the physics of the day before.
Recorded the primary database with RMAN and when "resync catalog db_unique_name all;" is issued.
I get the following error:
---------------------------------------------------------------------------------------------------------------------
RMAN > catalog resync db_unique_name all;
from full resynchronization of the recovery catalog
full complete Resync
resynchronization of data base with DB_UNIQUE_NAME ASTTESTB
RMAN-00571: ===========================================================
RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
RMAN-00571: ===========================================================
RMAN-03002: failed to db_unique_name resynchronization command at 28/09/2011 11:34:23
ORA-17629: unable to connect to the remote database server
ORA-17628: Oracle 17629 error returned by remote Oracle Server
------------------------------------------------------------------------------------------------------------------
Configuration of RMAN for the main proceedings are the following:
RMAN > show all to db_unique_name asttest;
RMAN settings for database with db_unique_name ASTTEST are:
CONFIGURE RETENTION POLICY TO RECOVERY OF 7-DAY WINDOW;
CONFIGURE BACKUP OPTIMIZATION # by default
SET UP DEFAULT DISK DEVICE TYPE; # by default
CONFIGURE CONTROLFILE AUTOBACKUP # by default
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO "%F" # by default
SET UP THE DEVICE TYPE DISK PARALLELISM 1 BACKUP BACKUPSET TYPE; # by default
CONFIGURE BACKUP OF DATA TO DISK FILE TYPE DEVICE TO 1; # by default
CONFIGURE BACKUP ARCHIVELOG FOR DEVICE TYPE DISK TO 1; # by default
CONFIGURE MAXSETSIZE TO UNLIMITED; # by default
CONFIGURE ENCRYPTION OF DATABASE # by default
CONFIGURE THE ENCRYPTION ALGORITHM "AES128"; # by default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AND 'DEFAULT' LIBERATION OPTIMIZE FOR TRUE LOAD; # by default
CONFIGURE DB Nom_unique "asttest" CONNECT IDENTIFIER ' ASTTEST. UMDNJ. EDU'; _
CONFIGURE DB "Asttestb" of nom_unique CONNECT IDENTIFIER "asttestb"; _
CONFIGURE ARCHIVELOG DELETION POLICY TO APPLIED ON ALL STANDBY;
CONFIGURE SNAPSHOT CONTROLFILE NAME TO ' / opt/oracle/product/11.2.0/dbhome_1/dbs/snapcf_asttest.f'; # by default
Configuration of RMAN for instance physical standby are:
RMAN > show all to db_unique_name asttestb;
RMAN settings for database with db_unique_name ASTTESTB are:
CONFIGURE RETENTION POLICY TO RECOVERY OF 7-DAY WINDOW;
CONFIGURE BACKUP OPTIMIZATION # by default
SET UP DEFAULT DISK DEVICE TYPE; # by default
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO "%F" # by default
SET UP THE DEVICE TYPE DISK PARALLELISM 1 BACKUP BACKUPSET TYPE; # by default
CONFIGURE BACKUP OF DATA TO DISK FILE TYPE DEVICE TO 1; # by default
CONFIGURE BACKUP ARCHIVELOG FOR DEVICE TYPE DISK TO 1; # by default
CONFIGURE MAXSETSIZE TO UNLIMITED; # by default
CONFIGURE ENCRYPTION OF DATABASE # by default
CONFIGURE THE ENCRYPTION ALGORITHM "AES128"; # by default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AND 'DEFAULT' LIBERATION OPTIMIZE FOR TRUE LOAD; # by default
CONFIGURE DB Nom_unique "asttest" CONNECT IDENTIFIER ' ASTTEST. UMDNJ. EDU'; _
CONFIGURE DB "Asttestb" of nom_unique CONNECT IDENTIFIER "asttestb"; _
CONFIGURE ARCHIVELOG DELETION POLICY TO APPLIED ON ALL STANDBY;
CONFIGURE SNAPSHOT CONTROLFILE NAME TO ' / opt/oracle/product/11.2.0/dbhome_1/dbs/snapcf_asttest.f'; # by default
----------------------------------------------------------------------------------------------------------------------
When I tested missing missing datafile and control file scenario on the primary database, it worked (Advisor to recover data)
However, missing datafile scenario does not work on the physics of the day before.
Here are the steps I followed:
********************************************
1 renamed a file of physical data - in standby mode:
bash - $3.2 ls - ltr
Total 107832
-rw - r - 1 oracle oinstall 52429312 16 September 12:19 asttest_redo03.log
-rw - r - 1 oracle oinstall 61874176 Sep 29 15:41 asttest_temp01.dbf
-rw - r - 1 oracle oinstall 52436992 5 Oct 11:00 rmandg_data01.dbf
bash - $3.2 mv rmandg_data01.dbf rmandg_data01.dbf_old
bash - $3.2 ls - ltr
Total 107832
-rw - r - 1 oracle oinstall 52429312 16 September 12:19 asttest_redo03.log
-rw - r - 1 oracle oinstall 61874176 Sep 29 15:41 asttest_temp01.dbf
-rw - r - 1 oracle oinstall 52436992 5 Oct 11:00 rmandg_data01.dbf_old
2. restore the datafile (find the data file # view v$ recover_file):
RMAN > restore datafile 5;
From restoration to 5 October 11
Segmentation fault
3. in spite of the error, published "recover datafile command.
4 RMAN > recover datafile 5;
From pick up to 5 October 11
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID = 10 type of device = DISK
RMAN-00571: ===========================================================
RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
RMAN-00571: ===========================================================
RMAN-03002: failure of the command recover at 05/10/2011 12:00:40
RMAN-06094: datafile 5 must be restored.
5. manually copy the physical primary datafile - in standby mode, & then problem recover RMAN command:
bash - $3.2 scp oracle@msudrainier:/ora03/oradata/asttest/rmandg_data01.dbf.
rmandg_data01.dbf 100% 50 MB 16.7 MB/s 00:03
bash - $3.2 ls - ltr
Total 159096
-rw - r - 1 oracle oinstall 52429312 16 September 12:19 asttest_redo03.log
-rw - r - 1 oracle oinstall 61874176 Sep 29 15:41 asttest_temp01.dbf
-rw - r - 1 oracle oinstall 52436992 5 Oct 11:49 rmandg_data01.dbf_old
-rw - r - 1 oracle oinstall 52436992 5 Oct 12:01 rmandg_data01.dbf
RMAN > recover datafile 5;
From pick up to 5 October 11
using channel ORA_DISK_1
RMAN-00571: ===========================================================
RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
RMAN-00571: ===========================================================
RMAN-03002: failure of the command recover at 05/10/2011 12:01:59
RMAN-06067: RECOVER the DATABASE required with a backup control file or created
6. of course RMAN commands have failed to restore the missing data file;
So I renamed the file to original and rebooted repeat services applies - this restore the data file and now the configuration state of the DG is normal.
*********************************************************************************
Not quite sure if I'm still he hands the right way or if the error above is related to RMAN not able to synchronize with the physics of the day before.
The documentation I want to talk to is here (1 paragraph):
[http://download.oracle.com/docs/cd/B28359_01/server.111/b28294/rman.htm#BAJDFBDD | http://download.oracle.com/docs/cd/B28359_01/server.111/b28294/rman.htm#BAJDFBDD]
Any pointers/direction and advise is greatly appreciated.
Best regards
NKI got it!
/home/oracle:STANDBY >$ORACLE_HOME/bin/rman target sys/
catalog / @rcatalog Recovery Manager: Release 11.2.0.1.0 - Production on Fri Oct 7 14:12:10 2011 Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved. connected to target database: PRIMARY (DBID=1562898590, not open) connected to recovery catalog database RMAN> resync catalog from db_unique_name all; resyncing from database with DB_UNIQUE_NAME PRIMARY starting full resync of recovery catalog RMAN output not resynced for database with DB_UNIQUE_NAME PRIMARY full resync complete If the necessary connection string a target/sys and a catalogue
RMAN target sys /
catalog / @rcatalog I did my standby
Will try the primary
Best regards
mseberg
Work on both. Great question!
connected to target database: PRIMARY (DBID=1562898590) connected to recovery catalog database RMAN> resync catalog from db_unique_name all; starting full resync of recovery catalog full resync complete resyncing from database with DB_UNIQUE_NAME STANDBY RMAN output not resynced for database with DB_UNIQUE_NAME STANDBY RMAN>
Published by: mseberg on October 7, 2011 14:16
Thanks a ton for sticking to it. I'll add this little thing to my web site.
Published by: mseberg on October 7, 2011 14:22
-
Cannot connect to the integrated Web server
I have a HP p1606dn printer I need to change the IP address. I can't connect to SAP by using the IP address of the printer configuration page. I also tried on a work of the same model printer and cannot connect. I can't understand what I'm doing wrong. I type in xxx.xxx.xx.xxx in the address bar in Internet Explorer which is supposed to be an approved browser. Thank you!
If the Web integrated printer server does not load when the IP address is entered, then means generally is not a direct path between the printer and the computer is trying to access.
You mentioned that you must change the IP address. What is the reason for this change? The network IP addressing scheme changed so that the PC and the printer may appear as on different networks?
I don't know if it will work in your particular situation, because it depends on whether or not it has access to an Ethernet connection. You could try the connected printer to an Ethernet port which would be on the same network as the PC and then access it by IP addressed assigned to the Ethernet address. Once the integrated Web server load, you can manually set the wifi information and then return to the wifi.
-
Getting error: cannot run on the development web server configured
I installed Visual studio 2012 and IIS 7 on Windows 7 Ultimate version. I get the error message 'Cannot run on the development Web server configured' and 'Impossible to run IIS Express' when I tried to run a web application from VS2012. If anyone knows how to fix it please tell me.
Hello
It is not a community forum for VS.
Try the Visual Studio Forums
Visual Studio development category:
http://social.msdn.Microsoft.com/forums/en-us/category/VisualStudioDon
-
DOUBLE DB: ORA-17629: unable to connect to the remote database server
[oracle@ora11g1 ~] $ export ORACLE_SID = sales
[oracle@ora11g1 ~] $ rman target sys/sales@sales
Recovery Manager: release 11.2.0.1.0 - Production Wed Jun 5 13:00:15 2013
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: SALES (DBID = 690066655)
RMAN > Connect auxiliary sys/salestby2@salestby2
connected to the auxiliary database: SALES (not mounted)
RMAN > CURRENT SPFILE DATABASE of TARGET duplicate FOR THE EVE OF the DATABASE
2 > DB_NAME SET = 'sales '.
3 > SET DB_UNIQUE_NAME = "salestby2".
4 > control_files='/u02/oradata/salestby2/control01.ctl','/u02/oradata/salestby2/control02.ctl SET'
5 > SET DB_FILE_NAME_CONVERT = "/ u02/oradata/sales /", "/ u02/oradata/salestby2 / '.
6 > SET LOG_FILE_NAME_CONVERT = "/ u02/oradata/sales /", "/ u02/oradata/salestby2 / ';
From duplicate Db 5 June 13
using the control file of the target instead of recovery catalog database
allocated channel: ORA_AUX_DISK_1
channel ORA_AUX_DISK_1: SID = 20 type of device = DISK
content of Script memory:
{
backup that copy reuse
TargetFile ' / auxiliary format of the u01/app/oracle/product/11.2.0/dbhome_1/dbs/orapwsales
' / u01/app/oracle/product/11.2.0/dbhome_1/dbs/orapwsalestby2' targetfile
' / u01/app/oracle/product/11.2.0/dbhome_1/dbs/spfilesales.ora' auxiliary format
' / u01/app/oracle/product/11.2.0/dbhome_1/dbs/spfilesalestby2.ora';
clone of SQL 'alter system set spfile = "/u01/app/oracle/product/11.2.0/dbhome_1/dbs/spfilesalestby2.ora";
}
execution of Script memory
From backup 5 June 13
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID = 58 type of device = DISK
RMAN-03009: failure of the backup command on the channel ORA_DISK_1 at 05/06/2013 13:05:26
ORA-17629: unable to connect to the remote database server
ORA-17627: ORA-01017: name of user and password invalid. connection refused
ORA-17629: unable to connect to the remote database server
continue other job steps, not a not working will not re-run
RMAN-00571: ===========================================================
RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
RMAN-00571: ===========================================================
RMAN-03002: failure of Db in dual at 05/06/2013 13:05:27
RMAN-03015: an error has occurred in the script stored memory Script
RMAN-03009: failure of the backup command on the channel ORA_DISK_1 at 05/06/2013 13:05:27
ORA-17629: unable to connect to the remote database server
ORA-17627: ORA-01017: name of user and password invalid. connection refused
ORA-17629: unable to connect to the remote database serverWelcome to the oracle forums!
Please take the time to go through [url https://forums.oracle.com/forums/ann.jspa?annID=1535] FAQ PAGE
Always after 4 version oracle numbers and details of the OS.
Post any request outside has put between.
\
Tags
Mark your questions answers if you give the answer
Password for the SYS user on primary and standby must be the same. Copy the master password for the backup server
SCP $ORACLE_HOME/dbs/orapwv112
: /u01/app/oracle/product/11.2/dbs/orapwdupv112 -
What is the function of the IOS minimum set required for VPN site-to-site software?
Hi guys,.
I have a Cisco 1841 router to do a VPN site-to site. I would like to know what is the function of the IOS minimum set required for VPN site-to-site software?
Thanks in advance.
Hi Ja,
Advanced security or more should do it. The version of the IOS, you can try later 12.4 T which is c1841-advsecurityk9 - mz.124 - 24.T5.bin, in which case you don't want to go to 15.1 still.
I hope this helps.
Raga
-
Customer remote cannot access the server LAN via VPN
Hi friends,
I'm a new palyer in ASA.
My business is small. We need to the LAN via VPN remote client access server.
I have an ASA5510 with version 7.0. I have configured remote access VPN and it can establish the tunnel with success. But I can not access the server.
Client VPN is 5.0.07.0290 version. Encrypted packages have increased but the decrypted packet is 0 in the VPN client statistics, after I connected successfully.
Next to the ASA, I show crypto ipsec sa, just deciphering the packets increase.
Who can help me?
Thank you very much.
The following configuration:
ASA Version 7.0(7)
!
hostname VPNhost
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 10
ip address 221.122.96.51 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.42.199 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
ftp mode passive
dns domain-lookup inside
access-list PAT_acl extended permit ip 192.168.42.0 255.255.255.0 any
access-list allow_PING extended permit icmp any any inactive
access-list Internet extended permit ip host 221.122.96.51 any inactive
access-list VPN extended permit ip 192.168.42.0 255.255.255.0 192.168.43.0 255.255.255.0
access-list VPN extended permit ip 192.168.43.0 255.255.255.0 192.168.42.0 255.255.255.0
access-list CAPTURE extended permit ip host 192.168.43.10 host 192.168.42.251
access-list CAPTURE extended permit ip host 192.168.42.251 host 192.168.43.10
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool testpool 192.168.43.10-192.168.43.20arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list VPN
nat (inside) 1 access-list PAT_acl
route outside 0.0.0.0 0.0.0.0 221.122.96.49 10
username testuser password 123
aaa authentication ssh console LOCAL
aaa local authentication attempts max-fail 3no sysopt connection permit-ipsec
crypto ipsec transform-set FirstSet esp-des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp nat-traversal 3600
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
tunnel-group testgroup ipsec-attributes
pre-shared-key *
telnet timeout 5ssh timeout 10
console timeout 0: end
Topology as follows:
Hello
Configure the split for the VPN tunneling.
Create the access list that defines the network behind the ASA.
ciscoasa(config)#access-list Split_Tunnel_List remark The corporate network behind the ASA. ciscoasa(config)#access-list Split_Tunnel_List standard permit 10.0.1.0 255.255.255.0
Mode of configuration of group policy for the policy you want to change.
ciscoasa(config)#group-policy hillvalleyvpn attributes ciscoasa(config-group-policy)#
Specify the policy to split tunnel. In this case, the policy is tunnelspecified.
ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified
Specify the access tunnel split list. In this case, the list is Split_Tunnel_List.
ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List
Type this command:
ciscoasa(config)#tunnel-group hillvalleyvpn general-attributes
Associate the group with the tunnel group policy
ciscoasa(config-tunnel-ipsec)# default-group-policy hillvalleyvpn
Leave the two configuration modes.
ciscoasa(config-group-policy)#exit ciscoasa(config)#exit ciscoasa#
Save configuration to non-volatile RAM (NVRAM) and press enter when you are prompted to specify the name of the source file.
Kind regards
Abhishek Purohit
CCIE-S-35269 -
Use the remote website via VPN site-to-site
Hi all
We have two sites, the site has and B. At site A, we have a Web site we want to share with all of site B. Currently, site B can access the site via the VPN site-to site on X 0, which is their LAN. Nothing outside X 0 cannot access or ping to the address.
We added access rules to allow access from the DMZ to this interface, but again, no ping and no communication at all. The other strange thing is that we see that no trip package for these access rules either.
Any help is appreciated. Thank you.
It seems that the demilitarized zone is not part of the VPN tunnel.
Can you confirm that the DMZ subnet is part of local destinations on the site B and a part of the local destinations on site?
Kevin
-
Abstract WSDL for the remote Web (outside of the SOA platform) service?
Hello
I use a remote Web service which is based WSDL. I noticed in our development environment that when the server restarts if remote WSDL endpoint is not available, my composite goes into invalid state, even if the actual WSDL file is located in the project.
I use MDS to another inter composite dependencies, but this service is outside of the SOA platform, so how can I create an abstract WSDL and use it via MDS to avoid invalid state?
Currently I have the WSDL of localized real distance and a wrapper WSDL generated external Web service framework.
Thank you.
Hello
If the wsdl file has been copied to the project, it shouldn't go invalid, check if there are imports in the wsdl file that may be pointing to remote, as sites of patterns... You will need to locate those as well...
See you soon,.
Vlad
-
Problem with Installation of the Siebel Web Server Extension
Hello
IAM trying to install Siebel 8.1 on my pc... In fact its installed successfully... but due to some other reasons (to increase disk space on the C drive) I uninstalled it.
Clean registry and deleled installation folder files. but when I am trying to reinstall it cannot go further to Siebel Web Server Extension. He stopping at the beginning... and the error is
"Cannot find table.txt from the previous installation.
Setup cannot continue.
java.io.FileNotFoundException:
"c:\sba\SWEApp\_uninst\eappweb\table.txt (the system cannot find the path specified).
I uninstalled everything that he and cleaned the registry keys as well.
could you please help me how to fix this error...?Hello
Assuming you are using windows 2003 and you have not installed another siebel server software, go to c:/windows folder, make a backup of the current vpd.properties file, remove it and restart your installation again. file VPD. Properties is created by installshield to keep track of the facilities. It is always good to have a backup in case you have problems installing. Support.oracle.com Doc ID 520528.1 has more information on this file.
It will be useful,
Wilson
-
to connect to the ColdFusion web server
I just installed Dreamweaver CS 6 and I would like to configure my web server, but can not find the place to connect to the server.
Can you please advice how to configure my Dreamweaver to work to connect to the web server?
Your information and help is much appreciated,
Kind regards
Iccsi,
Use F1 help function from DW to know more on how configure your site for remote server definition so that it can do a FTP/network connection at the remote site: what do you mean?
-
located outside the firewall Web server
Excuse me guys, I didn't know where to ask this question.
I was a form that would send an email when you click on send,.
but this requires a SMTP on your webserver right
I had a quick conversation with this Department and I was told that I could not at present
because the web server has no SMTP because it was outside the firewall.
We have a mail server to the INSIDE of the firewall (I don't know a lot of combat and firewall servers)
but since it is inside and the web server on the side of ther of the firewall could not get to the mail server and so he could not send emails.
They say that it is possible to open an smtp on the web server, but that he would make us vulnerable to spam or virus attacks, and we would be blocked.
which is something we don't really want to, last time that's happened that it costs a lot of money to repair.
I ask you, you know for sure
how we could send this form emails to a specific e-mail (it would also be a specific e-mail title as is the same as always, it's a form)
I was thought mybe that SMTP can be assigned to only send emails with this title and those specified e-mails.
or is there a way that form could access the mailservber we have inside the firewall to send emails?
Or is there a way to protect computers against sending spam / virus.
Because the firewall filter information from the smtp Protocol, if we go around to the firewall with it.
IM really lost in all of this, but I'm looking for solutions
IM reading right now o webbout firewalls, but if someone is experienced with this kind of stuff
Please share some light
Thanks to you all!
Only 2 ways that you can solve this problem.
1. set up something like recaptcha ( http://www.google.com/recaptcha ) and say that the it Department you take reasonable measures to ensure the spam is reduced to the minimum. And talk about them, there are things such as the anti-spam filters hardware like these of Barracuda ( http://www.barracudanetworks.com/ns/products/spam_overview.php ), which can also be used to reduce the spam in addition to the anti-spam software filters, which can also be installed. If they have these in place already and are still worried, tell them they are being paranoid.
2. do not send forms to an e-mail address. Send to an administration Web page. This would require setting up an administrative area and a database store applications and, yet, some measures of basic security for the appropriate data types are entered, and then you can respond through this type of system.
Personally, I would recommend method 1. There is no reason at this time, why there no moderate protection against spam and viruses.
-
Where can I find the integrated Web server for a Photosmart 7520?
I want to change the password for direct printing and the touch screen says change in SAP. Where the built-in Web server?
The SAP is the built-in Web server. It is the internal Web site created for the printer when connected to a network.
To access SAP:
* Get the IP address of the printer from the control panel of the unit
* Web open favorite, program navigation
* Type the IP address in the URL bar and press ENTER to access the pageLet me know if you need more information.
Maybe you are looking for
-
I lost my iphone, but when I use app 'find my iphone', it only shows my ipad.
When I connect to itune (apple ID), it shows 2 devices; iPad and iphone. However, when I try to use the "Find my iphone" app, it shows only my ipad ;-( I think that I lost on the bus, when I called customer service to inform them and told them that m
-
Play65 doesn't ' work why?
Play65 doesn't ' knit 6 days why?
-
Poor sound quality - Dell Inspiron 15 77537
Hi all I recently bought a Dell Inspiron 15 7537 i7-4510U, 16.6 "Touch. It had Windows 8.1 in it. It works great so far, aside from a BIG problem - the quality of audio playback is terrible. When I try to listen to music, I mean hardly any lower-end
-
vNIC/vHBA UCS 1.4.2b Placement
Hi all I found that the configuration for the vNIC/vHBA investment option is changed. In point 1.4.1 there are only 2 Vcons(4) is the B440M1 blade. But now, when I upgraded 1.4.2b UCS, there are 4 Vcons(4) see room for blades of same. Can someone exp
-
HP 15-f233wm: update Realtek RTL 8188EE HP 15-f233wm
Human beings he has an Intel Celeron processor, it is possible to upgrade the module WLAN, to include one that has Bluetooth capabilities? The vehicle currently has 8188EE Realtek RTL module. Thank you Nelse