Physical P2V DMZ web server Esxi 5, 5-how.

Similar Questions

• No NAT DMZ web server when you access by internal users

  How can I create an exception to allow users to access a web server on port 80 in the demilitarized zone inside? They cannot do that now because, in my view, the server goes through a NAT the public address, so how can I set up where a request from inside on port 80 on this server will not translate the IP of the server to a public IP address (via NAT)?

  static (i, dmz) internal_net internal_net /xx

  The CCIE Security

• DMZ web server-> inside the database server

  Suppose that a network topology looks like this:

  A PIX with 3 interfaces:

  interface (private public static IP 10.10.10.1)

  interface (public static IP of 69.110.38.35)

  interface (static IP private address of the 30.30.30.1)

  --------------------------------------------

  The internal network has a {server} with the IP address of 10.10.10.2.

  The DMZ has a {web server} with the IP address of 30.30.30.2.

  I will welcome external guests (outside) access to the web server (30.30.30.2) via port 80.

  This web server access turn the database server (10.10.10.2).

  Assume that all other commands are issued. Then, I'll create an access list that allows server WWW DMZ to communicate with inside the database server.

  access-list dmz-to-inside permit tcp host 30.30.30.2 host 10.10.10.2 eq 1521

  Should I publish the following, too:

  (1) access-list dmz permit tcp host 30.30.30.2 no matter what 80 eq

  (2) access-group in interface dmz dmz

  (3) static (inside the dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

  xlate clear 4)

  If so, what each of them do?

  Thank you for helping.

  Scott

  1. Yes, the static statement "10.10.10.0 static (inside, dmz) 10.10.10.0 netmask 255.255.255.0" will disable NAT. Although it is not necessary to disable nat, however, it saves money and simple to manage. the reason for this is the traffic between the dmz and inside is private, there is therefore not necessary to apply the public ip address.

  2 pix receives the package intended to 30.30.30.2 10.10.10.2. PIX examines the static statement and based on the static above statement, pix will not nat package (i.e. pix will leave the soruce address be) and send it to 30.30.30.2 via the interface of the demilitarized zone.

  for example

  original package - source 10.10.10.2, destination 30.30.30.2

  After pix - source 10.10.10.2, destination 30.30.30.2

  3. the "Clear xlate" command must be issued whenever the nat/global or static has been added/deleted/modified. This command is to force the pix to clear the existing ip translation.

  for example, before you add the command "static 1.1.1.1 (indoor, outdoor) 192.168.1.100 netmask 255.255.255.255", the pix may already have an ip 192.168.1.100 translation (it might come from the nat/global). now, after you apply the static command, the pix will keep the existing translation for a certain period time. 'clear xlate' is needed to erase the old translation and so to activate the new static statement.

• New server ESXi 5.5 - How do I know what my score /scratch physical device is on?

  I went to this page - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1014953

  But unfortunately, it is not described how to match the UUID to a physical device.

  For example, our server has two cards SD with ESXi embedded installed and a RAID 1 of the 2 SATA drives.

  My boss asked me to make sure that the /scratch location is set to the spinning disks, rather than SD cards.

  I can see what VMFS/volume/my /scratch up to, but I have no idea if this volume is on the SD card or the RAID 1 spinning disk.

  I can't find a command that lists each UUID on each physical disk.

  It does not help that I'm not much more than a linux guru. =/

  Hi PeterBollwerk,

  Steps below should show you the location of the scratch on your esxi host. in this example, my esxi is executed in a double SD card in mirror.

  ~ # ls - ltr

  -r - r - r - 1 root root 300060 23 March 2013 bootpart.gz

  lrwxrwxrwx 1 root root 17 March 23, 2013->/locker/vmupgrade vmupgrade

  drwxr-xr-x 1 root root 512 12 Feb 09:58 vmimages

  drwxr-xr-x 1 root root 512 12 Feb 09:58 vmfs

  drwxr-xr-x 1 root root 512 12 Feb 09:58 var

  drwxr-xr-x 1 root root 512 12 Feb 09:58 usr

  drwxr-xr-x 1 root root 512 12 Feb 09:58 tardisks.noauto

  drwxr-xr-x 1 root root 512 12 Feb 09:58 tardisks

  drwxr-xr-x 1 root root 512 12 Feb 09:58 opt

  drwxr-xr-x 1 root root 512 12 Feb 09:58 mbr

  drwxr-xr-x 1 root root 512 12 Feb 09:58 lib64

  drwxr-xr-x 1 root root 512 12 Feb 09:58 lib

  drwxr-xr-x 1 root root 512 12 Feb 09:58 bin

  lrwxrwxrwx 1 root root 49 12 February 09:59 store->/vmfs/volumes/52fb429d-994d220a-479f-18a99b4c7caf

  lrwxrwxrwx 1 root root 49 12 Feb 09:59 bootbank->/vmfs/volumes/92a34de2-91752a9b - 98b 3 - d172a66e7716

  lrwxrwxrwx 1 root root 49 12 Feb 09:59 altbootbank->/vmfs/volumes/4eb69ee7-d8084e62-87e9-ff614e70bdf4

  lrwxrwxrwx 1 root root 12 Jan 12 09:59 scratch-> / tmp/scratch

  lrwxrwxrwx 1 root root 22 Feb 12 09:59 productLocker-> /locker/packages/5.1.0

  lrwxrwxrwx 1 root root 6 Feb 12 09:59 locker-> / store

  drwxr-xr-x 1 root root 512 12 Feb 09:59 sbin

  drwxrwxrwt 1 root root 512 21 Feb 12:06 tmp

  drwxr-xr-x 1 root root 512 21 Feb 12:06 etc.

  drwxr-xr-x 1 root root 131072 21 Feb 12:07 proc

  drwxr-xr-x 1 root root 512 21 Feb 12:07 dev

  ~ # vmkfstools Pei/tmp/scratch

  file system of visorfs-1, 00 extending on 1 partition.

  File system label (if applicable):

  Mode: private

  Capacity 1556017152 (blocks of files 379887 * 4096), 1127976960 (275385 blocks) prevail

  UUID: 00000000-00000000-0000-000000000000

  Partitions split (on "notDCS"):

  memory

  Instant native is Capable: No.

  In case if you have not configured your esxi to put beads on a persistent scratch location, it remains in memory.

  Hope this helps you.

  Thank you and best regards,

  Shrikant Germain

• Move the physical disk to another server ESXi

  Hey guys,.

  I copied a virtual computer to another physical disk on my ESXi server.

  Is it possible to take the disk and move it physically

  Another ESXi machine and see the data existing on the second ESXi store

  Server?

  We were doing the initial test on a test machine. Now I want to move the virtual machine to a server better

  with a raid array. I know that I can use

  SCP, but I prefer not bogged down my network file copy 100 gig.

  When I physically move the disc I can see on the second

  machine. But I don't know how to add it in

  storage. When I use the wizard, I get a

  WARNING: it will wipe the data.

  Thank you

  Should be possible, but you may need to activate volume resignaturing on ESXi in so he could see the new drive.  Search the VMware KB for "will esx" and you should be able to find an article that explains how to...

• CF 11 Enterprise install App Server and IIS 8.5 on Web server (different material)

  Hi all.

  Facing a problem of configuration to set up here.  We have the application inside the firewall server and we will have on the DMZ Web server and this web server has to forward the requests to the server see

  I installed cfusion instance HTTP Port 8500 remote Port 8010 host is a local host, with no cluster.  We will have other forums as a result of a port in addition to HTTP and distance on the line.

  So now the question is how to run the connector.  If I run the embedded {cfroot}/cfusion/runtime/bin/wsconfig.exe, it shows localhost as server applications, well, the web server must be IIS, but on another IP address NOT this server, so that the OK button remains grey.

  You would think that you would need to run the connector on the Web server, right?  Well, I do not have CF installed on it, nor do I intend install on my web server, so how do I get on the Web server connector.

  I read a post on taking a wsconfig.jar and pulling the DLL and others, but it is with JRun 8 CF, CF 11 and not IIS 8.5.  Maybe it's the method that I need to follow, but seems to be the new land that has never been displayed in the CF community.  I like to think I'm 'special' but really?  I'm the first to have this set up the configuration, and no one has posted a BLOG about it.  Looks strange OR I'm totally missing something.

  Please let me know any suggestions on how to move forward.

  Running on window server 2012 R2 for CF Application Server and the Web server.  CF 11 E update 3.

  ColdFusion 11 environment distributed for connector with all sites:

  1. install ColdFusion11 on the other server.

  2. Once you install CF11, then copy the jar file "wsconfig.jar" from this location C:\ColdFusion11\cfusion\runtime\lib on the IIS server.

  3. configure IIS in the other server. You need to enable the following features at the IIS level only.

  ISAPI extensions

  ISAPI filters

  CGI

  ASP .NET

  5 ColdFusion11 server to connect to the Web server via the Port connector, which is located in the server.xml file. You can find this file in the C:\ColdFusion11\cfusion\runtime\conf, once you open the file server.xml, this is the port that you want.

  Example: -.

  6. Once you check everything in ColdFusion server, then return to the IIS Web server computer.

  7. the wsconfig.jar file which you copied in this server, rename the .jar to .zip file extension an excerpt it.

  [8. create a file with the same structure here magic C:\ColdFusion11\config\wsconfig\{Magic_Number}--[nombre would be 1, 2, 3... n]

  {9. now go to the extracted folder wsconfig and check this isapi_redirect.dll, copy the DLL to the folder C:\ColdFusion11\config\wsconfig\{Magic_Number}. If you have 32-bit 32-bit copy if you have 64-bit DLL and then copy 64 bit DLL.

  Location of the DLL in the extracted folder

  The 64-bit IIS DLL is located in connector\isapi\intel-win64\prebuilt\amd64\isapi_redirect.dll

  The 32-bit IIS DLL is in connector\isapi\intel-win\prebuilt\isapi_redirect.dll

  10. in the same folder of magic_number create a 'isapi_redirect.properties' file and copy this content. Now, the location and the magic_number might be different.

  extension_uri = /jakarta/isapi_redirect.dll

  Log_file = C:\ColdFusion11\config\wsconfig\1\isapi_redirect.log

  LOG_LEVEL = info

  worker_file = C:\ColdFusion11\config\wsconfig\1\workers.properties

  worker_mount_file = C:\ColdFusion11\config\wsconfig\1\uriworkermap.properties

  iis_buffer_enable = true

  ip_restriction_file = C:\ColdFusion11\config\wsconfig\1\iprestriction.properties

  AUTH_COMPLETE = 1

  11. create another file 'uriworkermap.properties' and copy the content slot

  / cfformgateway / * = cfusion

  / CFFormGateway / * = cfusion

  / flex2gateway / * = cfusion

  /flex2gateway = cfusion

  / cffileservlet / * = cfusion

  / CFFileServlet / * = cfusion

  / cfform-internal / * = cfusion

  / flashservices/gateway / * = cfusion

  / flex-internal / * = cfusion

  rest / / * = cfusion

  /*. CFML / * = cfusion

  /*. MXML = cfusion

  /*. As = cfusion

  *.cfm = cfusion

  /*. Ft3/min = cfusion

  /*. Ft3/min = cfusion

  / * .cfm / * = cfusion

  *.swc = cfusion

  /*. CFML = cfusion

  /*. CFML = cfusion

  /*. CFML = cfusion

  /*. CFC = cfusion

  /*. CFC = cfusion

  /*. CFC = cfusion

  / * .cfc / * = cfusion

  /*. CFR = cfusion

  *.cfswf = cfusion

  /*. SWS = cfusion

  *.jsp = cfusion

  *.hbmxml = cfusion

  12. create another file "workers.properties" and copy this content

  Worker.List = cfusion

  Worker.cfusion.type = ajp13

  Worker.cfusion.Host = localhost

  Worker.cfusion.port = 8014

  Worker.cfusion.max_reuse_connections = 250

  13. now go to a folder that is C:\ColdFusion11\config\wsconfig and copy the "cfwin32.dll". Location

  wsconfig\connectors\installers\intel-win\prebuilt\cfwin32.dll

  wsconfig\connectors\installers\intel-win64\prebuilt\cfwin32.dll

  14 create a file 'wsconfig.properties' and copy the sub content. Number of bits could be changes to 32 bit if you use the 32-bit environment, this file contains site information and the IIS connector. I created this article that you configure the connector with ALL IIS sites, so set below will work.

  1 = IIS, 0, true, "", bitness64 "

  1.SRV = localhost, cfusion

  15. now that we have created all the files and folders. We will add the IP address of the machine ColdFusion11 if IIS can communicate with CF11. There are 2 places to add the IP address.

  a. "workers.properties" file, where is written "localhost" replaced by the IP address and

  b. "wsconfig.properties" where is also said to replace localhost with the IP address of the machine ColdFusion11.

  16. now we must work on IIS services manager, then start the IIS Manager. We will make any changes to the IIS server and when we restart IIS, it inherits all the mappings Manager and filter ISAPI in all sites.

  17. click on the server and then click handler mapping. Add a script mapping and Add .cfm, .cfc, .cfml, .cfr, and .cfswf managers and then point it to this DLL. C:\ColdFusion11\config\wsconfig\1\isapi_redirect.dll.

  Click request restrictions, select Invoke and select the files and folders, and Ok. In the right pane, click Edit feature authorization select run.

  Example: Ask the path:-*.cfm

  Executable:-C:\ColdFusion11\config\wsconfig\1\isapi_redirect.dll

  Name:-cfmHandler

  NOTE: Add these Manager you will use not all add them.

  18. click on IIS server and select default Document and add index.cfm as default document.

  19. click on IIS server and select ISAPI and CGI Restriction, select Add and 'ISAPI and CGI path' 'C:\ColdFusion11\config\wsconfig\1\isapi_redirect.dll', Description "tomcat_All". Check Allow extension path to run and press Ok.

  Click on change the function parameter in the right panel and check both boxes.

  20. click on IIS server and select the ISAPI filters and add a filter name 'tomcat' and the executable file "C:\ColdFusion11\config\wsconfig\1\isapi_redirect.dll".

  21 now, add you a virtual directory to each site else it won't work. To add a directory virtual right click on your Web site and add a virtual directory. Alias name "jakarta" and the physical path "C:\ColdFusion11\config\wsconfig\1\isapi_redirect.dll" press Ok.

  Follow this step with the same Alias and path even to all Web sites.

  22 restart the IIS service, and run any ColdFusion page. It will work.

• Web server on ESXi terribly slow! same fee install works uber quickly on a single physical server.

  I have created a virtual machine and allocated 4gig of RAM, 2 cpu and no limit on the CPU usage.

  Freshly installed Centos5 and LAMP. Installed joomla with default content.

  Browsing the site is TERRIBLY slow... I'm talking molassas.

  Now, until people start blaming joomla, I had exactly the same fees installed on a physical server with less specs (only 1 GB of ram and 1 cpu) and it is lightning fast.

  Both are on the exact same network. And the ESXi server has only a current PBX VM to run other then the Web server. I have hordes of resources left and available on the ESXi server.

  I can not quite understand what the problem is or could be. She has available resources and doesn't have 1 million waiting to go through the server process. My Network (2) cards are defined in tandum (I guess that the combination of network cards?) this should not be a problem?

  It's just the way the esxi manages the inbound and outbound traffic? Is this normal? The only thing I can reduce to is 1) the esxi way itself works. (2) the esxi way treats my network cards and or traffic

  What are the specifications of the ESX Server - hardware and CPU? Are there other virtual machines running on ESX Server? Have you tried running with one virtual CPU virtual machine?  It is advisable to start with a single vCPU and add vCPUs only if it is necessary, or if you have empirical evidence that it is necessary - it has to do with how the virtual processors are programmed.

  If you find this or any other answer useful please consider awarding points marking the answer correct or useful

• PIX with H & S VPN DMZ hosting web server to the hub

  Ok

  Heres a problem which I think would be quite common for these even remotely conscious of security. Unfortunately, my knowledge of the PIX (as well as other Cisco devices) is still in phase of 'growth '.

  So, here's the problem. I have a WAN put in place with PIXen and SonicWalls, we are set up in a design essentially Hub and Spoke (fine ok so it is partially meshed). We recently decided to pull the trigger on getting a 'real' web site and everything went relatively well that getting up and rolling. (even with my notice of 3 days/deadline), but here's the problem: I set up the web server on the DMZ to the hub pix, and I figured out (the easy part) how to set things so in the Home Office, people can connect to the web server by using the internal address, but I don't know what to do for people in remote offices with VPN home connections. I tried to define static routes, I tried to add the DMZ to the VPN trigger, I tried to do both of the last things together, and I checked that I have rules allowing traffic to the VPN outside the DMZ on the inside. So, what else can I I get?

  I have no problem by configuring a PIX for all basic ups and VPN even at this stage, I can do most of it through the CLI (even if I still want to do more through the PDM). My biggest stumbling block on the PIX has so far was when I actually involve this pesky DMZ...

  I actually two PIX in my office, two for my network domestic (one for my place in the States and one for my place in the Japan), so if you can help me, I'll be the two problems and do not forget to give a rating of excellent reviews!

  so I guess that leaves me to the place where I scream...

  Help!

  and I humbly await your comments.

  the current pix configuration should look at sth like this,

  IP access-list 101 permit

  IP access-list 110 permit

  Global 1 interface (outside)

  (Inside) NAT 0-list of access 101

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  Permitted connection ipsec sysopt

  Crypto ipsec transform-set esp-3des esp-md5-hmac superset

  myvpn 10 ipsec-isakmp crypto map

  correspondence address card crypto myvpn 10 110

  card crypto myvpn 10 set by peer

  superset of myvpn 10 transform-set card crypto

  interface myvpn card crypto outside

  ISAKMP allows outside

  ISAKMP key

   address netmask 255.255.255.255
  
  isakmp identity address
  isakmp nat-traversal 20
  isakmp policy 10 authentication pre-share
  isakmp policy 10 encryption 3des
  isakmp policy 10 hash md5
  isakmp policy 10 group 2
  isakmp policy 10 lifetime 86400
  now, to add dmz on top of the existing vpn, add the following to the pix (and apply the same concept on the remote end device)
  access-list 102 permit ip
  access-list 110 permit ip
  nat (dmz) 0 access-list 102
  

• Web server on a DMZ and Active Directory

  It is a question facing two part philosophical part technical.

  If I have a new Win 2 k 3 web server that I put on my DMZ is stupid to allow him to join my AD domain by opening the appropriate ports for communication between the inside and DMZ AD interface interface?

  Or who simply goes against Smart Firewall? Can an attacker cross from outside intf in DMZ within intf?

  If it's a wise thing to do, how to do? I guess just to open the ports that use MS as 135 137, netbios, 139, and 445 (I forgot everything?). Am I missing?

  Thanks for any advice, technical or philosophical.

  Marc

  I would put it no doubt inside. In this era of virus, worms, software, spyware, p2p, etc., your users applications are often (in general not as malicious) also dangerous than the outside world. Use a DMZ for MS products is darn almost impossible, unless it is limited filtering (blocking access to users to SNMP, terminal services and other management fixed ports) in a position that allowed default value (rather than the general practices of firewall failure deny and selectively permit).

  Because of the need for a relatively open between the clients and servers MS, I have a pretty aggressive policy of hardening, patching and antivirus.

  If you try to put your DMZ, you can determine how your internal users could access it. If they are accessing the interface of http as well, it's good (some applications have two web interfaces as client binary packages well too big that use different, sometimes dynamic ports). You could then selectively allow access to the ip address of sql for ad servers only and open a ton it things. Yet, there is the risk that if this box has been compromised, it could be a conduit for other hosts. Because this kind of things MS is such a puzzle to the DMZ, I generally recommend people think about hardening the servers instead of trying to force the DMZ piece square into a round hole.

  For IIS, look are the IISLockdown utility, which is a supplement on win2k/NT4 and perhaps be included out of the box on win2k3. It is menu-driven and can help you disable stuff you don't need. Hacking exposed Win2k is a great book to pick up. The NSA.gov has guidelines of security for most of the server MSFT products.

• second Web server on the DMZ not visible outside

  With the help of a PIX 515e

  I have several Web servers in the DMZ, the first web server and the mail server are set up with the port mapping for the PIX outside IP address of the interface.

  The second and third (inside interface) of the Web servers are configured with static mappings and access lists.

  I can see the first n the mail very good server webserver, but I can not see servers in second or third.

  What have I done wrong?

  I suggest you analysze traffic with the command to 'capture' PIX and sniff traffic on the DMZ and outside traffic.

  Check if packets arrive to the external interface, if it reaches the web server and is at - it a response.

  example of

  IP access-list 120 allow any HOST 207.236.60.35

  capture the access-list 120 vpncap OUTSIDE interface

  See the access-list 120 retail vpncap capture

  or

  https://PIX-IP-address/capture/vpncap [/pcap]

  To remove the capture:

  No vpncap capture

  sincerely

  Patrick

• Cannot access the Web server in the DMZ from the inside using IP global

  Hi all

  I hope it's a very simple question.

  I'm running a PIX 515 firewall v6.3. I set up a Web server in my DMZ and use static NAT for re-branded it overall static IP address. Access from the outside of the demilitarized zone works remarkably well. I can access inside the interface Web site using the internal IP, but I can't access it from inside interface using the global IP are entrusted to him.

  Is there a particular reason why this would not be allowed? My feeling was that the request would be forwarded via the external interface (as it is a global IP address) and then be bounced back by my sense of the ISP the request would come to the new external interface (as the static NAT is applied to the external interface).

  However if I try and access the global IP from my inside interface, then the browser can not find the server.

  can someone explain why this is so? Any information would be appreciated.

  see you soon,

  Wayne

  ---------------------------------

  6.3 (3) version PIX

  interface ethernet0 100full

  interface ethernet1 100full

  interface ethernet2 100full

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  nameif dmz security50 ethernet2

  hostname helmsdeep

  domain p2h.com.sg

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol they 389

  no correction protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  No fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  acl_out list access permit tcp any host 203.169.113.110 eq www

  access-list 90 allow the host tcp 10.1.1.27 all

  pager lines 24

  debug logging in buffered memory

  Outside 1500 MTU

  Within 1500 MTU

  MTU 1500 dmz

  IP address outside pppoe setroute

  IP address inside 192.168.1.1 255.255.255.0

  dmz 10.1.1.1 IP address 255.255.255.0

  no failover

  failover timeout 0:00:00

  failover poll 15

  No IP failover outdoors

  No IP failover inside

  no failover ip address dmz

  location of PDM 202.164.169.42 255.255.255.255 inside

  location of PDM 202.164.169.42 255.255.255.255 dmz

  location of PDM 10.1.1.26 255.255.255.255 dmz

  location of PDM 10.1.1.26 255.255.255.255 outside

  location of PDM 172.16.16.20 255.255.255.255 outside

  location of PDM 192.168.1.222 255.255.255.255 inside

  history of PDM activate

  ARP timeout 14400

  Global 1 interface (outside)

  Global (dmz) 1 10.1.1.101 - 10.1.1.125

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  NAT (dmz) 0-list of access 90

  NAT (dmz) 1 0.0.0.0 0.0.0.0 0 0

  static (dmz, external) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0

  Access-group acl_out in interface outside

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  AAA-server local LOCAL Protocol

  Enable http server

  http 192.168.1.222 255.255.255.255 inside

  enable floodguard

  string fragment 1

  Console timeout 0

  Terminal width 80

  Code v6 pix or less don't let you have traffic "back" or return flow via the same interface on which it was sent. Having also your bounce back off of an external server traffic is never a good idea, because you won't be able to distinguish which and rogue attacks by spoofing someone outside your network.

  Since you are using pix 6.3 code, you may be able to outside the NAT. Add this static to your config:

  static (dmz, upside down) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0

  You may need to run a clear xlate after adding the new static statement. Note that the interfaces: it's demilitarized zone, inside inside, dmz.

  I would like to know if it works.

• How to separate the application server and web server on the level of physical servers?

  I want to separate the application server and web server: locate on different hosts. Generally, we use Weblogic ACE. In the future maybe use Apache Tomcat as web server.
  Example,
  192.168.1.10 - as - Weblogic application server / module EJB
  192.168.1.11 - as a Web server - Weblogic / WEB module (can be - Apache Tomcat)
  
  Impossible to find examples and resources about it on google.
  Thank you.

  So, if we're looking for a subject such as:

  try {
      someEJB = context.lookup("ejb/Videotheek#model.logic.Videotheek");
  } catch (NamingException e) {
      e.printStackTrace();
  }
  

  If the EJB application is clustered in an object of type ' ClusterableRemoteRef (-4005477377232786958S: 172.31.0.107: [7003,7003,-1,-1,-1,-1,-1]: [8351443287261246917S:172.31.0.107:[7002,7002,-1,-1,-1,-1,-1]:ScriptDomain:VideotheekServer1/292])/289 172.31.0.107:ScriptDomain:VideotheekServer2 - 4005477377232786958S:172.31.0.107:[7003,7003,-1,-1,-1,-1,-1]:172.31.0.107:ScriptDomain:VideotheekServer2/289,-' is returned, which is part of the wlfullclient.jar.)

  You can try using the EJB or the annotation of the resource (do not know with certainty if Tomcat is favorable). For annotations work, you must use version servlet 2.5 or later. JNDI research work in a general such as for example Tomcat servlet container.

• Error during installation of a program with web server

  Hello

  I have a program that uses the Web server, it works fine on the development computer, but it seems that I can not configure the application builder to successfully deploy the web server on the target computer. I think I tried this medication, including the links below and still get the error message (see image)

  http://www.NI.com/white-paper/7747/en/#toc13

  http://digital.NI.com/public.nsf/allkb/62B9C2D5C91EE8B28625778800609FF2?OpenDocument

  ... help

  Dima

  Hi Shane,

  Thanks again for your response, I finally got a solution.

  After uninslalling and the computer completely from products OR cleaning, manually by removing all remaining folder and files and cleaning the registry, I installed a new copy of LabVIEW by selecting only the LV 2011 components.

  In addition, I think that did the trick, after a new version of the project of creation, I notised there are files that appear twice, for example: dp.msi and .msi dp (2), so I deleted the Installer project and physically on the disc.

  ... Finally, after creating a new installer and install on the target machine (that I also cleaned and deleted all the old files) the installation went well, and the web server has been deployed.

  Thanks again for the help,

  Dima

• P2V-Hyper - V Server 2003 license

  We want to test P2V of a file server, but not actually to use the virtual copy of the Server 2003 file in production.  I finished the P2V and the server is now in Hyper-V, but when I restart him and try to connect, he wants me to reactivate the license server, if I do it will be the origin server (physical server active still in production) stop working or reveals the key is no longer valid? If so, is there a way to circumvent this problem, because we have not both upwards at the same time in the production?

  Thanks - John

  Hello

  Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

  See you soon.

• run the Web server in vmware

  Hello
  I run the Web server in the os(xp pro) host and now I want to run the Web server in the guest operating system
  I put things in the host operating system, follow
  router setting page (shared ip settings page)
  1 DHCP using OFF
  2 DMZ host server using on 192.168.10.201
  3. setting of virtual server 192.168.10.201 port TCP port internal external port 81 81
  TCP/IP
  1 use the following IP 192.168.10.201
  2 gateway 192.168.10.1
  3. the DNS settings of
  4. on the Advanced tab > Internet connection sharing > VMware Network Adapter VMnet 8
  for now, when someone tries to access my WAN IP then page host server is apear (from external network)
  If I stop server Web host then cannot access my WAN IP

  and in VMware, I put the (Windows XP Pro)
  TCP/IP configuration
  1 use the following IP 192.168.88.201
  2. default gateway 192.168.88.2
  3. the DNS settings of
  4. click the guest OS tab and click Edit > virtual network editor > NAT VMnet host is VMnet8
  5. setting NAT > Port forwarding > Add >: host port 81 machine virtual ip address 192.168.88.201 port 81
  and at the moment access to 192.168.88.201 in the guest operating system is ok the page is apear
  but nothing is apear when try and access my WAN IP external network and if I start it the host Web server then the host page is apear that im is not the intention of
  How can I make the Web server of the guest to access other networks operating system?
  in the guest operating system, I can access Web server of the customer by access 192.168.10.201
  but I can't access Web server of the client by typing host operating system access the 192.168.10.201
  any ideas? My version of vmware's vmware-workstation - 6.5.2 for windows

  Hi Teayun,

  Thanks for visiting the site of the community of Microsoft Windows XP. The question you have posted is related to VMware and would be better suited to the VMware or TechNet community. Please visit the link below to find a community that will support what ask you

  http://www.VMware.com/support/
  http://TechNet.Microsoft.com/en-us/default.aspx Shawn - Support Engineer - MCP, MCDST
  Microsoft Answers Support Engineer
  Visit our Microsoft answers feedback Forum and let us know what you think