queries of the same-security-traffic command
Dear experts,
I wonder if put in the "same-security-traffic intra-interface permits" or blanket orders 'same-security-traffic licence inter-interface' will make the traffic to "bypass" the ACL for the interfaces with the same level of security?
Your response is much appreciated.
Glenn
The short answer is Yes if there is an access to the interface list then there must be an entry allowing traffic to be allowed back.
For more details, take a look at this document.
http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a0080734db7.shtml#T5
HTH
Jon
Tags: Cisco Security
Similar Questions
-
ASA - same-security-traffic allowed inter VS permit/deny access-list interface
Hi people,
I wonder if I use the same-security-traffic permits inter-interface order to ASA and I have 2 separate interfaces with the same level of security and ACL with a few rules explicit allow , if not covered by these statements to allow traffic will be blocked by implicit deny at the end of the ACL or am I completely wrong in my thinking?
That is right.
But then if you have an interface with an ACL and another interface without an ACL and you want to pass traffic between the two interfaces, then the interface without an ACL will rely on the level of security while configured with the ACL interface will rely on configured ACL entries.
--
Please do not forget to select a correct answer and rate useful posts
-
issue of same-security-traffic
ASA5505 config
IP address inside 10.1.1.254 255.255.255.0
NAT (inside) 1 10.1.1.0 255.255.255.0
Route inside 10.1.2.0 255.255.255.0 10.1.1.253
permit same-security-traffic intra-interface
When I source packets from 10.1.1.1 host I can't reach 10.1.2.1 host
default gateway on 10.1.1.1 is 10.1.1.254
If I "route add 10.1.2.0 mask 255.255.255.0 10.1.1.253" to 10.1.1.1 host I can then reach 10.1.2.1 host
What I'm missing here? Everything else I have to do the work.
THX,
Phil
That should make it work.
Global (inside) 1 interface
-
Closing a tab gives the same security that close a browser?
Before the arrival of the tabs, we have been invited to close the browser and open a new after being on a site that has involved sensitive information.
Closing a tab in Firefox gives the same level of security, or should I continue to close the entire browser?
No, who does not have the same protection. Some data may be revoked by closing and restarting Firefox, but even so, you still have the data stored on the disk in the cache or cookies even if you closed all tabs open before closing Firefox.
You can switch to private browsing to prevent storage of the data at all, or you can use clear history recent to clear the last hour or more if necessary.
Firefox 4 and later versions Save the previous session automatically, so it is no longer need for the dialog box asking if you want to save the current session.
Use ' file > leave ' or ' Firefox > Exit ' (Mac: ' Firefox > quit Firefox ") If you want to restore multiple windows or have problems with the restoration of the tabs.
You can use ' history > restore previous Session ' to get the previous session at any time.There is also a button 'Restore previous Session' on the default on: Home home page.
-
Multiple queries on the same interactive report
Is it possible to the button click, change the query for a report interactive?
I created an example at apex.oracle.comworkspace: stevendooley34
username: dev01
password: dev01
Application: ForumExamples
Basically what I want to be able to do is on the page by default IR there is a selection list. When the user clicks on the menu drop down and select an option, a search box appears. I want that this research working as a second IR query and third IR query searches that are slightly different queries.
I know there is the filter option, but users do not want to have to go through and Insert commas between each value, so the second and third queries correct this, I'm not sure how to combine the three pages.
I fixed this problem on my tabular reports by creating a new report on the same page and making it conditional to show only when the selection type is a certain, but as far as I know, you can't have multiple interactive reports on a single page.
One thing to note:
The example is in version 4.2 but my company uses 4.0 which is where I need to implement this.
If there is another way to do this, I'm open to other ideas.
Steven
It's just an extension of what you already created in the Page 3 and 4
It is very important that you learn to "think in sets.
Once you have a definition for your dataset, you can easily create SQL statements
What you're trying to do is to define a set of data that follows these rules:
- If the search type is null--> return all ranks
- If the input box is nowhere--> return all ranks
- If search type = "name"--> return lines which correspond to ename (...)
- If search type = 'job'--> return lines which match job in (...)
Your rules will apply in the WHERE clause as:
WHERE
: P3_SEARCH_TYPE is null
or: P3_SEARCH_INPUT is null
or (: P3_SEARCH_TYPE = 'name' and ename (...))
or (: P3_SEARCH_TYPE = "work" and work in (...))
I already modified it Page 3 since it was 90% of the required stuff.
MK
Post edited by: Mike Kutz
reorganized for clearity -
Running queries at the same time
Hello
I have a report of very complicated bi Publisher who has about 10 applications in a data model with the option 'Concatenate SQL Data Source' (with 'making the names of single line'). These queries are running on a server OBIEE.
When I look at the queries by submitting in NQQuery.log, I can see it seems to be run them sequentially. I.e. #1 query is completed before query #2 kick-off, etc..
I would like for all 10 get requests at the same exact time, to improve performance. Is there something I should change to get this to happen?
Thank you
ScottOnly options is to reduce sql concatenated gradually, instead of 10.
All independent queries will be run sequentially, concurrent requests run cannot be done at RANDOM.
In order to better the Club little motions, so that you can run several queries for report data.
-
Repeated downloads (much, much) the same security update.
A security update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954450)
This point was first downloaded to my system on 23 July 09. Since then, to date (Oct 06) it has been downloaded and installed auto that I close my system at the end of the day 97 times! I'm under Vista Home Premium on a laptop and every time I leave on stand-by, I can't because this update is waiting to be downloaded and automatically turns the unit off when you are finished. The situation is completely unacceptable, but I don't see what I can do to avoid it. Can someone please provide a response? Thanks in advance.A security update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954450)
This point was first downloaded to my system on 23 July 09. Since then, to date (Oct 06) it has been downloaded and installed auto that I close my system at the end of the day 97 times! I'm under Vista Home Premium on a laptop and every time I leave on stand-by, I can't because this update is waiting to be downloaded and automatically turns the unit off when you are finished. The situation is completely unacceptable, but I don't see what I can do to avoid it. Can someone please provide a response? Thanks in advance.A security update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430 ) are you referring to?
There is no KB954450. If so, then see known issues with this security update of the Ko.
The reason why the update is offered several times is that is not install properly because the msxml being locked files / in use or there is a problem with corruption of files.
If the first is the origin of the problem, suggest you clean boot Vista , and then install the update. Use step 1: perform a clean boot . Cancel the clean boot using the step 7: reset the computer to start as usual .If the latter is the origin of the problem then suggest you see:
For Microsoft XML Core Services 4.0 Service Pack 2 security updates may repeatedly appear in the update on Microsoft Update or Windows Update listYou can also uninstall MSXML 4 SP2, reboot and uninstall any other 4 MSXML listed in programs and features. MSXML 4 is not included in Vista, so it was most likely installed by 3rd party software that requires to work properly.
Then download, Save and install MSXML 4.0 Service Pack 3 (Microsoft XML Core Services) .MowGreen MVP Data Center Management - update of safety Consumer Services
-
This is a security update. It's boring and afraid, that it slows down my PC.
Hi Larry, thanks for your info
Refer to this post that addresses a similar issue and follow the suggestion given by Kosh Vorlon - a regular contributor here.
`~`
Visit the Microsoft Solution Center and antivirus security for resources and tools to keep your PC safe and healthy. If you have problems with the installation of the update itself, visit the Microsoft Update Support for resources and tools to keep your PC updated with the latest updates.
For enterprise customers, support for security updates is available through your usual support contacts.
`~`
How to hide an update in Windows 7
A. click the Start button, click principally made programs, and then click Windows Update.
(B) in the left pane, click check for update.
C. after receiving the results of the analysis, please click to see the available updates under the install updates button.
D. Please right- click the update (KB2538242), and then click hide update.
`~`
Refer to this post that addresses a similar issue and follow the suggestion given by Kosh Vorlon - a regular contributor here.
07/01 / 1102:47: 23:00
-
Hi all
Bit of a strange problem with Windows 7. I can't get defrag to work on any level. Running manually using a system Accessories/tools works for about 20 minutes before the computer hangs completely and requires that the start/stop button to press. I have run chkdsk and supposedly there are no errors on the hard drive.
I tried running as admin - c:/c defrag.exe command-line prompt and several variations of it, but all have problems about 20 minutes in the defragmentation. Also tried in safe mode.
The strange thing is that the computer does not display instabilities during normal operation. My tuneup software has identified that the hard drive is very fragmented. I do not think that the third-party software it will solve as Tuneup has a command defragment and which freezes some 20 minutes after the start.
Any recommendations?
What tune up software?
Its likely that dubious Tune Up software is the cause of system problems
-
Multiple queries on the same data entry form
I hope I am in the right forum!
I'm working on a data entry screen that is interfaced with a data base for pre-determined entries. The user will choose the first name of the Member, not problem here, then using this last name, a list of names that match the last name. Here's what I have so far:
< CFQUERY DATASOURCE = "cfissues" Name = "LNameQry" >
SELECT LastName
Members
ORDER BY name
< / CFQUERY
< CFQUERY DATASOURCE = "cfissues" Name = "FNameQry" >
SELECT FirstName
Members
WHERE LastName = #LastName # (' #LastName # ') (#FORM. LastName #)
< / CFQUERY
<!--- ================== --->
< CFSELECT NAME = 'name '.
QUERY = "LNameQry."
VALUE = 'value '.
etc.
< / CFSELECT >
The user selects a member of family name. Using this name, I want to run the FNameQry query that retrieves all the names that correspond to this last name chosen by the CFSELECT statement. In this way, the drop-down list for the first name field contains only the names of skills (not all 7,000 on the database!). I have more to do beyond that, but just to get this first part of work would be of great achievements.
I have used various combinations of the name chosen by the CFSELECT run FNameQry, but nothing seems to work. I get an error on LASTNAME is not defined.
I guess I need to (somehow) define a variable that will be filled with the value selected in the CFSELECT statement and use it in the FNameQry?
Hello
Use isdefined "(form. LastName") for FNameQry
-
The two are running with the same security settings.
Hi dblackid,
1. you remember any changes made to the computer before the show?
2. you use a third party firewall?
I would refer to the links below try the steps and check if this is useful:
Method1: Perform the clean boot and check if it helps to solve the problem:
Windows7 or vista link: http://support.microsoft.com/kb/929135
Windows XP link: http://support.microsoft.com/kb/310353
Note: For vista or windows7, please see step 7 of the article to set the computer to a normal startup
For XP, follow the steps described in the article, "steps to configure windows to use a normal startup state."
Method2: Turn on or off Windows Firewall
http://Windows.Microsoft.com/en-us/Windows7/turn-Windows-Firewall-on-or-off
Method3: Open a port in Windows Firewall
http://Windows.Microsoft.com/en-us/Windows7/open-a-port-in-Windows-Firewall
Remplacement4: Allow a program to communicate through Windows Firewall
http://Windows.Microsoft.com/en-us/Windows7/allow-a-program-to-communicate-through-Windows-Firewall
Reference:
Firewall: Frequently asked questions
http://Windows.Microsoft.com/en-us/Windows7/firewall-frequently-asked-questions
Note: Please mention on the operating system that is installed on your computer.
I hope this helps.
-
Update of same security, KB2538242, installs whenever I shut down.
Since June 15, whenever I try to close the same security update is installed on my ProBook 4520 s running Windows 7 Pro. Any suggestions on how to fix this?
Hello
If the update is displayed as installed in the view installed updates, click check for updates again. Click on the number of updates available to view individually, right-click the update of 2005 and select "Hide update". This should prevent offered in the future.
Kind regards
DP - K
-
Internal Web deployment of Android &; IOS app on the same page
HI am delopying our application on both android and IOS in the same secure Web page as 2 links.
I use the older DPS documentation and it works for IOS.
What should I do different for the Android? Is there a reference article?
You have two options:
(1) post the .apk on a website and send the link autour. The downside is that your users will need to allow the installation of app of unreliable sources to make this installation work.
2) distribute via Google private game channel. Start with distribute Android apps in your organization - Google Apps admin help center for more information.
Neil
-
Plugin not visible in the same drive after certificate
I made a plugin and took the digital certificate from Adobe. I use SignPlugin to sign up and gets the message "name of plug-in player-activated successfully. Strangely still not find Plugin in the player but is visible in Acrobat Pro.
A problem I faced during conversion from pro to Reder, when I added 'READER_PLUGIN' in the preprocessor according to the documentation. I start getting error for my previous uses the method ' PDDocSave (pdDoc, PDSaveCopy |)» PDSaveFull, newPath, ASGetDefaultFileSys(), NULL, NULL); ».
I wonder, I got queries for the same methos alsio prior to " " http://forums.Adobe.com/thread/522488?TSTART=0 ', in any case I commented that according to the error message headers do not match. Plug-in is respected without any error and only works in Pro.
I'm still missing something. Pl help
Right and that wont work in Reader.
You can easily get the path to the document opened with a PD or AVDoc. Here is an excerpt:
PDDoc pdDoc = AVDocGetPDDoc (avDoc);
Dittos ASFile = PDDocGetFile (pdDoc);
ASPathName AFN = ASFileAcquirePathName (autogrow);
AFS ASFileSys = ASFileGetFileSys (autogrow);
ASPlatformPath pPath;
I ASInt32 is ASFileSysAcquirePlatformPath (aFS, aPN, ASAtomFromString("Cstring"), & pPath);.
now convert the path into something you can use...
const char * path = ASPlatformPathGetCstringPtr (pPath);
As you can see, once you have the path, you can of course, that convert into a string (or the other C, Unicode, area, etc.)
-
Error of tunneling traffic to 2 networks on the same link?
Hi all
Here is my list of current access to bring up my VPN tunnel. Everything works fine with it, but I have several networks from the source router. How to encrypt traffic from the same source router going to the same router by peers. Do I have to create a different ACL or can just add another license to the current ACL statement?
INT_Traffic extended IP access list
IP address 172.16.0.0 allow 0.0.255.255 172.17.0.0 0.0.255.255Can I change the ACL above to this? Every time I add the second permit States below, I get the error below.
INT_Traffic extended IP access list
IP address 172.16.0.0 allow 0.0.255.255 172.17.0.0 0.0.255.255ip permit 172.30.3.0 0.0.0.255 172.30.3.0 ip 0.0.255 or permit 172.16.0.0 0.0.255.255 172.30.4.0 0.0.0.255
peer networks peer Destination source.
Mar 1 04:18:29.842: IPSEC (sa_request):,.
(Eng. msg key.) Local OUTGOING = 192.168.0.1, 192.168.0.2 = distance.
local_proxy = 172.16.0.0/255.255.0.0/0/0 (type = 4),
remote_proxy = 172.30.4.0/255.255.255.0/0/0 (type = 4),
Protocol = ESP, transform = esp - aes 256 esp-sha-hmac (Tunnel),
lifedur = 3600 s and KB 4608000,
SPI = 0 x 0 (0), id_conn = 0, keysize = 256, flags = 0 x 0
* 04:18:29.850 Mar 1: ISAKMP: set new node 0 to QM_IDLE
* 04:18:29.850 Mar 1: ITS a exceptional applications (102.72.38.92 local port 500, 102.72.38.64 remote port 500)
* 1 Mar 04:18:29.854: ISAKMP: (1001): sitting IDLE. From QM immediately (QM_IDLE)
R2(config-ext-NaCl) #.
* 04:18:29.854 Mar 1: ISAKMP: (1001): start Quick Mode Exchange, M - ID of 623193098
* 04:18:29.858 Mar 1: ISAKMP: (1001): initiator QM gets spi
* 1 Mar 04:18:29.862: ISAKMP: (1001): send package to 192.168.0.2 my_port 500 peer_port 500 (I) QM_IDLE
* 04:18:29.862 Mar 1: ISAKMP: (1001): sending a packet IPv4 IKE.
* 04:18:29.866 Mar 1: ISAKMP: (1001): entrance, node-623193098 = IKE_MESG_INTERNAL, IKE_INIT_QM
* 04:18:29.866 Mar 1: ISAKMP: (1001): former State = new State IKE_QM_READY = IKE_QM_I_QM1
* 04:18:30.422 Mar 1: ISAKMP (0:1001): received packet of 192.168.0.2 dport 500 sport Global 500 (I) QM_IDLE
* 04:18:30.426 Mar 1: ISAKMP: node set-1733728027 to QM_IDLE
* 1 Mar 04:18:30.430: ISAKMP: (1001): HASH payload processing. Message ID =-1733728027
* 1 Mar 04:18:30.430: ISAKMP: (1001): treatment protocol NOTIFIER PROPOSAL_NOT_CHOSEN 3
SPI 2018370628, message ID =-1733728027, his 664824F8 =
* 1 Mar 04:18:30.434: ISAKMP: (1001): delete message spi 2018370628
R2 (config-ext-nacl) #ID =-623193098
* 04:18:30.434 Mar 1: ISAKMP: (1001): node-623193098 error suppression REAL reason "remove larval.
* 04:18:30.434 Mar 1: ISAKMP: (1001): node-1733728027 error suppression FALSE reason 'informational (en) State 1.
* 04:18:30.438 Mar 1: ISAKMP: (1001): entry = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
* 04:18:30.438 Mar 1: ISAKMP: (1001): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETEhostname R2
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
memory iomem size 5
IP cef
!
!
!
!
no ip domain search
property intellectual auth-proxy max-nodata-& 3
property intellectual admission max-nodata-& 3
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
Archives
The config log
hidekeys
!
!
crypto ISAKMP policy 50
BA aes 256
preshared authentication
Group 5
key cisco address 192.168.0.2 crypto ISAKMP xauth No.
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac Cisco
!
VPN_MAP 10 ipsec-isakmp crypto map
defined peer 192.168.0.2
game of transformation-Cisco
match address INT_Traffic
!
!
!
!
!
!
!
interface FastEthernet0/0
IP 172.16.0.2 255.255.255.252
automatic duplex
automatic speed
!
interface Serial0/0
the IP 192.168.0.1 255.255.255.252
clock speed of 128000
card crypto VPN_MAP
!
interface FastEthernet0/1
no ip address
Shutdown
automatic duplex
automatic speed
!
interface Serial0/1
no ip address
Shutdown
2000000 clock frequency
!
router RIP
version 2
network 172.16.0.0
network 192.168.0.0
No Auto-resume
!
IP forward-Protocol ND
!
!
IP http server
no ip http secure server
!
INT_Traffic extended IP access list
IP address 172.16.0.0 allow 0.0.255.255 172.17.0.0 0.0.255.255
IP address 172.16.0.0 allow 0.0.255.255 172.30.4.0 0.0.0.255
!
!
!
!
!
!
!
control plan
!
!
!
!
!
!
!
!
!
!
Line con 0
exec-timeout 0 0
Synchronous recording
line to 0
line vty 0 4
opening of session
!
!
endR2 #.
(1) you can not configure the same subnet for the subnet source and destination. Each end of the VPN must be unique. Therefore, you cannot add "ip 172.30.3.0 allow 0.0.0.255 172.30.3.0 0.0.255" to the ACL INT_Traffic.
(2) If you add another row of ACL under INT_Traffic, you also add the same image mirror ACL on the VPN peer device. You can not simply add the ACL on the router, because the other router wouldn't know the newly created ACL, so this will not work.
You can add the following line under INT_Traffic ACL:
IP address 172.16.0.0 allow 0.0.255.255 172.30.4.0 0.0.0.255
But you must also add the image mirror ACL on the device VPN peer as follows:
IP 172.30.4.0 allow 0.0.0.255 172.16.0.0 0.0.255.255
But, Yes, you can add several lines ACL under INT_Traffic if you want to encrypt via the VPN tunnel. Just make sure that the 2 points above.
Hope that helps.
Maybe you are looking for
-
Ho preso yesterday UN iphone 6s, he giorno prima ho fatto it backup dal mio iphone 6 su itunes del mio imac da quando ho attaccato it 6s per ripristinare it backup, itunes ha begun a che può non riconoscere 6s iPhone tell perched itunes not e enough
-
THE 10 Bluetooth enumerator error
Bluetooth doesn't work on my ASUS Q302LA. Settings > devices does not show same as bluetooth is available. In Device Manager, the following error message is in the properties of the enumerator Microsoft THE. Any ideas.
-
Need to know how to connect to the internet, anywhere
Original title: internet connection on laptop 10 years ago, I got a laptop and was able to connect to the internet anywhere I went. I don't remember how I was able to do it without a motem
-
panelcollection filter button programmatically
Hello. I'm on 11g R2.In panelcollection we have a button that when I click on makes all the filter table to appear/disappear. By default, all filters will be displayed. How can I programmatically control this button? My goal for this key initially no
-
Photoshop script to export groups as folders?
HelloI work with a .psb file that has about 100 groups with layers in them. I would like to export these groups into folders containing a file .png for each individual layer inside. If I create the folders manually and reorganize the files png inside