Question list access

Similar Questions

• Question of access list for Cisco 1710 performing the 3DES VPN tunnel

  I have a question about the use of access lists in the configuration of a router Cisco 1710 that uses access lists to control traffic through the VPN tunnel.

  For example the following lines in a configuration on the remote router. My question is whether or not the traffic that matches the definition of list access-130 (something other than 192.168.100.0/24), cross the VPN tunnel or go directly to the Ethernet0 interface.

  My understanding is that traffic that matches the access list 120 would be encrypted and sent through the IPSec tunnel. If there was "ban" set out in the statements of 120 access-list, the traffic for those would be sent through the IPSec tunnel but not encrypted (if possible). And finally, given that the definition of crypto card reference only "adapt to 120", any traffic that matches 130 access list would be sent Ethernet0 but not associated with the card encryption and thus not sent through the IPSec tunnel. "

  Any input or assistance would be greatly appreciated.

  Map Test 11 ipsec-isakmp crypto

  ..

  match address 120

  Interface Ethernet0

  ..

  card crypto Test

  IP nat inside source overload map route sheep interface Ethernet0

  access-list 120 allow ip 192.168.100.0 0.0.0.255 10.10.0.0 0.0.255.255

  access-list 130 refuse ip 192.168.100.0 0.0.0.255 10.10.0.0 0.0.255.255

  access-list 130 allow ip 192.168.100.0 0.0.0.255 any

  sheep allowed 10 route map

  corresponds to the IP 130

  He would go through the interface e0 to the Internet in clear text without going above the tunnel

  Jean Marc

• Question on access to multidimensional data Collection

  Hi all

  I have a multidimensional question on access to data using Collections.

  We use Oracle 11 GR 2.

  Our requirement is as shown below

  We get data from upstream via a stored procedure. The procedure store entry variable is a multidimensional complex type.

  I gave below the structure of the collection

  Step 1

  CREATE or REPLACE TYPE feature_type IS OBJECT

  (

  feature_code VARCHAR2 (10),

  feature_name VARCHAR2 (50).

  feature_value NUMBER

  );

  /

  Step 2

  CREATE or REPLACE TYPE feature_array IS TABLE OF THE feature_type;

  /

  Step 3

  TYPE to CREATE or REPLACE the argument subscriber_type IS OBJECT

  (

  subscriber_id NUMBER,

  first name VARCHAR2 (50).

  name VARCHAR2 (50).

  feature_data feature_array

  );

  /

  Step 4

  CREATE or REPLACE TYPE subscriber_array IS TABLE OF subscriber_type;

  /

  Step 5

  CREATE or REPLACE TYPE order_type IS OBJECT

  (

  order_id NUMBER,

  subscriber_data subscriber_array

  );

  /

  Step 6

  CREATE or REPLACE TYPE order_array IS TABLE OF THE order_type;

  /

  Suppose I have a procedure as shown below

  CREATE OR REPLACE PROCEDURE multidimensional_prc (p_dataarray order_array)

  IS

  lv_order order_array;

  BEGIN

  lv_order: = p_dataarray;

  lv_order: =.

  () order_array

  order_type)

  1,

  () subscriber_array

  subscriber_type argument)

  10,

  "Subscribed 10 first name."

  "Subscriber 10 Lst Name."

  () feature_array

  "feature_type ('F10', ' Featgure Code 10', 10 '))),"

  subscriber_type argument)

  11,

  "Subscriber 11 name."

  "Subscriber 11 Lst Name."

  () feature_array

  "feature_type ('F11', ' Featgure Code 11', 11 '))),"

  order_type)

  2,

  () subscriber_array

  subscriber_type argument)

  20,

  "Subscriber 2 first name."

  "Subscriber 2 Lst Name."

  feature_array (feature_type ("F2", "Featgure Code 2', 20 ')));

  FOR m1 in 1... lv_order. COUNTY

  LOOP

  Dbms_output.put_line (.order_id lv_order (m1));

  -FOR the m2 in 1... lv_order (M1). COUNTING LOOP

  -NULL;

  -END LOOP;

  END LOOP;

  END multidimensional_prc;

  /

  I am able to read the data until the order data as it is in level 1. But when I'm reading the data of the subscriber level 2nd level or level of functionality level (3rd), I make mistakes. Basically, I am unable to read the data into Sub levels.

  Very much appreciate your help here.

  Thank you

  Please ignore this one.

  FOR m1 in 1... lv_order. COUNTY

  LOOP

  Dbms_output.put_line ('- order identification-' | .order_id lv_order (m1));

  FOR m2 in 1... .subscriber_data lv_order (m1). COUNTING LOOP

  Dbms_output.put_line (' Subscriber ID => ' | lv_order (m1) .subscriber_data (m2) .subscriber_id);

  FOR m3 to 1... lv_order (m1) of .subscriber_data .feature_data (m2). COUNTING LOOP

  Dbms_output.put_line (' Code function => ' | lv_order (m1) .subscriber_data (m2) .feature_data (m3) .feature_code);

  Dbms_output.put_line (' include the name => ' | lv_order (m1) .subscriber_data (m2) .feature_data (m3) .feature_name);

  END LOOP;

  END LOOP;

  END LOOP;

  I got the answer.

• Simple Question SSH Access-List

  I am allowing SSH access for all of our Cisco devices and you want to restrict access to all the following ip addresses: 192.168.200.1 - 192.168.200.50.  I forgot the exact configuration of access list to achieve this.  The subnet is 24 and I don't want the whole subnet - seulement.1-. 50.

  Thank you

  Thomas Reiling

  Hello

  If you use ssh, make sure that you have a domain name, host name and a rsa key is generated.  Assuing you have done this, the command vty ACL and following line will do the trick.  Note that the host 1-50 list is not on a subnet barrier.

  To get it exactly

  access-list 1 remark MANAGEMENT ALLOW
  access-list 1 permit 192.168.200.0 0.0.0.31

  access-list 1 permit 192.168.200.32 0.0.0.15

  access-list 1 permit 192.168.200.48 0.0.0.1

  host access-list 1 192.168.200.50

  access-list 1 refuse any newspaper

  It would be a good idea to put it on a limit, however, so the following would be much simpler and easier to read.

  access-list 1 remark MANAGEMENT ALLOW
  access-list 1 permit 192.168.200.0 0.0.0.63

  access-list 1 refuse any newspaper

  Apply the class of access on the vty lines and authentication, I would put something there too.

  line vty 0 4
  access-class 1
  entry ssh transport

  password Bonneau

  That should do it.

  Good luck!

  Brad

• Question of Access-list PIX

  The following access list works on a cisco router, however, the list will not work on the PIX (I change the mask to wildcards to a for the PIX subnet mask).

  Router (works)

  access allowed test tcp 192.168.1.50 list 0.0.0.5 host 10.10.10.1 eq 80

  PIX (does not work)

  access list permit test tcp 192.168.1.50 0.0.0.10 host 10.10.10.1 eq 80

  I get the error on the PIX:

  ERROR: Source, mask <192.168.1.50, 0.0.0.10="">address not pair

  Is it possible to group IP addresses as well as on the PIX in a similar way as Cisco IOS?

  Thank you!

  Domo Arigato!

  You can use

  192.168.1.48 255.255.255.248 for the source or if they are many hosts you must insert an individual entry for each source.

  Of course you can refuse the host 192.168.1.49 and

  Let the others allow 192.168.1.48 255.255.255.248

• How question list of access room.

  Hello

  What I try to do is:

  (1) Authenticate and connect to the account

  (2) the list of the room (as applicable)

  (3) validate if a certain margin exists against the room list

  So I connect successfully, but the list of the room is always null.

  I checked the documentation, it seems to be straight forward, but I can't get it to work.

  Someone at - it an example of code for this?

  Here is my code:

  public void authenticateSuccess(event:AccountManagerEvent):void
  {
  trace ("ROOM:" + event.list);
  try {}
  {if (IsMaster)}
  acctMgr.createRoom (roomName);
  }
  else {}
  return;
  }
  } catch (error) {}
  e.message = "the room that you are trying to create already exists!"
  throw e;
  }
  }

  Thanks in advance.

  Artour.

  LordAlex Works Inc.

  That doesn't really meet Nigel question (you do this in the Flex client? You can't unless you are the owner of the developer account).

  In addition, it is faster for you to call createRoom and capture/ignore the error instead of check if the room is first (it's always 1 server call vs potentially two calls to the server if the room does not exist)

• Adapter LAN question, "no access to the network.

  Original title: LAN adapter issue

  Hi all, when connecting my laptop to a switch of the LED on the switch is green which means connected. The IP address on the laptop is entered manually, but when will the cmd and issue ipconfig it shows "media disconnected" and the network adapter in the Control Panel indicates "no access to the network. It also indicates that "this device is working propoerly! Please advice

  Hello

  What is the number and the model of the computer?

  Remember to make changes to the computer before the show?

  Thanks for posting in Microsoft Communities.  The problem description, I understand that you can not connect to the Internet.  Correct me I misunderstood the question

  Follow these steps:

  Method 1: Follow these steps:
  How to troubleshoot possible causes of Internet connection problems in Windows XP: http://support.microsoft.com/kb/314095

   

  Method 2: Follow these steps:

  
  Step 1: renew DHCP Dynamic Host Configuration Protocol)
  a. click Start, click run, type cmd and click OK.
  b. in the command prompt, type ipconfig / renew
  c. Close command prompt.
  d. check the result.

   

  Step 2: Try to obtain an IP address automatically
  a. open Internet Explorer, go to Tools, click on Internet Options, connections, LAN settings.

  b. uncheck all boxes except automatically detect connection settings
  c. click OK to apply the changes.
  d. check if the problem persists.

   

  Method 3: If the methods above do not help, check if the wireless card is very well and try to update the drivers on the manufacturer's Web site.

  a. click Start and right-click my computer.
  b. Select Properties and then click the hardware tab.
  c. click on Device Manager and expand network adapters in the list.
  d. right click on the adapter, then click Properties.
  e. click the driver tab and click Update the driver.

  Please follow the steps and let us know if this helped.  If the problem persists, answer and we will be happy to help you.

• WRT610N question to access the data on the NAS

  Hello

  Just replaced my WRT54G (works perfectly) with a WRT610N and used the same configuration to access Internet and LAN.

  Upgrade to the latest Firmware for the 610N.

  The WRT610N that is connected to a SD2008 (1 GB of Linksys 8 - port Switch).

  SD2008 connected to a Synology DS209 + with the latest Firmware and PC XP. Access between PC and DS209 + works perfectly.

  WRT610N connected to a couple of wireless devices; such as iPhone, Vista and XP PC and wired for PS3.

  When you access any device (PC, PS3) through WRT610N, I see all the directories and content even as thumbs on DS209 +. Try to open or to copy one takes file (2 MB in size) incredibly long (about 3 minutes). .

  Copies of Vista or XP PC wireless to DS209 + large works and same file is copied in a few seconds. Internet download works fine with good performance as well.
  WRT610N with NAT enabled; Firewall disabled.

  Any suggestions or solutions?
  Thank you

  This is it.

  Bought new cables - same question, MTU has changed - same question. Changing the port on WRT - BINGO.

  Looks like Port 1 is defective,

  Thanks for your help amine.

  Concerning

• list access inter vlan routing

  I've implemented on cisco switch access list 3560, but it never works.

  I want to block access to network B to network A and allow Ato b

  10.0.12.0/24 network.

  B 10.0.24.0/24 network

  The configuration is

  interface Vlan1

  Data VLAN description

  10.0.12.10 IP address 255.255.255.0

  !

  interface Vlan24

  training description VLAN

  IP 10.0.24.10 255.255.255.0

  !

  IP classless

  IP route 0.0.0.0 0.0.0.0 10.0.12.1

  IP http server

  IP http secure server

  !

  activate the IP sla response alerts

  access-list 101 permit ip 10.0.12.0 0.0.0.255 10.0.24.0 0.0.0.255

  access-list 101 deny ip 10.0.24.0 0.0.0.255 10.0.12.0 0.0.0.255

  access list 101 ip allow a whole

  Y at - it an idea that I can block the access of 10.0.24.0/24 t0 10.0.12.0/24

  Hi Marc,

  I see that you have created the access list but you have not applied it on the interface with the command "ip access-group. For that to work, you must apply the acl on the L3 interface as below.

  If you change the configuration as below.

  no access list 101 didn't allow ip 10.0.12.0 0.0.0.255 10.0.24.0 0.0.0.255

  access-list 101 deny ip 10.0.24.0 0.0.0.255 10.0.12.0 0.0.0.255

  access list 101 ip allow a whole

  !

  interface Vlan24

  training description VLAN

  IP 10.0.24.10 255.255.255.0

  IP access-group 101 in

  Concerning

  Najaf

  Please rate when there is place or useful!

• No not removed from the external interface access-list access list?

  PIX515

  customer wanted to modify the access list (add a new line)

  so he has first publish no access-list command can

  apply the change to the access list, but the access list has been

  removed from the interface outside

  is this a normal behavior? on routers access list stay connected

  for the event of the interface if you issue no access-list command

  Thanks in advance for any comments

  JYP

  Hi Thibault-

  No, it is not a normal behavior, sounds more like an error by the customer. It's always a good idea to copy the required ACL on a text editor (Notepad) do not forget to include "access-group command" i.e. "access-group interface inside inside' or 'access-group out in interface outside' - when copying the required ACL and then issues a 'no access-list inside' or 'no access-list outside' the first line in the ACL copied on your notebook before copy you it to the PIX , also make sure that you are using the config and make an "m wr" (write memory) after the ACL modified have been applied on the PIX.

  Hope this helps-

• Several statement list Access NAT (DMZ) 0

  Hello

  IM I have problems with remote VPN. The scenario is as follows:

  I have I have few clients who will connect remotely via VPN. Until today, one of them needed to enter my DMZ. But now I want a different profile (the cause is a new client) to access one of my server in the DMZ.

  So I said all of the VPN, the ACL settings, but when I want to declare the nat 2 access-list newclient (dmz) it does not work. But if I declare the nat 0 access-list newclient (dmz), it works, BUT it removes the previous 0 having my other client nat. Is there a way to create several access list statement 0 - nat (dmz)?. If this is not the case, how could I solve this problem?

  This is my config:

  vpnashi list extended access allowed host ip 192.168.16.28 192.168.125.0 255.255.255.0

  access extensive list ip 192.168.125.0 vpnashi allow 255.255.255.0 host 192.168.16.28

  vpnlati list extended access allowed host ip 192.168.16.50 192.168.125.0 255.255.255.0

  access extensive list ip 192.168.125.0 vpnlati allow 255.255.255.0 host 192.168.16.50

  IP local pool ippool 192.168.125.10 - 192.168.125.254
  Global 1 interface (outside)

  Global 2 200.32.97.254 (outside)

  NAT (outside) 1 192.168.125.0 255.255.255.0

  NAT (inside) 0-list of access vpnas

  NAT (inside) 2 access list ACL-NAT-LIM

  NAT (inside) 3 access-list vpnwip

  NAT (inside) 4 access-list vpnashi

  NAT (inside) 5-list of access vpnlati

  NAT (inside) 1 0.0.0.0 0.0.0.0

  NAT (wifi) 2 0.0.0.0 0.0.0.0

  NAT (dmz) 0-list of access vpnashi

  NAT (dmz) 1 192.168.16.0 255.255.255.0
  NAT (dmz) 2 access-list vpnlati
  internal group RA-ASHI strategy

  attributes of RA-ASHI-group policy

  Server DNS 172.16.1.100 value

  VPN-idle-timeout 30

  VPN-filter value vpnashi

  Protocol-tunnel-VPN IPSec l2tp ipsec webvpn

  Split-tunnel-policy tunnelspecified

  internal strategy of RA-LATI group

  attributes of RA-LATI-group policy

  Server DNS 172.16.1.100 value

  VPN-idle-timeout 30

  VPN-filter value vpnlati

  Protocol-tunnel-VPN IPSec l2tp ipsec webvpn

  Split-tunnel-policy tunnelspecified
  tunnel-group RA-ASHI type remote access

  tunnel-group RA-ASHI-global attributes

  ippool address pool

  authentication-server-group (outside partnerauth)

  Group Policy - by default-RA-ASHI

  tunnel-group RA-ASHI ipsec-attributes

  pre-shared-key *.

  tunnel-group RA-LVL type remote access

  tunnel-group RA-LATI-global attributes

  ippool address pool

  authentication-server-group (outside partnerauth)

  Group Policy - by default-RA-LATI

  tunnel-group RA-LATI ipsec-attributes

  pre-shared-key *.

  André,

  You can have as a NAT exempt list of access by interface (nat rule 0).  I understand what you are trying to accomplish.  You use the vpnashi and vpnlati access list to control access to devices for different customers through VPN group policies.

  What I do is the following:

  Create an ACL for the VPN client (that you have, with vpnashi and vpnlati)
  Create an ACL for NAT exemption for the interface (inside sheep, sheep-dmz, etc.).

  Create the ACEs within the exempt ACL of NAT that corresponds to your VPN client access-list.

  It is allowed to have multiple statements within a NAT exempt list to access.  This will not have a client VPN access to things, it shouldn't.

  For example:

  access-list sheep-dmz allowed extended host ip 192.168.16.28 192.168.125.0 255.255.255.0

  192.168.125.0 IP Access-list extended dmz sheep 255.255.255.0 allow host 192.168.16.28

  NAT 0 access-list sheep-dmz (dmz)

• Problem list access control

  Hi guys, I'm faced with a problem with one of my ACL...

  I applied it ENTERING the interface of the router facing the Internet.

  I'm trying to restrict access, the only thing visible to the Internet is my Web page, but when I apply the ACL on the router Interface must be the Internet connection (I am running a ping on one of my internal hosts, but as soon as I apply this INCOMING ACL on the external Interface of my router it pick up any communication to the Internet).

  I think it's because the router is down all packages «back»

  I know that there is an argument (ESTABLISHED) that I can activate to allow those who return packages, but it applies only to TCP, but what happened to the ICMP, UDP protocol?

  It's the ACL I use:

  Note access-list 101 FW-outside-to-Inside

  access-list 101 deny ip 192.168.0.0 0.0.0.255 any

  access-list 101 deny ip 172.16.0.0 0.15.255.255 all

  access-list 101 deny ip 10.0.0.0 0.255.255.255 everything

  access-list 101 deny ip 127.0.0.0 0.255.255.255 everything

  access-list 101 deny ip 255.255.255.255 host everything

  access-list 101 deny host ip 0.0.0.0 0.0.0.0 all

  access-list 101 permit tcp 66.137.99.107 host any eq 1720

  access-list 101 permit tcp 66.137.99.108 host any eq 1720

  access-list 101 permit tcp 66.137.99.109 host any eq 1720

  access-list 101 permit host tcp 66.137.99.107 any range 16000-20000

  access-list 101 permit host tcp 66.137.99.108 any range 16000-20000

  access-list 101 permit host tcp 66.137.99.109 any range 16000-20000

  access-list 101 permit udp host 66.137.99.107 any 5000 5075 Beach

  access-list 101 permit udp host 66.137.99.108 any 5000 5075 Beach

  access-list 101 permit udp host 66.137.99.109 any 5000 5075 Beach

  access-list 101 permit tcp any host MYWEBSERVERSIP eq 80

  access-list 101 deny ip any one

  I hope you guys can give me a hint...

  Thank you!!!

  The last two deny statements (before your tax permit), "host 255.255.255.255 everything" and "host 0.0.0.0 0.0.0 everything" may be the problem. You have specified a reverse mask on the 0.0.0.0 0.0.0.0, which will replace the "host" command (I think) I would first try to remove these and see if it works, then re - insert them (without the mask) to see if it still works.

• simple question about access to information of predicate and filter

  Hello Experts

  I know that maybe this is a very simple and fundamental question. I read a lot of articles on explains the plan and trying to understand what are 'access' and 'filter' which means?
  Please correct me if I'm wrong, I guess when the index of explain plan can use predicate choose access if the explain command plan go with complete table filter scan (witout index) is chosen.

  My last question is, can you recommend me an article or document will contact plan to explain it in clear language and base level?

  Thanks in advance.

  Hello

  as the name suggests, access predicate is when data access based on a certain condition. Filter predicate is when the data is filtered by this condition after reading.

  For example, if you have a select * FROM T1 WHERE X =: x AND Y =: y, where X column is indexed, but column Y is not, you can get a map with an INDEX RANGE SCAN with access predicate = X: x (because you can use this condition to when selecting the data to be read and read only sheets of index blocks that meet this condition) and ACCESS BY ROWID from TABLE with the filter predicate Y =: y (because you cannot check this condition until after reading the table block).

  I'm not aware of any good articles on the subject, and unlike others I can't find Oracle enough detailed documentation. I suggest you read a book, for example Christian Antognini, "Troubleshooting Oracle performance problems."

  Best regards

  Nikolai

• IOM 9.1.0.2 - question of access policies

  Hi gurus,
  
  I have a strange behaviour in the characteristics of access policies.
  
  When users are inactivated in the IOM, they should be removed groups linked to the AP, but groups are still involved and because the AP is triggered again provisioning of resources to users.
  
  A person faces the question?
  
  Brgds,
  Carlos

  You must add to your group membership rules active status.

  -Kevin

• Question on access to the dataProvider of a converter of element Info

  Hello

  I've been reading for some time on this topic and a lot of different information.

  I need to know how to access the data of a dataprovider of an itemRenderer.

  I want to do is use a checkbox in a DataGrid control, or possibly a ComboBox as part of rendering.

  I need to understand, for example, how to set the CheckBox.label = to a certain field in the data provider.

  The data provider is assigned, of course, for the parent component, in this case, the comboBox or dataGrid control.

  I saw the signs pointing to the idea that the 'data' field shows this value, but I do not see this value in one of the spark components.

  So, I guess my question is double:

  1. how to access information from a rendering in general item data provider?

  2. how to access the data provider info using spark components?

  Thanks in advance!

  Mx components could only be dropped as an itemRenderer.  There were

  General enough to it that we decided to not do that at the point of spark

  rendering engines.  Instead, you can encapsulate a component in an ItemRenderer and link to

  the data of the ItemRenderer property.  Or, if you really want to optimize, you

  can do the job to the subclass and to upgrade a component to implement

  IItemRenderer.