RMAN transport encryption

I was wondering if rman traffic can be encrypted or not.

The scenario is when you perform an rman backup by using a remote catalog server.

If I had Oracle Advanced Security active and encrypted traffic sqlnet, will be able to use for the remote server catalog rman or is it completely separate?

This is for Oracle DB 11.2.0.4 on RH7.

Hello

When you enable the network security (as you mentioned SQLnet), communication would be encrypted.

Overview and Configuration of the Oracle (Doc ID 76629.1) network encryption

Thank you

Tags: Database

Similar Questions

  • VCS or highway: force not encrypted video sip call

    Hello community support.

    Let's say I have a vcs cisco or cisco Expressway server and I want to make a call video sip.

    to facilitate the resolution of problems, I want to have a sip call unencrypted, even if the other side external is capable of encryption (has a _sips SRV record).

    is it possible to do on X8.6.1?

    what I've tried so this withour success: (I tried in this order)

    -> Expressway-Edge: defining the Protocol of emergency (B2B) DNS Zone to the mode of encryption TCP transport and the media to "force unencrypted.

    -> the two highways: "TraversalClient (B2B) SIP" area setting transport encryption mode 'TCP' and the media to "force unencrypted.

    -> CUCM isn't in mixed mode

    ->, but the call is always encrypted Highway to the external client.

    -> When I put "Configuration-> protocols-> SIP-> TLS mode on off the call is aborted and no signal is sent to the other side."

    Based on your previous post:

    "with the outgoing call I mean it's a B2B call of an endpoint is saved to CUCM and then uses the course the way Express series server firewall to connect to a SIP Client on the outside." (external domain) »

    On my understanding, it is a vocation of B2B ARM deployment.

    CUCM controlled environment with ARM in which any calls to or from the highway E, which uses the crossing area of CUCM-Expressway is always encrypted. CUCM (X8.6 Highway) crossing area is automatically configured with the proper settings and cannot be changed which have been set to SIP TLS with TLS check the mode of commissioning and mode of encryption Media Force encryptedvalue.

    Kind regards

    Acevirgil

  • Can I plug in (food) a tablespace, RMAN backup in another DB?

    11.2.0.3/AIX 6.1

    We accidentally dropped a DB development without taking the last backup expdp of a basic scheme. All objects on this schema belong to the single tablespace and we have this tablespace RMAN backup. Is there anyway we could recreate this pattern by restoring the backup tablespace in a different database?

    Yes.

    Use the function/method of TRANSPORT TABLESPACE:

    http://Oracle.Su/docs/11g/backup.112/e10643/rcmsynta2021.htm

    See also sys.dbms_tts.transport_set_check

    RMAN> transport tablespace emp_data, emp_data2
           tablespace destination '/u01/app/oracle/oradata'
           auxiliary destination '/u04/app/oracle/oradata';

    If you need to check your endian use this query format:

    SELECT
  PLATFORM_NAME,
  ENDIAN_FORMAT
FROM
  V$TRANSPORTABLE_PLATFORM;

    http://www.Fadalti.com/Oracle/database/how_to_transportable_tablespaces.htm

    http://husnusensoy.WordPress.com/2008/07/12/migrating-data-using-transportable-tablespacetts/

    Best regards

    mseberg

  • HOW to clone the DATABASE with RMAN

    Hello gurus,
    I have a problem with RMAN, I'm trying to 'Cloning' an Oracle Instance with RMAN database and I have several errors, but I checkk all Forums and documentation
    I have 2 servers in 10.2.1 in Solaris and other in 10.2.4 on Linux
    And I'm running in my 1Mode of the server as follows:
    RMAN
    target connection.
    connection Assistant sys/manager@TESTDB10_SITE2.world
    run
    {
    allocate auxiliary channels ch1 type disk;
    the value of newname for datafile 1 to ' / u02/oradata/EVTM/system/system01.dbf';
    the value of newname for datafile 2 to ' / u02/oradata/EVTM/system/undotbs01.dbf';
    the value of newname for datafile 3 to ' / u02/oradata/EVTM/system/sysaux01.dbf';
    the value of newname for datafile 4 to ' / u01/oradata/EVTM/data/users01.dbf';
    the value of newname for datafile 5 to ' / u01/oradata/EVTM/data/tbs_tpaper_data_01.dbf';
    the value of newname for datafile 6 to ' / u03/oradata/EVTM/index/tbs_tpaper_idx.dbf';
    the value of newname for datafile 8 to ' / u01/oradata/EVTM/data/users02.dbf';
    the value of newname for datafile 7 to ' / u01/oradata/EVTM/data/perfstat_01.dbf';
    the value of newname for datafile 9 to ' / u01/oradata/EVTM/data/tbs_evtm_quest01.dbf';
    the value of newname for tempfile 1 to ' / u02/oradata/EVTM/system/temp01.dbf';
    duplicate target database to EVTM PFILE = ' / u01/app/oracle/product/10.2/dbs/initEVTM.ora' nofilenamecheck
    LOGFILE
    Group 1 ('/ u01/oradata/EVTM/rdo/redo1m1.log',)
    ' / u01/oradata/EVTM/rdo/redo1m2.log',
    U01/oradata/EVTM/RDO/redo1m3.log') SIZE the 51200 K,.
    Group 2 ('/ u01/oradata/EVTM/rdo/redo2m1.log',)
    ' / u01/oradata/EVTM/rdo/redo2m2.log',
    U01/oradata/EVTM/RDO/redo2m3.log') SIZE the 51200 K,.
    Group 3 ('/ u01/oradata/EVTM/rdo/redo3m1.log',)
    ' / u01/oradata/EVTM/rdo/redo3m2.log',
    U01/oradata/EVTM/RDO/redo3m3.log') SIZE the 51200 K;
    }

    and I get the error:

    channel ch1: reading of the backup/backup/ORA_BACKUP_EVTM/EVTM_291020091029_full_3aksvk4q_1_1 element
    ORA-19870: error reading backup total/backup/ORA_BACKUP_EVTM/EVTM_291020091029_full_3aksvk4q_1_1
    ORA-19505: impossible to identify the file ' / backup/ORA_BACKUP_EVTM/EVTM_291020091029_full_3aksvk4q_1_1.
    ORA-27037: unable to get file status
    Linux-x86_64 error: 2: no such file or directory
    Additional information: 3
    switch to the previous backup

    output channel: ch1
    RMAN-00571: ===========================================================
    RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
    RMAN-00571: ===========================================================
    RMAN-03002: failure of Db in dual at 2009-10-29 16:08:29
    RMAN-03015: an error has occurred in the script stored memory Script
    RMAN-06026: some targets not found - abandonment of restoration
    RMAN-06023: no backup or copy of file 9 found to restore
    RMAN-06023: no backup or copy of datafile 8 found to restore
    RMAN-06023: no backup or copy of 7 found to restore


    Question?
    Is it possible to duplicate/clone of Soalris in Linux? :-)))))

    Is it possible to duplicate/clone of Soalris in Linux? :-)))))

    You can not use the command DUPLICATE between platforms (see duplicate restrictions in the documentation). It is possible to perform a cross-platform via RMAN transport. This process is also explained in the documentation.

    Werner

    You have an additional complication, patch levels are different. Perhaps datapump here is a better solution - depending on the size of the database.

    And I hope that Solaris on x 86-64 (no SPARC), otherwise the next complication.

    Edited by: oradba October 29, 2009 16:53

    Edited by: oradba October 29, 2009 16:55

  • RMAN Tablespace Transportable between different patch level?

    Hello

    I've got question about RMAN Tablespace Transportable. Can I use this feature between databases with different patch level? To be exact, I want to pass the SCT DB with a superior version of the power supply (11.2.0.4.2) for DB with lower version of power supply (11.2.0.4.0). Endian and OS version are the same on both environments

    Please see the official documentation, which gives very detailed information about the limitations and requirements:

    https://docs.Oracle.com/CD/E18283_01/server.112/e17120/tspaces013.htm

    Patch-levels are not important, but the character sets and endian type of source and target.

    For version compatibility, please see also transportable tablespace possible with several different Oracle versions

  • Encryption of backups RMAN

    Hello

    I wanted to just make sure that my interpretation (listed below) regarding the encryption of RMAN backup is correct.

    1) the two encryption Transparent encryption and password crypt for backups. The only difference is that the encryption key to encrypt/decrypt the backup while portfolio uses Transparent password encryption uses the password provided during the RMAN session to encrypt/decrypt the backups. Bottom line is that the backup is encrypted in both cases.


    (2) we must have a license from ASO (Advanced Security Option) to use the above encryption methodologies.


    Thanks for your time.

    Hello

    (1) is correct
    (2) encrypted backups on disk is in need of Advanced Security Option. To create backups directly to tape, license Oracle Secure Backup is required.

    You can find more details in the documentation: http://docs.oracle.com/cd/E11882_01/backup.112/e10642/rcmconfa.htm#CHDEDDBE

    Kind regards.
    Nelson

  • TABLESPACE of TRANSPORT FROM NON - ASM to ASM WITH DBMS_FILE_TRANSFER or rman?

    Hello


    I'm working to migrate data from HP - UX to the 64-bit AIX with tablespace transport platform. I arrive to point to fot transfer files .in my case of no - asm in asm.

    I would use DBMS_FILE_TRANSFER or RMAN? What is easier and example, as appropriate.


    Thank you.

    Published by: user12010537 on April 25, 2011 11:41

    user12010537 wrote:
    Hello

    Not all DB of tablespaces. I prefer the easiest way.

    You know that you can not just copy a tablespace and attach it to another. They will be inconsistent and that you will need recovery. You must move the objects inside. So it would be much better to use datapump for this task.

    http://www.orafaq.com/wiki/DataPump

    Best regards

    Grosbois

    -------------------------------------------------------
    If you answer this question, please mark appropriate as correct/useful messages and the thread as closed. Thank you

  • You cannot change the format of RMAN backup

    Hello!

    I am trying to restore a backup of the database controlfiles in a new host solaris11 with RMAN in oracle 10 g. I have a solaris10 box where I installed database10g. As far as I know what I have to do is this:

    > define the dbid = 718308982;

    > startup nomount;

    > set controlfile autobackup format of disc type of the device of ' / u01/app/oradata/ACBET/%F';

    > Restore controlfile autobackup.

    However when I try to change the format, nothing happens.

    RMAN > set controlfile autobackup format of disc type of the device of ' / u01/app/oradata/ACBET/%F';

    executing command: SET CONTROLFILE AUTOBACKUP FORMAT

    RMAN > show all.

    RMAN configuration parameters are:

    CONFIGURE REDUNDANCY 1 RETENTION STRATEGY; # by default

    CONFIGURE BACKUP OPTIMIZATION # by default

    SET UP DEFAULT DISK DEVICE TYPE; # by default

    CONFIGURE CONTROLFILE AUTOBACKUP # by default

    CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO "%F" # default < = same configuration by default...

    SET UP THE DEVICE TYPE DISK PARALLELISM 1 BACKUP BACKUPSET TYPE; # by default

    CONFIGURE BACKUP OF DATA TO DISK FILE TYPE DEVICE TO 1; # by default

    CONFIGURE BACKUP ARCHIVELOG FOR DEVICE TYPE DISK TO 1; # by default

    CONFIGURE MAXSETSIZE TO UNLIMITED; # by default

    CONFIGURE ENCRYPTION OF DATABASE # by default

    CONFIGURE THE ENCRYPTION ALGORITHM "AES128"; # by default

    CONFIGURE THE NONE ARCHIVELOG DELETION POLICY; # by default

    And when I try to do the restore command I get the following error:

    allocated channel: ORA_DISK_1

    channel ORA_DISK_1: sid = 1626 devtype = DISK

    field of recovery destination: / u01/app/oradata/ACBET/backup

    name of database (or unique name of database) used for research: ACBET

    channel ORA_DISK_1: no record not found in the recovery area

    channel ORA_DISK_1: looking for autobackup day: 20131115

    channel ORA_DISK_1: looking for autobackup day: 20131114

    channel ORA_DISK_1: looking for autobackup day: 20131113

    channel ORA_DISK_1: looking for autobackup day: 20131112

    channel ORA_DISK_1: looking for autobackup day: 20131111

    channel ORA_DISK_1: looking for autobackup day: 20131110

    channel ORA_DISK_1: looking for autobackup day: 20131109

    channel ORA_DISK_1: found no autobackup in 7 days

    RMAN-00571: ===========================================================

    RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.

    RMAN-00571: ===========================================================

    RMAN-03002: failure of the restore command at 11/15/2013 10:50:22

    RMAN-06172: no autobackup couldn't find or handle specified is not a valid copy or a piece

    It seems he's looking for in the right path of recovery of the area, but I don't know why it's a failure.

    Thank you in advance,

    Nock

    Hello world

    The problem with this restoration has been far from my knowledge. The real problem was that the backup files that they sent were made in a different boutien than the one I used in the new host. For the sake of those who find this post in the future, you can not use rman to make. Until the date of this post, he must either use a simple import/export (with pump data if you like) or using transportable tablespaces to move a database between the hosts with another platform.

    Thanks for all the help.

    Nock

  • Problem with RMAN

    People,
    I'm below when trying to clear channel configuration


    FYI
    --------------------------------------------------------------
    Oracle Database 10g Express Edition Release 10.2.0.1.0 - production
    PL/SQL Release 10.2.0.1.0 - Production
    CORE 10.2.0.1.0 Production
    AMT for 32-bit Windows: Version 10.2.0.1.0 - Production
    NLSRTL Version 10.2.0.1.0 - Production

    RMAN > set UP the CHANNEL DEVICE TYPE DISK FORMAT CLEAR;

    RMAN-00571: ===========================================================
    RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
    RMAN-00571: ===========================================================
    RMAN-00558: error occurred during parsing of order entry
    RMAN-01009: syntax error: found 'Clear': expected an a: 'double-quoted-string '.
    equal, single-quoted-string. "
    RMAN-01007: in the file column 43-line 1: entry standard

    RMAN-00571: ===========================================================
    RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
    RMAN-00571: ===========================================================
    RMAN-00558: error occurred during parsing of order entry
    RMAN-01009: syntax error: found ';': expected an a: "assign, edit, save,
    beginline, blockrecover, catalog, change, connect, copy, convert, create, cross
    Verify, configure, duplicate, debug, delete, move, out, endinline, flashback, ho
    St, {, library, list, mount, open, print, quit smoking, recover, registry, liberation, repl}
    ACE, report, renormalize, reset, restore, resync, rman, run, rpctest, set, setli
    MIT, sql, switch, coil, start, stop, transmission, show, test, transport, upgrade
    unregister, validate.
    RMAN-01007: in the file column 48 line 1: entry standard


    RMAN > view all
    2 >.

    RMAN configuration parameters are:
    CONFIGURE REDUNDANCY 1 RETENTION STRATEGY; # by default
    CONFIGURE BACKUP OPTIMIZATION # by default
    SET UP DEFAULT DISK DEVICE TYPE; # by default
    CONFIGURE CONTROLFILE AUTOBACKUP # by default
    CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO "%F" # by default
    SET UP THE DEVICE TYPE DISK PARALLELISM 1 BACKUP BACKUPSET TYPE; # by default
    CONFIGURE BACKUP OF DATA TO DISK FILE TYPE DEVICE TO 1; # by default
    CONFIGURE BACKUP ARCHIVELOG FOR DEVICE TYPE DISK TO 1; # by default
    CONFIGURE the FORMAT of DISC TYPE CHANNEL DEVICE "C:\oraclexe\oradata\backup\%U";
    CONFIGURE MAXSETSIZE TO UNLIMITED; # by default
    CONFIGURE ENCRYPTION OF DATABASE # by default
    CONFIGURE THE ENCRYPTION ALGORITHM "AES128"; # by default
    CONFIGURE THE NONE ARCHIVELOG DELETION POLICY; # by default
    CONFIGURE SNAPSHOT CONTROLFILE NAME TO ' C:\ORACLEXE\APP\ORACLE\PRODUCT\10.2.0\SE
    RVER\DATABASE\SNCFXE. ORA'; # by default

    RMAN >

    Thanks in advance,
    Yann

    RMAN > CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT CLEAR;
    RMAN-00558: error occurred during parsing of order entry
    RMAN-01009: syntax error: found ';': expected an a: "assign, edit, save,
    beginline, blockrecover, catalog, change, connect, copy, convert, create, cross
    Verify, configure, duplicate, debug, delete, move, out, endinline, flashback, ho
    St, {, library, list, mount, open, print, quit smoking, recover, registry, liberation, repl}
    ACE, report, renormalize, reset, restore, resync, rman, run, rpctest, set, setli
    MIT, sql, switch, coil, start, stop, transmission, show, test, transport, upgrade

    This is completely incorrect syntax.

    + RMAN > CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT CLEAR; +

    +RMAN-00571: ===========================================================+
    + RMAN-00569: = ERROR MESSAGE STACK FOLLOWS = +.
    +RMAN-00571: ===========================================================+
    + RMAN-00558: error occurred during parsing of order entry.
    + RMAN-01009: syntax error: found 'Clear': expected an a: 'double-quoted-string, equal, new, single-quoted-string +.
    + RMAN-01007: in the file column 43-line 1: enter + standard

    * + RMAN > CONFIGURE CHANNEL DEVICE TYPE DISK CLEAR; + *

    * + using control file target instead of recovery catalog database + *.
    * + former RMAN configuration settings are correctly deleted + *.

    * + RMAN > + *.
    * + RMAN > + *.

    See the ORACLE documentation * http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/setup004.htm *.

  • Partially encrypted connection to the secure site (Yahoo, after the signature)

    After registration to ' fix ' (padlock) Yahoo, when I click on "mail", the icon changes to the lock for a triangle greyed with '! ' in the middle. He says that "the connection to this Web site is not completely safe because it contains unencrypted, such as images.

    Technical details: partially encrypted connection. Some parts of the page you are looking at were not encrypted before being sent over the internet. Information sent over the internet without encryption can be seen by others during transport.

    Bar shows to address: https://us-mg4.mail.yahoo.com (etc.)

    The shows of the 'Général' tab: text/html Type

    address: https

    Content - Type text/html; Charset + UTF - 8

    The cookies only 2 that I blocked for Yahoo are:

        analytics.yahoo.com

        ads.yahoo.com

    It started about 2 weeks ago, and I am at a loss to explain why this is happening after
    no problem with Yahoo not email for a while, but I see the changes to the program so am aware
    that changes have been made.

    Any suggestions will be appreciated very much.

    You can leave two preferences security.mixed_content.block * in there by default.

    I mentioned to see that you can change this behavior and can block the passive content (display), but which could cause problems on other web pages with missing images.

  • How to restore a full backup of the Server 2008 system that has been stored on a BitLocker Drive encrypted?

    I have a requirement to encrypt my server for transport off-site backups, so I'll try to store my backups to an external drive that is encrypted for BitLocker.  I am doing a test restore to a new drive to simulate a full system recovery, but I'm unable to unlock the drive encrypted with the backup of the prompt under system recovery options.

    I have confirmed that I can unlock the drive from a command inside the original Windows installation prompt using manage - bde.wsf and the recoverypassword, but the same command does not work from the command prompt during the recovery process (started from the installation DVD).  There is no error code, a single message that the recovery key did not work and administrator privileges may be required.

    When you try the same command from another server when connected to that drive, I got an error that can be informative, code 0 x 80310037, implying that the recovery key may not because of the FIPS compatible algorithms that are needed.

    I'm looking for something that isn't possible trying to store the complete system on a BitLocker encypted disk backups?  Any help would be greatly appreciated.

    Thank you
    Jay

    http://www.Microsoft.com/windowsserver2008/en/us/forums-blogs.aspx

    Repost in the Forums 2008 Server at the address above.

    They will help.

    See you soon.

    Mick Murphy - Microsoft partner

  • Cisco Cisco IPSEC VPN to encrypt but not decrypt

    Hello

    I have a vpn ipsec problem.

    packets are encapsulated and décapsulés but only in one direction. I don't understand why.

    VPN is already mounted on another router, I want to change the router but can't get the vpn have the new router

    Thank you for helping me

    PS: Sorry for my English

    Hello

    I looked at the configuration of your router RT-897VA once again, and I don't know if static NAT statements in there are supposed to work or not, but they won't because you have not specified any inside and outside interfaces. Configuration changes below correspond to the configuration of your router RT, check if their implementation makes a difference (the changes are indicated in bold):

    RT-897VA #show run
    Building configuration...

    Current configuration: 3933 bytes
    !
    ! 11:56:34 configuration was last modified THIS Friday, November 4, 2016
    !
    version 15.4
    horodateurs service debug datetime msec
    Log service timestamps datetime msec
    no password encryption service
    !
    RT-897VA host name
    !
    boot-start-marker
    boot-end-marker
    !
    !
    !
    No aaa new-model
    clock timezone THIS 1 0
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !
    !
    !
    !
    domain IP XXXXX
    IP-name 194.2.0.20 Server
    IP-name 194.2.0.50 server
    IP cef
    No ipv6 cef
    !
    !
    !
    !
    !
    Authenticated MultiLink bundle-name Panel
    VPDN enable
    !
    VPDN-Group 1
    ! Default L2TP VPDN group
    accept-dialin
    L2tp Protocol
    virtual-model 1
    tunnel L2TP non-session timeout 15
    !
    !
    default value for the field
    !
    !
    !
    !
    !
    !
    !
    CTS verbose logging
    license udi pid C897VA-K9 sn FCZ2030DL
    !
    !
    username password privilege 15 itef 0...
    !
    !
    !
    !
    !
    VDSL controller 0
    !
    property intellectual ssh rsa keypair-name XXX
    property intellectual ssh version 2
    !
    !
    crypto ISAKMP policy 1
    BA aes
    preshared authentication
    Group 2
    !
    crypto ISAKMP policy 2
    BA aes
    preshared authentication
    Group 2
    ISAKMP crypto key cleidentique address IP-WAN-B
    !
    !
    Crypto ipsec transform-set aes - esp esp-sha-hmac toto
    tunnel mode
    !
    !
    !
    crypto map ipsec-isakmp TUNNEL 1
    counterpart Set IP-WAN-B
    Set transform-set toto
    match address TUNNEL-DATA
    crypto map ipsec-isakmp TUNNEL 2
    counterpart Set IP-WAN-B
    Set transform-set toto
    match TUNNEL-TOIP address
    !
    !
    !
    !
    !
    !
    ATM0 interface
    no ip address
    Shutdown
    No atm ilmi-keepalive
    !
    interface BRI0
    no ip address
    encapsulation hdlc
    Shutdown
    Multidrop ISDN endpoint
    !
    interface Ethernet0
    no ip address
    Shutdown
    !
    interface GigabitEthernet0
    Description BOX-SWITCH
    switchport trunk vlan 101 native
    switchport mode trunk
    no ip address
    spanning tree portfast
    !
    interface GigabitEthernet1
    no ip address
    !
    interface GigabitEthernet2
    no ip address
    !
    interface GigabitEthernet3
    no ip address
    !
    interface GigabitEthernet4
    no ip address
    !
    interface GigabitEthernet5
    no ip address
    !
    interface GigabitEthernet6
    no ip address
    !
    interface GigabitEthernet7
    no ip address
    !
    interface GigabitEthernet8
    WAN description
    IP address IP WAN - A 255.255.255.240
    IP virtual-reassembly in
    NAT outside IP
    automatic duplex
    automatic speed
    card crypto TUNNEL
    !
    interface Vlan1
    no ip address
    !
    interface Vlan101
    VLAN-DATA description
    IP 192.168.101.251 255.255.255.0
    IP nat inside
    IP virtual-reassembly in
    !
    interface Vlan111
    VLAN-TOIP description
    IP 192.168.111.251 255.255.255.0
    IP virtual-reassembly in
    !
    IP forward-Protocol ND
    no ip address of the http server
    no ip http secure server
    !
    !
    IP nat inside source static tcp IP 25 expandable 25 192.168.101.2
    IP nat inside source static tcp IP 80 80 extensible 192.168.101.2
    IP nat inside source static tcp 192.168.101.2 extensible IP 443 443
    IP nat inside source static tcp 192.168.101.31 3201 IP extensible 3201
    IP nat inside source static tcp 192.168.101.31 80 extensible IP 3280
    IP nat inside source static tcp IP 443 33443 extensible 192.168.101.11
    overload of IP nat inside source list NAT interface GigabitEthernet8
    IP route 0.0.0.0 0.0.0.0 XXXX (ADSL router)
    IP route 192.168.100.0 255.255.255.0 IP-WAN-B

    NAT extended IP access list
    deny ip 192.168.101.0 0.0.0.255 192.168.100.0 0.0.0.255
    IP 192.168.101.0 allow 0.0.0.255 any
    access list IP-TUNNEL-DATA extents
    IP 192.168.101.0 allow 0.0.0.255 192.168.100.0 0.0.0.255
    TUNNEL-TOIP extended IP access list
    IP 192.168.110.0 allow 0.0.0.255 192.168.111.0 0.0.0.255
    !
    access list IP-TUNNEL-DATA extents
    IP 192.168.101.0 allow 0.0.0.255 192.168.100.0 0.0.0.255
    permit tcp host 192.168.101.3 192.168.0.0 0.0.0.255 established
    TUNNEL-TOIP extended IP access list
    IP 192.168.111.0 allow 0.0.0.255 192.168.110.0 0.0.0.255
    !
    !
    !
    control plan
    !
    !
    MGCP behavior considered range tgcp only
    MGCP comedia-role behavior no
    disable the behavior MGCP comedia-check-media-src
    disable the behavior of MGCP comedia-sdp-force
    !
    profile MGCP default
    !
    !
    !
    !
    !
    !
    !
    Line con 0
    no activation of the modem
    line to 0
    line vty 0 4
    privilege level 15
    password...
    opening of session
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    password...
    opening of session
    transport input telnet ssh
    !
    Scheduler allocate 20000 1000
    !
    !
    !
    end

  • Cisco Expressway B2B secure encrypted TLS

    Hi guys,.

    We have a deployment requiring 2 company (company - a.com) and company B (business - B.com) can set secure with encrypted TLS B2B calls. In fact these 2 companies are sisters company and want to secure all communication between 2 CUCM via the side of the highway

    Here are the details of the servers:

    Company:

    1. CUCM 11.5 in Mixed Mode (Editor only)
    2. IM & presence 11.5
    3. X8.8 Highway C & E
    4. Conductor X4.2
    5. Telepresence Server (MM410v) 4.3 (1.14)
    • All the server certificate signed by Digicert Wilcard more
    • All calls (point-to-point, instantaneous and permanent meeting) already encrypted

    --------------------------------------------------------------------------------------------------------------------------

    Company b:

    1. CUCM 11.5 in Mixed Mode (Editor only)
    2. IM & presence 11.5
    3. X8.8 Highway C & E
    4. Conductor X4.2
    5. Telepresence Server (MM410v) 4.3 (1.14)
    • All the server certificate signed by Digicert multi-domain
    • All calls (point-to-point, instantaneous and permanent meeting) already encrypted

    We have already done B2B calls via Highway successfully with TCP and TLS transport check mode = Off.
    My question is, is it opportunities that we can make calls B2B with TLS check mode = On, and all the factor of safety on the expressway is active?

    Is there a documentation or the requirement for this deployment model?

    Please notify.

    Thank you

    Yes, all you need is to turn on the switches for TLS ON and assuming that everything is fine, you can leave the encryption of the media for the auto mode, and it must identify it can secure calls.

    Or you can also change the encryption of media mode, but only the encrypted calls would be accepted.

  • Transport network from Verizon?

    Hi guys.

    Do you know what network verizon uses the transport?

    MSD, direct TCP or BIS - B?

    Thank you.

    In fact, I double checked on it and there active APN settings, but not the AFN encryption, so I have no need of username or password.

    I just enable the TIC TAC made APN settings option, and that's all.

    That's all I needed on my storm and it works very well.

    D

  • IPSEC in Transport mode: what don't understand me?

    Hello world

    Please, consider the following example:

    R1-F1/0(12.12.12.1)---(12.12.12.2) R2 f1/0

    R1 has loopback1: 1.1.1.1, R2 has loopback:2.2.2.2

    Interesting traffic is between 1.1.1.1 and 2.2.2.2. We must use ipsec in transport mode. But for some reason, no matter how many times I typed transport mode under ipsec encryption, traffic get transferred via IPSEC tunnel in tunnel mode.

    R1 config:

    crypto ISAKMP policy 10
    BA aes 256
    preshared authentication
    Group 2
    address key crypto isakmp 12.12.12.1 CISCO

    Crypto ipsec transform-set ESP-AES-192-SHA-384-esp - aes 192 esp-sha-hmac
    transport mode

    ZEE 10 ipsec-isakmp crypto map
    defined by peer 12.12.12.1
    transformation-ESP-AES-192-SHA-384 game
    match address ZEE

    interface FastEthernet1/0
    IP 12.12.12.2 255.255.255.0
    automatic duplex
    automatic speed
    card crypto ZEE

    Route IP 1.1.1.1 255.255.255.255 12.12.12.1

    ZEE extended IP access list
    permit ip host 2.2.2.2 1.1.1.1

    R2 config

    crypto ISAKMP policy 10
    BA aes 256
    preshared authentication
    Group 2
    address key crypto isakmp 12.12.12.1 CISCO
    !
    !
    Crypto ipsec transform-set ESP-AES-192-SHA-384-esp - aes 192 esp-sha-hmac
    transport mode

    ZEE 10 ipsec-isakmp crypto map
    defined by peer 12.12.12.1
    transformation-ESP-AES-192-SHA-384 game
    match address ZEE

    interface FastEthernet1/0
    IP 12.12.12.2 255.255.255.0
    automatic duplex
    automatic speed
    card crypto ZEE

    Route IP 1.1.1.1 255.255.255.255 12.12.12.1

    ZEE extended IP access list
    permit ip host 2.2.2.2 1.1.1.1

    #########################

    Then I delete the SA on R1/R2:

    R2 #clear crypto isa
    R2 #clear isakmp crypto
    R2 #show crypto isakmp his
    status of DST CBC State conn-id slot
    12.12.12.1 12.12.12.2 MM_NO_STATE 1 0 ACTIVE (deleted)

    R2 #show crypto ipsec his

    Interface: FastEthernet1/0
    Tag crypto map: ZEE, local addr 12.12.12.2

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (2.2.2.2/255.255.255.255/0/0)
    Remote ident (addr, mask, prot, port): (1.1.1.1/255.255.255.255/0/0)
    current_peer 12.12.12.1 port 500

    Truncated!

    local crypto endpt. : 12.12.12.2, remote Start crypto. : 12.12.12.1
    Path mtu 1500, mtu 1500 ip, ip mtu IDB FastEthernet1/0
    current outbound SPI: 0x0 (0)

    SAS of the esp on arrival:

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:

    outgoing ah sas:

    outgoing CFP sas:

    R1 #show crypto isakmp his
    status of DST CBC State conn-id slot

    R1 ipsec crypto #show her

    Interface: FastEthernet1/0
    Tag crypto map: ZEE, local addr 12.12.12.1

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (1.1.1.1/255.255.255.255/0/0)
    Remote ident (addr, mask, prot, port): (2.2.2.2/255.255.255.255/0/0)
    current_peer 12.12.12.2 port 500

    Truncated!

    local crypto endpt. : 12.12.12.1, remote Start crypto. : 12.12.12.2
    Path mtu 1500, mtu 1500 ip, ip mtu IDB FastEthernet1/0
    current outbound SPI: 0x0 (0)

    SAS of the esp on arrival:

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:

    outgoing ah sas:

    outgoing CFP sas:

    ###############

    Then, I have ping to 1.1.1. source 2.2.2.2 on R2:

    Above, we see the traffic between 1.1.1.1/2.2.2.2 is sent in tunnel mode, even though I configured IPSEC transport mode.

    It seems that it does not matter if we have configured ipsec for the mode of transport or not, when using the crypto traffic map is transmitted using tunnel mode.

    Thoughts?

    Thank you

    You cannot use the mode of transport in this situation. You need two-heads IP here: one for end tp (1.1.1.1 to 2.2.2.2) communication and one for transport of IPsec (12.12.12.1 to 12.12.12.2). This is the reason that your router automatically in tunnel mode.

Maybe you are looking for

  • HARD drive failed on my Satellite laptop

    Hi there please help! I have a laptop satellite that was purchased in September 2013 with windows 8 OS on the hard drive is not what I can do to fix this? Any help is appreciated

  • After cleaning my laptop problems

    I cleaned my cpt with damp cloth! Started my nightmare, cpt was not able to start keep getting USB disk errors errors of mouse or keyboard in BIOS.After finally start but keep to self-extinguish. Don t know what to do!

  • AutoCAD - stretched xref

    When I Xref a plan in my main drawing, plan out all tense. I tried to copy the plan (xref) in a different drawing and then do it again. Also, I changed my main drawing a couple of times, using an existing drawing to another project that I know alread

  • DVD player application disc after I rejected a

    I can't get rid of this annoying message even if I cancel it, reinstall the disc and eject, etc..

  • dACL download Fail

    Hello Im trying to set up the Posture correction, however I don't get the redirect URL when the user is not consistent. Instead, I get a 'Windows cannot connect to the network' after I authenticate if I begged him enabled on my Windows Test Machine.