Routing of traffic for a specific user through vpn Ipsec

I want to route traffic to a specific host on the internet through our external interface (for example, 7.7.7.0/27) instead of the internet connection of the client (for example 9.9.9.9).

I have already added 9.9.9.9 in the split dns acl so that the road is inserted on the client workstation and a default route on the external interface is defined as follows:

CISCOASA # run HS | I have the route outside

Route outside 0.0.0.0 0.0.0.0 7.7.7.30 1

Nat config

object obj-InsideNetworks network

NAT 7.7.7.3 Dynamics (indoor, outdoor)

No nat

NAT (inside, all) source static obj-InsideNetworks obj-InsideNetworks destination DEST-Interior-SHEEP inside-DEST-SHEEP no-proxy-arp static

object obj-InsideNetworks network

range 10.0.1.0 10.0.255.255

object-group network inside-DEST-SHEEP

network-object 10.0.3.0 255.255.255.0

object-network 10.0.2.0 255.255.255.0

object-network 10.10.10.0 255.255.255.0

object-network 10.0.4.0 255.255.255.128

The static IP assigned to the vpn client is 10.0.4.150 if it is not the scope of the Interior-DEST-SHEEP.  If again I traceroute

9.9.9.9 when connected, I get the first bond 7.7.7.1 and it stops there.

Would appreciate any help on this.

Hello

If you try to NAT the VPN user traffic when it connects to the Internet through the ASA NAT configuration so that the user should then be

network of the VPN-CLIENT-PAT object

subnet 10.0.4.128 255.255.255.128

dynamics of NAT (outdoors, outdoor)

Insert the dynamic PAT public IP in the above configuration. You can either use "interface" parameter to use the public IP address of ASAs or insert a detached public IP address that can be used. I guess the Pool of VPN uses the 10.0.4.128/25 subnet.

You must also make sure you have the following configuration enabled

permit same-security-traffic intra-interface

You can check with

See the race same-security-traffic

Note that there is another similar parameter that ends in "inter-interface" who used to work for this situation.

Hope this helps

Let me know if make you it work

-Jouni

Tags: Cisco Security

Similar Questions

  • Define 'My task list' as a home page for a specific user

    Hello

    As long as administrator, I can not put the default homepage to "My list" for a specific user (at the moment of the user's default home page is a blank page and must be 3 steps to get to "My to-do list").

    I know how to change the home page in the connection of the user, but as an administrator, I do not have.

    Can you help me please?

    Thank you

    Margarida

    Johns suggestion will define Tasklist to the default view for the Application, but you can also set the default application a user sees by connecting to the workspace

    go to navigate-> administer-> workspace settings-> manage preferences

    Select the user to whom that you want to change the settings

    Under Default Startup Options, change the content of the Application and select the application you want for this user.

    Click on finish, and the user will see the change next time they connect.

  • How to disable vCenter opens a session for a specific user?

    Hello
    I need to know how to disable the log in vCenter 5 for a specific user.
    Thank you

    Hi Tim,.

    If you use Joulex Energy Manager 3.0.4 or above, you can change the way Sensordata is extracted from SOAP on CIM - please follow the instructions at http://download.joulex.net/doc/3.0.0/html/pages/en/#general/ac/ac_vmware, for example to define the extended property vmware.usegwt = 1 in your vmware hosts.

    Best regards

    David

  • Make sure that 'tour windows xp' appear again for a specific user

    When I create a new account, a little balloon appears in the bottom right of the screen next to the notification area that says 'Windows XP Tour'. After awhile, she disappears.

    Is it possible to bring it back and make it stay there all the time? How could I do? There must be a registry setting that keeps track of the amount of time since an account was created or how many connections, so how can I change it to always do this prompt? Can I use an editor hex old-fashioned thus.

    I have an old relative who keeps forgetting basic skills such as how to reduce a window, the use of the taskbar and sometimes forget that the large list of programs are now under 'all programs' (although I solved it using the start menu classic.) I don't know what I'll do when she gets a new machine with Windows 8, since this feature has been removed in 7). I'm tired of always prompting you to go to start-> all programs-> Accessories-> windows XP of the Tower, and I tried to add an icon on the desktop. I want just the reminder it so she can click it before calling me for really basic things I taught him a dozen years with his Windows 98 computer. This seems to happen more frequently, and I noticed that she is 'slide' into other things as well, so I'll try to make up for it.

    P.S. I'm not sure which category I should be put under. I settled on "ease of access" because I try to help and an elderly woman in her late 90s access her computer when she keeps forgetting the basic skills. The tour is... temporarily.

    Hi SlickRBCD,

    If I understand correctly you have a problem with guided tour of Windows XP still appearing on specific users. Do not worry, I'm here to help you with this question.

    Let us try the following steps and check if it works for you.

    1. Start the registry (Regedit.exe) editor.
    2. Locate and click the following key in the registry:
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour
    3. On the Edit menu, point to new, click Dword value, type RunCount, set the data value 1 (one) and then click OK.
    4. Exit the registry editor.

    Warning: Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base: http://support.microsoft.com/kb/322756

    Please answer if the steps do not have hepl, so that we could help you better.

  • How to revoke the SELECT on a table for a specific user?

    Environment:

    SQL * 3.1 on Windows XP Pro SP3 Developer to connect to Oracle 11.2.0.3 EE on Solaris 10.5.

    I have table T with SELECTION privilege granted on this issue both a role and a specific user.

    I am using SQL * Developer to revoke the privilege SELECT on this table of the individual user and leave the role.

    I can see how to revoke the role by right-clicking on the table and goes to the privileges-> revoke but I can't find where to choose a specific user to revoke of.

    Any help is greatly appreciated!

    -gary

    Hi Gary,.

    You are probably aware of the SQL syntax of base to make grant and revoke of SQL * more or the SQL Developer Worksheet:

    grant select on .T to ;
revoke select on .T from ;

    To reach the equivalent to revoking of SQL Developer Connection Navigator...
    1. open the connection for
    2 expand the Tables node, and then open the object for table T browser.
    3. click on the grants tab and then, in its toolbar, select Actions->-> Revoke privileges
    4. Select in the drop-down list of the dialog box to remove user Action.
    5 shuttle privilege SELECT from the right back to the left, and then click apply.

    One would expect to be able to do the same thing from say the node under the node for the use of the SYSTEM for other users, but this isn't the case.

    Hope this helps,
    Gary Graham
    SQL development team

  • How do the capping of resources for the specific user?

    I'm looking for in the way of the capping of resources on the server for a particular user, I. This girl is the data analyst and it trows on my server a lot of crazy pl - sql code who eats CPU like a cake. I talked to her and she is ok with Cap resources to some extend so that other users do not suffer.

    After watching in profiles of boards and few options, I have more it seems like CPU_PER_CALL or CPU_PER_SESSION look like obvious candidates. They impose limits on hundreds of seconds, but I don't understand how can I know how many seconds I have to give him? Let's say for the sake of the argument, I attribute 10 minutes to him but at the same time that it connects, there barely a few people working on the server and the server, it's mostly idling. This kill will stop his session (call) even if there is no other people using this server? I would like to think more in terms of 30% of cpu at any time, or something like that.

    Any recommendations on how to address this problem is greatly appreciated.

    10.2.0.4
    Linux x 86

    It seems that you might be the perfect candidate for the Oracle Resource Manager. Here is a link to the documentation

  • Setup for use with Cisco Anyconnect VPN IPsec

    So, I had trouble setting up VPN on our ASA 5510. I would use IPsec VPN so that we don't have to worry about licensing issues, but what I have read you can do with and always use Cisco Anyconnect. My knowledge on how to set up VPN especially in iOS version 8.4 is limited, so I've been using a combination of command line and ASDM.

    I am finally able to connect from a remote location, but once I log in, nothing else works. What I've read, you can use IPsec for client-to-lan connections. I use a pre-shared for this. Documentation is limited on what should happen after have connected you? Shouldn't be able to local access on the vpn connection computers? I'm trying to implement work. If I have VPN from home, should not be able to access all of the resources at work? According to me, because I used the command-line as ASDM I confused some of the configuration. In addition, I think that some of the default policies are confused me too. So I probably need a lot of help. Here is my current setup with the changed IP address and other things that are not related to deleted VPN.

    NOTE: We are still testing this ASA and is not in production.

    Any help you can give me is greatly appreciated.

    ASA Version 8.4 (2)

    !

    ASA host name

    domain.com domain name

    !

    interface Ethernet0/0

    nameif inside

    security-level 100

    the IP 192.168.0.1 255.255.255.0

    !

    interface Ethernet0/1

    nameif outside

    security-level 0

    IP 50.1.1.225 255.255.255.0

    !

    interface Ethernet0/2

    Shutdown

    No nameif

    no level of security

    no ip address

    !

    interface Ethernet0/3

    Shutdown

    No nameif

    no level of security

    no ip address

    !

    interface Management0/0

    No nameif

    security-level 100

    IP 192.168.1.1 255.255.255.0

    !

    boot system Disk0: / asa842 - k8.bin

    passive FTP mode

    DNS domain-lookup outside

    DNS server-group DefaultDNS

    !

    permit same-security-traffic intra-interface

    !

    network of the NETWORK_OBJ_192.168.0.224_27 object

    subnet 192.168.0.224 255.255.255.224

    !

    object-group service VPN

    ESP service object

    the purpose of the tcp destination eq ssh service

    the purpose of the tcp destination eq https service

    the purpose of the service udp destination eq 443

    the destination eq isakmp udp service object

    !

    allowed IP extended ip access list a whole

    !

    mask 192.168.0.225 - 192.168.0.250 255.255.255.0 IP local pool VPNPool

    no failover

    failover time-out period - 1

    ICMP unreachable rate-limit 1 burst-size 1

    ASDM image disk0: / asdm - 645.bin

    don't allow no asdm history

    ARP timeout 14400

    NAT (inside, outside) static source any any static destination NETWORK_OBJ_192.168.0.224_27 NETWORK_OBJ_192.168.0.224_27 non-proxy-arp-search to itinerary

    !

    the object of the LAN network

    NAT dynamic interface (indoor, outdoor)

    Access-group outside_in in external interface

    Route outside 0.0.0.0 0.0.0.0 50.1.1.250 1

    Sysopt noproxyarp inside

    Sysopt noproxyarp outdoors

    Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

    Crypto ipsec ikev2 ipsec-proposal OF

    encryption protocol esp

    Esp integrity sha - 1, md5 Protocol

    Crypto ipsec ikev2 proposal ipsec 3DES

    Esp 3des encryption protocol

    Esp integrity sha - 1, md5 Protocol

    Crypto ipsec ikev2 ipsec-proposal AES

    Esp aes encryption protocol

    Esp integrity sha - 1, md5 Protocol

    Crypto ipsec ikev2 ipsec-proposal AES192

    Protocol esp encryption aes-192

    Esp integrity sha - 1, md5 Protocol

    Crypto ipsec ikev2 AES256 ipsec-proposal

    Protocol esp encryption aes-256

    Esp integrity sha - 1, md5 Protocol

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    Crypto ca trustpoint ASDM_TrustPoint0

    registration auto

    name of the object CN = ASA

    Configure CRL

    crypto ca server

    Shutdown

    string encryption ca ASDM_TrustPoint0 certificates

    certificate d2c18c4e

    864886f7 0d06092a c18c4e30 308201f3 3082015c a0030201 d 020204 2 0d 010105

    0500303e 3110300e 06035504 03130741 53413535 3130312a 2 a 864886 30280609

    02161b 41 53413535 31302e64 69676974 616c 6578 7472656d 65732e63 f70d0109

    3131 31303036 31393133 31365a 17 323131 30303331 39313331 0d 170d 6f6d301e

    365a303e 3110300e 06035504 03130741 53413535 3130312a 2 a 864886 30280609

    02161b 41 53413535 31302e64 69676974 616c 6578 7472656d 65732e63 f70d0109

    6f6d3081 9f300d06 092 has 8648 86f70d01 01010500 03818d b 30818902-00-818100-2

    8acbe1f4 5aa19dc5 d3379bf0 f0e1177d 79b2b7cf cc6b4623 d1d97d4c 53c9643b

    37f32caf b13b5205 d24457f2 b5d674cb 399f86d0 e6c3335f 031d54f4 d6ca246c

    234b32b2 b3ad2bf6 e3f824c0 95bada06 f5173ad2 329c28f8 20daaccf 04c 51782

    3ca319d0 d5d415ca 36a9eaff f9a7cf9c f7d5e6cc 5f7a3412 98e71de8 37150f02

    03010001 300 d 0609 2a 864886 f70d0101 05050003 8181009d d2d4228d 381112a 1

    cfd05ec1 0f51a828 0748172e 3ff7b480 26c197f5 fd07dd49 01cd9db6 9152c4dc

    18d0f452 50f5d0f5 4a8279c4 4c1505f9 f5e691cc 59173dd1 7b86de4f 4e804ac6

    beb342d1 f2db1d1f 878bb086 981536cf f4094dbf 36c5371f e1a0db0a 75685bef

    af72e31f a1c4a892 d0acc618 888b53d1 9b 888669 70e398

    quit smoking

    IKEv2 crypto policy 1

    aes-256 encryption

    integrity sha

    Group 2 of 5

    FRP sha

    second life 86400

    IKEv2 crypto policy 10

    aes-192 encryption

    integrity sha

    Group 2 of 5

    FRP sha

    second life 86400

    IKEv2 crypto policy 20

    aes encryption

    integrity sha

    Group 2 of 5

    FRP sha

    second life 86400

    IKEv2 crypto policy 30

    3des encryption

    integrity sha

    Group 2 of 5

    FRP sha

    second life 86400

    IKEv2 crypto policy 40

    the Encryption

    integrity sha

    Group 2 of 5

    FRP sha

    second life 86400

    Crypto ikev2 activate out of service the customer port 443

    Crypto ikev2 access remote trustpoint ASDM_TrustPoint0

    Crypto ikev1 allow outside

    IKEv1 crypto policy 10

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 65535

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    Telnet timeout 5

    SSH timeout 10

    Console timeout 0

    management-access inside

    SSL-trust outside ASDM_TrustPoint0 point

    WebVPN

    allow outside

    AnyConnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

    AnyConnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2

    AnyConnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3

    profiles of AnyConnect VPN disk0: / devpn.xml

    AnyConnect enable

    tunnel-group-list activate

    internal VPN group policy

    attributes of VPN group policy

    value of server WINS 50.1.1.17 50.1.1.18

    value of 50.1.1.17 DNS server 50.1.1.18

    Ikev1 VPN-tunnel-Protocol, l2tp ipsec ikev2 ssl-client

    digitalextremes.com value by default-field

    WebVPN

    value of AnyConnect VPN type user profiles

    always-on-vpn-profile setting

    privilege of xxxxxxxxx encrypted password username administrator 15

    VPN1 xxxxxxxxx encrypted password username

    VPN Tunnel-group type remote access

    General-attributes of VPN Tunnel-group

    address (inside) VPNPool pool

    address pool VPNPool

    LOCAL authority-server-group

    Group Policy - by default-VPN

    VPN Tunnel-group webvpn-attributes

    enable VPN group-alias

    Group-tunnel VPN ipsec-attributes

    IKEv1 pre-shared-key *.

    !

    class-map inspection_default

    match default-inspection-traffic

    class-map ips

    corresponds to the IP access list

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    maximum message length automatic of customer

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the preset_dns_map dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    Review the ip options

    inspect the netbios

    inspect the rsh

    inspect the rtsp

    inspect the skinny

    inspect esmtp

    inspect sqlnet

    inspect sunrpc

    inspect the tftp

    inspect the sip

    inspect xdmcp

    inspect the http

    class ips

    IPS inline help

    class class by default

    Statistical accounting of user

    I would recommend buy AnyConnect Essentials. The cost of the license is nominal - list of US $150 for the 5510. (piece number L-ASA-AC-E-5510 =)

    Meawwhile you can use the Cisco VPN client inherited with IKEv1 IPSec remote access VPN using profiles *.pcf.

    I believe you can also use the client Anyconnect client SSL or DTLS transport access remotely (non-IPsec) without having to buy the license Anyconnect Essentials for your ASA focus.

    As an aside, note that if you want to use AnyConnect Mobile (e.g. for iPhone, iPad, Android, Blackberry etc.clients) you will also get the additional license for it (L-ASA-AC-M-5510 =, also price US $150)

  • Missing shell login, but only for a specific user

    Hi, I have a problem that I can not find a solution after a thorough search of google. I had two user accounts in vista - my account with administrator privileges and a second account for a friend. My system has crashed with BSD and when it restarts it let me access my own account but as soon as the connection is full it does not seem to load the shell and all I have is a white screen with no taskbar. Right click does not work and neither does Ctrl-Alt-Delete.

    The second user account starts ok. By starting in safe mode, I created a new user with administrator privileges and it works fine. From there, I can access my old directories since the damaged account.

    However, I need to restore my own account as soon as it has all my custom settings for the programs that I use, all my outlook etc settings and I don't want to have to spend a lot of time copying old books of account to the new account admin and then set up all the programs again.

    Is there a section of the registry that deals with shells of the individual user where we could become corrupted when the system crashed? I looked through the registry but can only search strings for shots of the opening General session and are not specific to users.

    Any help would be appreciated

    Hello
     
    Method 1.
    Best thing you can do is to perform a system restore just before where the problem occurred.
    I quoted an article that explains about system restore in Windows Vista.

     
     
    Method 2.
    Or you can fix the corrupted user profile by copying the damaged to the new user account settings. See the article below for more information.
    Difficulty of a corrupted user profile
    http://Windows.Microsoft.com/en-us/Windows-Vista/fix-a-corrupted-user-profile

    I hope this helps.

    Thank you, and in what concerns:
    Shekhar S - Microsoft technical support.

    Visit our Microsoft answers feedback Forum and let us know what you think.
    If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.

  • Import a public ssh key for a specific user of DRAC via racadm?

    Is there a racadm command to download and install a public ssh key into account a specific drac of the user.

    In the GUI, I see features to add 4 different keys per user access from remote devices with the key private without a password for ssh.

    I have not found a command for it in the last iDRAC CLI PDF 7/8.

    I don't see that installed public keys are exported with an export of the server profile which would mean that access would be lost when profile importing. Is this correct? If so is this remedied the iDRAC future releases?

    You can use "racadm sshpkauth" to import or delete the public SSH key users to iDRAC.  You can get more details on the use of race using command "racadm help sshpkauth" or the RACADM CLI guide (link below)

    http://www.Dell.com/support/manuals/us/en/19/idrac7-8-lifecycle-controller-v2.30.30.30/iDRAC_RACADM_Pub/sshpkauth?GUID=GUID-BE12ABD1-4995-4FA3-B090-9CB41321B7A4&lang=en-us

    Importing server configuration file will not delete iDRAC SSH key

  • Is there a way to recover the use of storage for a specific org through the vCloud API RESTful vdc?


    Hello - I hope someone can tell me how to recover the amount of storage used against an assignment given to a specific VCC in the goal.  I use storage profiles in my environment and when I retrieve the details of an org vDC by AGAINST... api / / admin/vdc / < OID >, I think the result is a block with hrefs VdcstorageProfiles I can do more gets against for details on provisioned storage profiles.  However the results of these becomes later contain just a 'Limit' tag in the XML file that indicates the amount of the allowance, but still no details on usage.  The initial GET against the vDC shows its use against the allocation of memory and cpu, and I was looking to find a similar result for storage.

    Thank you!

    Nevermind, I just have this one resolved, everything necessary for the query / api /? type = adminOrgVdcStorageProfile & filter = vdcName is XXXX

  • Can I set parental controls on firefox for a specific user only?

    I use windows 7 and firefox 18.0.2. On my PC, I have my Admin account and my account of children. Now they arrive at an age that they are requiring Internet access for projects and so on, I wonder if I can put parental controls on firefox (by add-on?) as I have on windows, while master's log in to their account, firefox only allows access to what I received. In other words, limit the use of internet ONLY for their account, while I'll still be able to use firefox without restriction. I don't want to use another browser that I ' m not as familiar with just so I can put a parental control over everything on this browser. Any ideas?

    It did the trick. You can restrict any program or browser to their liking. Although I do not have someone else (Microsoft...) do it for me, it works as should be for now. Thank you for your time!

  • How to get specific IP through VPN tunnel

    I've implemented remote access via VPN Cisco VPN.
    We use the tunneling split at the tunel internal IP of VPN tunnel only range.
    Now I need to get a specific IP address on the Cisco VPN Client
    through Internet and internal network.
    I added this specific IP address to split tunnel ACL
    I can check it out using Cisco VPN Client, status > statistics, details of the itinerary.
    but when I traceroute to that specific IP address it ends on
    first jump, ASA public interface.
    ASA road 0.0.0.0/0.
    I need to put in place?

    Hello

    If you need to allow the VPN client to connect to the ASA and you--turn to the Internet, you must:

    permit same-security-traffic intra-interface

    Also, make sure you NAT traffic:

    NAT (outside) 1 VPN-range

    Global 1 interface (outside)

    Be careful with the above NAT commands (is just one example and depends on your configuration).

    Federico.

  • blocking of websites for users of vpn ipsec offline

    Hello

    We use asa 5520's as our firewalls and our vendors sign in via ipsec vpn client v5. with our previous checkpoint firewall and clients, we could add a default policy, which would be active while the client was not connected which would limit that sellers sites could visit not connected to the firewall.

    with our new configuration of cisco, we are able to restrict what Web sites they visit while they are connected, but once they log off of the firewall they have unlimited access to the Internet. Is there a way to be limited to a list of pre-defined business related sites?

    Thank you

    Sam

    Sorry for the late reply.

    I don't think that you can inject a rule of firewall policy customized to the VPN client when they are not connected.

    You can use the stateful always on the firewall, but you can't customize it AFAIK.

    Apply a proxy on laptops you describe could be a better solution.

    Federico.

  • Auto approve IN. for specific users?

    I'm looking into PORPOCHA and I need to auto approve IN. for a specific user, is there some examples that I could look at? I am new to WF.

    Thank you!

    Hello

    You must create a rule of holiday for the user for this notification. In workflow administration pages, go to the Administration tab and choose 'Rules of holiday' from there. Create the rule to automatically approve the notifications you want to.

    HTH,

    Matt
    -----
    WorkflowFAQ.com - the independent resource ONLY for Oracle Workflow Development

    Review alpha chapters of my book "developing with Oracle Workflow" are available through my website http://www.workflowfaq.com
    Have you read the blog at http://www.workflowfaq.com/blog?
    WorkflowFAQ support forum: http://forum.workflowfaq.com

  • Routing of traffic between two VPN Site-to-Site Tunnels

    Hi people,

    I am trying to establish routing between two vpn Site-to-Site tunnels which are destined for the same outside the interface of my Cisco ASA.

    Please find attached flowchart for the same thing. All used firewalls are Cisco ASA 5520.

    Two VPN tunnels between Point A and Point B, Point B and Point C is too much upward. I activated same command to permit security level interface also intra.

    How can I activate the LAN subnets traffic behind Point to join LAN subnets behind C Point without having to create a tunnel separated between Point A and Point C

    Thank you very much.

    Hello

    Basically, you will need to NAT0 and VPN rules on each site to allow this traffic.

    I think that the configurations should look something like below. Naturally you will already probably a NAT0 configuration and certainly the L2L VPN configuration

    Site has

    access-list NAT0 note NAT0 rule for SiteA SiteC traffic

    access-list allowed NAT0 ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

    NAT (inside) 0 access-list NAT0

    Note L2L-VPN-CRYPTO-SITEB access-list interesting traffic for SiteA to SiteC

    access-list L2L-VPN-CRYPTO-SITEB permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

    Where

    • NAT0 = is the ACL to be used in the NAT0 rules that will exempt SiteA SiteC NAT traffic
    • NAT = is the line of configuration NAT0
    • L2l-VPN-CRYPTO-SITEB = LCA in configurations VPN L2L that defines the SiteA LAN to LAN SiteC traffic must use the VPN L2L existing SiteB

    Site B

    access list OUTSIDE-NAT0 note NAT0 rule for SiteA SiteC traffic

    OUTSIDE-NAT0 allowed 192.168.1.0 ip access list 255.255.255.0 192.168.3.0 255.255.255.0

    NAT (outside) 0-list of access OUTSIDE-NAT0

    Note L2L-VPN-CRYPTO-SITEA access-list traffic for SiteA to SiteC through a Tunnel between A - B

    access-list L2L-VPN-CRYPTO-SITEA ip 192.168.3.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

    Note L2L-VPN-CRYPTO-SITEC access-list traffic for SiteA to SiteC through a Tunnel between B - C

    access-list L2L-VPN-CRYPTO-SITEC permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

    Where

    • OUTSIDE-NAT0 = is the ACL to be used in the NAT0 rules that will exempt SiteA SiteC NAT traffic. It is this time tied to the 'outer' interface, as traffic will be coming in and out through this interface to SiteB
    • NAT = is the line of configuration NAT0
    • L2l-VPN-CRYPTO-SITEA (and SITEC) = are the ACL in the configurations of VPN L2L that defines the SiteA LAN to LAN SiteC traffic should use existing VPN L2L connections.

    Site C

    access-list NAT0 note NAT0 rule for SiteC SiteA traffic

    NAT0 192.168.3.0 ip access list allow 255.255.255.0 192.168.1.0 255.255.255.0

    NAT (inside) 0 access-list NAT0

    Note list-access-L2L-VPN-CRYPTO-SITEB SiteC to SiteA interesting traffic

    L2L-VPN-CRYPTO-SITEB 192.168.3.0 ip access list allow 255.255.255.0 192.168.1.0 255.255.255.0

    Where

    • NAT0 = is the ACL to be used in the NAT0 rules that will exempt SiteC to SiteA NAT traffic
    • NAT = is the line of configuration NAT0
    • L2l-VPN-CRYPTO-SITEB = LCA in configurations VPN L2L that defines the SiteC LAN to LAN SiteA traffic must use the VPN L2L existing SiteB

    To my knowledge, the foregoing must manage the selection NAT0 and traffic for VPN L2L connections. Naturally, the Interface/ACL names may be different depending on your current configuration.

    Hope this helps

    -Jouni

Maybe you are looking for

  • right of the touch screen does not

    Hi apple, I dropped my iPhone 5 c not so long ago, and when I went to answer a text (my phone is locked with a password), I went to type my password in and the right side of my screen does not work, I tried to plug my phone into my computer , but it

  • Bootcamp will not finish installing drivers on windwos 10

    Hey guys,. I have problems when you install the drivers on windows 10 to the MacBook pro 15 "2014. Bootcamp "freezes" when you install the drivers with the status bar on 'Realtek' Audio. Any thoughts about why and if yes, how can I solve this? Thank

  • Maximum hard disk on Tecra M4

    I have a Tecra M4, and I think to upgrade the hard drive to a SATA 320 one. Y at - it a maximum size of hard drive for this model? Also the functions of "Safe custody" of HD will still work if you install a new? Thank youMark

  • Satellite A10 won't boot up - bad sectors on HARD drive

    Hallo, I have a Toshiba Satellite A10Model No.: PSA10E-018EZ-DU The problem is that you comp. won't start.There are some areas of bad or damaged HDI ran chkdsk a few weeks ago, it has helped but now there are still problems.If chkdsk is running again

  • Convert file communication labview vi file

    How convert on design communication Labview in Labview .vi file and vice versa?