several groups of vpdn
Hello!
I have the configuration for l2tp connections, users are authenticated by RADIUS. It works and everything is OK.
Now, I need to send the IP address of the DNS server to specific users. I tried setting up isakmp client, but it does not work. Then I tried setting virtual-model and they apply successfully. So, I create an another model-virtual and another vpdn group. But all users connect to vpdn-group by default and I don't know how to change it.
I use Windows 7 as a customer. Cisco 7206 (Cisco IOS Software, software 7200 (C7200-ADVIPSERVICESK9-M), Version 12.4 (24) T5, (fc3) SOFTWARE VERSION).
!
VPDN-group L2TP_VPN
! Default L2TP VPDN group
accept-dialin
L2tp Protocol
virtual-model 1
local name PRINCIPAL
no authentication of l2tp tunnel
!
VPDN-group l2tp_vpn_test
accept-dialin
L2tp Protocol
virtual-model 10
terminate - lac_test host name
name local lns_test
no authentication of l2tp tunnel
!
I tried these Radius attributes:
28 Mar 18:45:17 MSK: RADIUS: Cisco-AVpair [1] 28 'vpdn:tunnel - id = lac_test.
28 Mar 18:45:17 MSK: RADIUS: Tunnel-Client-Auth-I [90] 13 "lac_test".
28 Mar 18:45:17 MSK: RADIUS: Tunnel-Server-Auth-I [91] 25 'lns_test '.
Can you help me, please?
I'm not sure of the answer.
What if you send the DNS server in RADIUS response? Maybe try MS-DNS-Server primary and/or secondary MS-DNS-server.
See also (search for DNS):
http://www.Cisco.com/c/en/us/TD/docs/iOS/12_2/security/configuration/guide/fsecur_c/scfrdat2.html
Tags: Cisco Security
Similar Questions
-
VPN access query remote ASA - several group policies for the unique connection profile
Hi all
Two quick questions here that I need to help.
1. in an ASA 5525, is it possible to have several group policies for a single connection profile?
Scenario: A customer is running F5 Firepass to their VPN solution and this device is used by them to have multiple strategies group by the connection profile. We plan to migrate them to ASA (5525) and I don't know if the ASA can support that.
2. in an ASA-5525 for Clientless Remote access VPN, can pass us the page to connect to an external server? For example, if I have a connection with a URL profile setup: "'https://wyz.vpn.com/ ';" for the LDAP/Radius Authentication, but for https://wyz.vpn.com/data and https://wyz.vpn.com/test I want to HTTP based authentication form and this page needs to be sent to an external server that is to say ASA step will manage this page, but rather the first page for this is served by the external server.
Scenario: One of our clients is running F5 Firepass to their VPN solution. On the F5 they have pages of configuration such as the https://wyz.vpn.com/ that the F5 shows to the user when they connect via VPN without client; However if the user types https://wyz.vpn.com/data in the browser, the traffic comes to the F5, but F5 redirects this traffic to an external server (with an external url as well). Then it's this external server that transfers the first page of the user requesting authentication for HTTP form based authentication information.
Thanks in advance to all!
Hello
You can have fallback to LOCAL only primary method.
http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa90/configuration/gu...
HTH
Averroès.
-
Several groups of RADIUS auth on a single Windows Server
We have several groups RA VPN on a 3845 router.
Authentication RADIUS which is currently happening between the 3845 and one Windows 2008 Server. We have a group of specific windows which AD users are members, and they are allowed to connect through the VPN.
I create a new group of VPN, which should only allow different users of the AD. Is it possible to create another association of RADIUS on the same server, or do I need to authenticate to a different Windows Server?
Thank you
Tyler
Hey Tyler,
If I understand the question, here's what you have to say.
There are several groups on the announcement. currently 1 user group special on AD connect very well to the RAVPN.
Now you want to connected VPN or authorized for another group on AD. Basically, you want to control access to resources based on the groups that they belong to the advertising. Am I wrong?
You use the aaa server is the RADIUS. I don't think you can do authentication and control of access based on the ad groups using RADIUS.
I would say try LDAP.
http://www.Cisco.com/en/us/docs/iOS/sec_user_services/configuration/guide/sec_cfg_ldap.html
I hope this helps.
Kind regards
Anisha
P.S.: Please evaluate the useful messages
-
Hi all
Is it possible to identify single user VDI which is a member of VDI several groups in Active Directory from power Cli script
Thank you
VM2014
Oops, my mistake. Try this
Get-ADUser-filter *-MemberOf properties |
where {$m = $_.} MemberOf | where {$_-match 'app-view'}; $m - not $null - and @($m). {Count - gt 1} |
Select the Name,@{N='#VDI groups; {E = {$m.Count}}.
@{N = 'Groups of VDI'; E = {($m | Get-ad group | Select name - ExpandProperty) - join ' | '}}
-
I need some information on the use of several groups on or off?
Hello
I'm trying to implement several groups to toggle in javafx (one for the radio button) and one for the toggle buttons.
By choosing one of the option buttons, toggle buttons appear and I need to perform an operation based on the value of the selected toggle button.
But for me only the radio button failover works.
The toggle button is to come as being disabled.
Please help me.
Can you post a short, independent, good example that demonstrates the problem? The following example works fine for me:
import javafx.application.Application; import javafx.scene.Scene; import javafx.scene.control.RadioButton; import javafx.scene.control.ToggleButton; import javafx.scene.control.ToggleGroup; import javafx.scene.layout.HBox; import javafx.scene.layout.VBox; import javafx.stage.Stage; public class MultipleToggleGroupExample extends Application { @Override public void start(Stage primaryStage) { final ToggleGroup radioButtonGroup = new ToggleGroup(); final RadioButton rb1 = new RadioButton("Choice 1"); final RadioButton rb2 = new RadioButton("Choice 2"); rb1.setToggleGroup(radioButtonGroup); rb2.setToggleGroup(radioButtonGroup); final ToggleGroup toggleButtonGroup = new ToggleGroup(); final ToggleButton tb1 = new ToggleButton("Choice A"); final ToggleButton tb2 = new ToggleButton("Choice B"); tb1.setToggleGroup(toggleButtonGroup); tb2.setToggleGroup(toggleButtonGroup); final HBox root = new HBox(10); final VBox radioButtons = new VBox(5); radioButtons.getChildren().addAll(rb1, rb2); final VBox toggleButtons = new VBox(5); toggleButtons.getChildren().addAll(tb1, tb2); root.getChildren().addAll(radioButtons, toggleButtons); toggleButtons.visibleProperty().bind(rb2.selectedProperty()); primaryStage.setScene(new Scene(root, 600, 400)); primaryStage.show(); } public static void main(String[] args) { launch(args); } }
-
VCenter: User in several groups with different permissions, smaller approvals
Hello
We finally hit the use of our VCenter setup where we need to begin to use permissions group instead of the individual user's permissions. I have set up several groups (QA, automation, App, VCenter users and administrators) for our users. However - I ran into a problem where a user must be in QA Automation and administrators, and I put the appropriate permissions on a pool of resources (QA - unalterable, automation and administrators full control).
When you connect as long as user is as VCenter uses by default the * least * permissions for the object being verified and the user has only read-only for the resource pool (and spread points). Is this expected authorizations and vcenter behavior? I guess the user must get the permissions for all the groups, they are in.
Thank you
Ben
If you set permissions in vCenter level, then Yes, you need to uncheck spread it to child objects. What you can do then is add permissions on each individual resource pool.
Is the ultimate goal only allow these members to have access to resource pools, any VI?
-
Several groups of ports with the same VLanID
Ask a question on peoples experience or knowledge, because we had a little chat here at work. If you have several groups with the same VLanID virtual port in the same cluster, does or that will cause a problem?
Tom - we do that regularly.
We have large quantities of VLAN - and often will be have 2 VMs hosted on the same Vlan environments for the purposes of the Dev - but when we move to production, we want to be able to isolate the dependent VMs to the configured network - with the same Vlan in use. . with a name different from the ways that we can quickly determine which is which.
In addition
I have hhave 1 vSwitch, with 2 natachasery (set up for tolerance of failure... not load balancing). . 2 groups of ports. . even vLan. . but I can get then Port Group1 to Teddy defauilt 1 and Port Group2, or Teddy bear 2 - which means I can isolate traffic e.. except in an emergency.
-
10g: unable to set the default dashpoard (CheminPortail) to several groups
Hi all
I am facing a problem while defining the portal path for several groups.
I have two RPD groups and each group need to have its own default table in the form of ready page.
We use authentication RPD and cannot use the database table to record the CheminPortail for each user or group.
What I've tried so far is the following:
We have two groups, Group1 , Group2 , who need to have the default dashboard * \shared\_portal\dashboard1* and * \shared\_portal\dashboard2* respectively.
Approach 1: Create a block INIT of Session with the following query:
Select case when ""="Group1: GROUP ' then '\shared\_portal\dashboard1' another '\shared\_portal\dashboard2' end of the double"
Result: Failure - because all users are directed to "\shared\_portal\dashboard2". Somehow *': group ' * Gets not the affected GROUP.
Even tried to replace ": GROUP ' with"VALUEOF (GROUP)"in the SQL query, however, it did not help."
Help to get the same functionality will be appreciated.
Kind regards
KhalidKhalid,
Here you go... use example below and change as you need.
Create a SESSION - INIT BLOCK with this query... Say CRTAP
SELECT CASE WHEN ' VALUEOF (NQ_SESSION. GROUP)' = "DASH_usr" THEN "/ shared/test ' WHEN ' VALUEOF (NQ_SESSION. GROUP)' = "DASH_ctr" THEN "test1/shared / ' END OF DOUBLE
Set it to a variable with the name CHEMINPORTAIL and default to say anything ' / abc / ".
This will work for sure... You can test this by RPD as well.
Hope this helps
-
JMS server targeted to several groups
Hello
I am facing a problem with my configuration of JMS in weblogic (version 10.3.4.0). I have two clusters. Following the [practical best JMS | http://forums.oracle.com/forums/message.jspa?messageID=9455261#9455261] I created a JMS server in each server managed within the cluster. I created that one Module JMS with a subdeployment. The JMS Module is for all servers managed within the two groups, and the subdeployment caters to all JMS servers in clusters.
The JMS module, I created a connection factory targeted the subdeployment, until then everything is ok.
Subsequently, I try to create a uniform distributed queue (UDQ) targeted the subdeployment and WebLogic throws the following error:
A UDD must target servers within a single cluster or a single stand-alone server, rather than Cluster ClusterA and Cluster b
The only solution I found is to create a JMS-subdeployment Module by JMS server. Is it possible to have just a JMS Module and use it in all the server managed by several groups? or I have to put in place the same parameters (ConnectionFactories + queue quota) in each Module JMS.
Thank you much in advance.
See you soon,.
OscarHello
The error is expected because a UDD is a distributed cluster whose scope is by definition. I think you have two options:
-Not the best practice: use two different subdeployments in module - one for each set of JMS servers in a specific cluster and configure the number of UDDs couble (with names different mbean, one set per cluster).
-A recommended best practice: use two different modules - one for each set of JMS servers in a particular cluster, each with a subdeployment and its own set of UDDs.
I think the best statements of practices something that you use one module per each "homogeneous group of JMS servers. A homogenous whole of JMS servers is a set of servers JMS host (A) run in the same cluster and (B) all the same destinations spread...
Kind regards
Tom
Published by: falls on April 11, 2011 10:07
-
Hello
Could someone tell me how I might have several group from the different count function?
Here's what I'm trying to do.
In the group by clause, I would like to have group by in the following terms:select x.prev_categ, x.next_categ, count(distinct user_id) as countprev2next, count(distinct user_id) as countprev2any, count(distinct user_id) as countany2next, count(distinct user_id) as countany2any ( select user_id, prev_categ, next_categ, dense_rank() over (order by prev_categ, next_categ) as rankprev2next, dense_rank() over (order by prev_categ) as rankprev2any, dense_rank() over (order by next_categ) as rankany2next, dense_rank() over() as rankany2any from next_categ_data where x.prev_categ IS NOT NULL and x.next_categ IS NOT NULL )x group by x.prev_categ, x.next_categ ;
(1) prev_categ and next_categ as shown in the query
(2) only prev_categ
(3) only next_categ
(4) user_id
By this motion, I am trying to accomplish the following:
For example, I have a transaction in which category A is passed to category B.
I want to count distinct users who moved from category:
(1) A to B (A2B)
(2) A to any category (A2X)
(3) any to B (X2B)
(4) all for the whole (X2X)
This must be done for all possible transactions.
Sample Data create table final as ( select 1 user_id,2 product_id,A categ_id, to_Date('1/1/2009','MM/DD/YYYY') dt from dual union all select 1 user_id,3 product_id,B categ_id, to_Date('1/1/2009','MM/DD/YYYY') dt from dual union all select 1 user_id,4 product_id,C categ_id, to_Date('1/3/2009','MM/DD/YYYY') dt from dual union all select 1 user_id,5 product_id,D categ_id, to_Date('1/3/2009','MM/DD/YYYY') dt from dual union all select 1 user_id,6 product_id,E categ_id, to_Date('1/3/2009','MM/DD/YYYY') dt from dual union all select 1 user_id,7 product_id,F categ_id, to_Date('1/10/2009','MM/DD/YYYY') dt from dual union all select 1 user_id,8 product_id,G categ_id, to_Date('1/11/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,2 product_id,A categ_id, to_Date('1/1/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,3 product_id,B categ_id, to_Date('1/2/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,4 product_id,C categ_id, to_Date('1/4/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,5 product_id,F categ_id, to_Date('1/5/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,6 product_id,H categ_id, to_Date('1/6/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,7 product_id,F categ_id, to_Date('1/12/2009','MM/DD/YYYY') dt from dual union all select 2 user_id,8 product_id,G categ_id, to_Date('1/15/2009','MM/DD/YYYY') dt from dual union all select 3 user_id,2 product_id,A categ_id, to_Date('1/11/2009','MM/DD/YYYY') dt from dual union all select 3 user_id,3 product_id,C categ_id, to_Date('1/12/2009','MM/DD/YYYY') dt from dual union all select 3 user_id,4 product_id,B categ_id, to_Date('1/13/2009','MM/DD/YYYY') dt from dual union all ) ;
Could you also tell me how I could make the County be repeated? For example, I want to count 3 to print for the two A to B and a-CSample output Prev_categ | Next_categ | countprev2next | countprev2any | countany2next | countany2any --------------------------------------------------------------------------------------- A B 2 3 3 3 A C 1 - 3 3 B C 2 2 - 3 C B 1 3 - 3 C D 1 - 1 3 C F 1 - 2 3 D E 1 1 1 3 E F 1 1 - 3 F G 2 2 2 3 F H 1 - 1 3 H F 1 1 - 3
under column of prev2any.
I appreciate all help.
Thanks again,Hello
You can do it with the analytical COUNT function:
SELECT DISTINCT , prev_categ , next_categ , COUNT (DISTINCT user_id) OVER (PARTITION BY prev_id , next_id ) AS countprev2next , COUNT (DISTINCT user_id) OVER (PARTITION BY prev_id) AS countprev2any , COUNT (DISTINCT user_id) OVER (PARTITION BY next_id) AS countany2next , COUNT (DISTINCT user_id) OVER () AS countany2any FROM next_categ_data WHERE next_categ IS NOT NULL ORDER BY prev_categ , next_categ ;
Sorry, I'm not a database now, so I can't test it for 12 hours.
Looking at the code you posted, it seems as if you were on the right track with the partitions, only you were trying the wrong analytical function.
You really have a table like next_categ_data? Most people would use a view, if this isn't a subquery for this, unless the query speed was very important.
-
I have a report and have need of the results displayed in several groups. The result set of a query, I use the cfoutput with the group attributes tag and the query to display the results (types and number of workers) per meal (lunch and dinner). It works fine but I also need the types of workers grouped (with every meal) by which part of the restaurant, they work in (front, rear, management). To do this within the aforementioned cfoutput tag, I added another tag cfoutput with a second group option. It almost worked, but the problem is that I get only the first row of data for each of the subgroups (where they work) and not all the lines. I tried to add the attribute of the cfquery attribute nested query, but which is not allowed.
This is what we used several nested cfoutput Tags group attributes? Can it be done? If so, what hours I don't hurt. If not, is there another way?
Thank you
Jason
CF will not allow you to embed two query driven cfoutput tags. I posted this question to my group and they were able to answer.
ANSWER:
At the lowest level, you want a simple cfoutput without group to this topic.Answered by Matt Jones and Brad Wood Group KCDevCore. Thank you guys!
-
How to assign several groups of home page tabs?
I was hoping to make use of the tab function, but when I restart FF my groups all disappear except my home page tabs. Is there maybe an add-on that can save and rebuild groups of tabs?
And is it just me or should FF have warned me that the creation of a group of tabs set my home page and remove my links?
Also, I wouldn't need to tab groups if the new tab screen can be configured to contain more links with small vignettes - perhaps also a possibility to Add on?
Thank you...
Finally got a chance to try it - looks great so far. Configurable Super - lose the search bar, reduce the size of the tile while maximizing the police to name, create custom groups...
There will be no problem to get everything I need on a single screen with scrolling - just wish I could reorganize and group in a single screen.
I see no reason to set as my homepage though - there are several tabs, I always open so 'new tab' mode, that's exactly what I was looking for.
Thanks for the help,
CC -
Several groups of ACS/announcements in NDG
Hello
I've been racking my brain on this for a few days, and it's just not coming to me. I'll try and also be suscinct as possible. I am in the process of transition of my users of IPSEC to SSL VPN client/web. During this process, I want to limit users to what they need to get to only.
ASA firewall configured for SSL VPN and IPSEC VPN (8.2.1)
Cisco ACS for Windows (4.2)
Active Directory Windows domain
We have several departments who will each of the different levels of access. We currently have a group of users who belong to an ad group that is mapped to an ACS group. Everthing is going fine for the IPSEC VPN and SSL VPN as it is. The problem that I am running is adding a new group (s) adding to the mix and get the right checks up to join this group.
Example: If you are in the OWA ad group, you should only have access to OWA when you access SSL VPN.
Example: If you are in the ad Marketing Group, you should have access to the actions and resources that are predefined.
There could be up to 10 groups.
I have added a new group to the ACS server and it mapped to the corresponding group. But I guess I don't understand how to get the ASA--> ACS to verify membership in this group. I tried the DAP of ASA with controls against the Radius attributes - but it fails. I feel just like I'm missing something in the ACS server, I need to do first.
Thanks in advance for the help.
Hi Chris,
By checking groups, ASA, GBA package access attribute class only reads accept, depending on the value of class the asa will map like you on a policy of group as your configuration.
ACS will read the first memberOf value retrieved from the profile AD and map the user to the group, accordingly, so if you have multiple groups on one user it will always match one on the list (don't ask me what is the order that AD sends the group for GBA)
The first statement, I think you will need that many strategies of groups like the functions you need and based on the value of the class they will be mapped to this group policy and then these features will be enabled. I believe that with the radius authentication plain and RADIUS atts or DAP (dap gives you more customization options), so you can skip ACS and use ASA - ldap - AD) and use memberOf attributes.
Let me know if this has any sense at all.
-
Scrollable frame this OSM contains several grouped
Hi all
Here's my situation:
I have an ESM has 2 States reveal and hide content. I need several of them which can then be placed in a floating frame (see screenshot)
http://i.gyazo.com/23acedeb85986cd5c54ceebecbd5e09a.PNG
The problem that I am running is that I can't "put in"an area of placeholder, except if these are all grouped in one piece. However, when I consolidate them at once the object, they all lose their MSO functionality.
Is there a way I can get these in a setting floating and still keep their taps to reveal/hide States?
Thank you.
Yes, it becomes difficult to process objects nested within InDesign. After you group all the objects as part of content and then cut and paste the image contained within the container, MSO buttons as part of content are losing their shares of MSO when pasted. At this point, I think that the best thing to do is to use the layers panel to select each object button and re - apply action.
Here are a few articles dealing with best practices with scrolling image:
Digital Publishing Suite 101: Quick Tips for FramesBobLevine.us Scrollable
-
Same access for several groups...
Hi all
Is it possible to offer the same access to different indigenous groups using Shared services.thanks inadvance.
Thank you and best regards,
RaviAn often overlooked feature is associate roles that may or may not be useful for you.
According to Oracle.
Aggregated roles, roles also known as personalized, aggregate several predefined application roles. An associate role can contain other roles aggregated. For example, a Shared Services or Provisioning Manager administrator can create an associate role that combines the Scheduler and roles of the user to see an Oracle Hyperion Planning, the Fusion Edition, the application. Aggregation of roles to simplify the administration of applications that have more granular roles. Global shared Services roles can be included in aggregate roles. You cannot create an associate role that spans applications or products.
Thank you
Todd Rebner
Maybe you are looking for
-
Bluetooth for Satellite U505-S2960 module
Hello I have Toshiba Satellite U505-S2960, but not brings Bluetooth. I want to buy an internal module, I need to know which reference module is compatible Thank you
-
Error when you try to call the Javascript function in the ActiveX Web browser
I have a requirement to call a Javascript function in a web page that is displayed in the browser's ActiveX control. I have the control on the front panel, and I use the Navigate method to call to the top of the appropriate page. Based on an exampl
-
Zoo Tycoon 2 Ultimate Collection will not work
I just bought the ultimate Collection of Zoo Tycoon 2 and installed on my Windows 7 computer. I tried to set the compatibility mode to run on Windows XP Service Pack 2 and also tried to run as an administrator. I even uninstalled and reinstalled and
-
Network adapter on HP Pavillion s5-1126 affecting download speed
I have a HP Pavillion s5-1126. Not the product. is QU150AA #ABA. My operating system is Win 7 Home Premium. Service Pack 1. 64 bit OS. I have READ with AT@T and got consistent speeds of 6.0 download + Mbps with my old computer running XP, which is wh
-
Printer works fine. Phone line is attached to the fax, we do not use the fixed line for something else. When the robot calls arrived, the printer spits out an error fax report. During set up, I selected the option 'shared online. Don't need to wa