to provide selective access by VPN.

Similar Questions

• Select access on v_$ session

  I have just said that a grant requested to select on v_$ session constitutes a security problem.
  
  but its quite systematic as if a must in the logical English packed only be instantiated by a caller at a time, the following is used:
  
  -record the activity
  DBMS_APPLICATION_INFO.set_module (module_name = > C_PROCEDURE_NAME, action_name = > null);
  
  -make sure that this process is never instantiated by more than one caller at a time
  Select count (1) in the session v_duplicate_process_cnt $ v
  where module = C_PROCEDURE_NAME;
  
  If (v_duplicate_process_cnt = 1) then
  -do stuff
  endif;
  
  I'm unable to dig up concerns of specific safety with the help of this method or provide select access on v_$ session.
  
  can someone indicate what are the problems of security on a select on v_$ session and, if necessary, another method to ensure that only packed logical is not instantiated by several appellants?
  
  Thanks again.

  Hello

  Just some thoughts:

  -You could get the address of the process of the column PADDR, let you know segments of memory at glance and looking for something interesting.
  -You can know the OSUSER, the MACHINE and the PROGRAM of a live session, then you can try to list possible attack targets (for example, to steal their passwords).
  -Find the best time to attack a database without starting any traced by a DBA (by looking at the column SECONDS_IN_WAIT).

  I think that it would be difficult for an attacker to obtain the credentials of database that already have this privilege (perhaps they need to break a lot of front security door). but it is possible.

  For your problem, I would implement a work manual scheduler:

  dbms_scheduler.create_job
  (job_name-online "MyTask",
  job_type-online "procedure_stockee."
  job_action-online 'will. "
  number_of_arguments-online 2
  );

  When you call it:

  dbms_scheduler.set_job_argument_value
  (job_name-online "MyTask",
  argument_position-online 1
  argument_value-online v_value1
  );

  dbms_scheduler.set_job_argument_value
  (job_name-online "MyTask",
  argument_position-online 2
  argument_value-online v_value2
  );

  dbms_scheduler.run_job ('MyTask');

  If your task is already running, then you should get an ORA-27478.

  It will be useful.

  Kind regards!

• Provided to the customer VPN encryption

  Hello world

  You must confirm if the PC user used RA of Cisco VPN to connect to the network of corp.

  Here IPSEC tunnel that is being built between the PC and router VPN encryption is provided by the Client VPN software to the right user data?

  Concerning

  Mahesh

  Remote access VPN clients negotiate the encryption based on the settings in the head of ASA line (or whatever the device puts an end to the corporate VPN remote access). It may be a SSL or IPSec method with other different parameters according to the configuration settings.

  Once a VPN session is established, the client software encapsulates the traffic goes the end head and decapsulating the received data using the negotiated parameters. The head of line did the same thing.

  Sent by Cisco Support technique iPad App

• Access linux VPN client XP host

  Hi all

  I am running VMWare workstation 6.5 on Linux (Gentoo) with a guest of Windows XP. In the host, I connect to a cisco VPN using vpnc and changing tables of road I have access to the VPN as well as the rest of the local network (including the internet). I want to be able to access the VPN connection (i.e. Access IP address provided by the VPN connection) of the XP client. I know that I can use ssh to tunnel of these connections, but I need to configure a tunnel by ip/port that I connect. At the moment the guest is using bridged networks (it has its own IP address on my local network).

  Is the an option of the network configuration in VMWare which will allow the guest to access all interfaces (eth0 and tun0) on the host computer and carry the traffic to these interfaces accordingly?

  Thank you

  Allistar.

  Hello Allistar-

  If you configure the client to use the NAT networking, you will be able to access all networks visible to the host (eth0 and tun0) automatically.  If you need to expose the ports on the outside guest to the host's network, port forwarding can also be configured through the virtual network Editor.

  Good luck

  Mike H

• VPN to access LAN VPN clinet.

  We use a PIX 515 as the hub of a LAN to LAN VPN as well as to access VPN Clinet. Using a multipoint configuration sites speaks (all PIX 501) are able to communicate with each other. However, the VPN to access the 515 client are not able to access the VPN sites has talked about. I think that it is due to the fact that put an end to all tunnels on the same interface of the PIX 515. Is there a way to allow the VPN CLient to communicate with the LAN VPN spoke?

  Concerning

  PD

  Currently, it is not a good way to meet the requirements above. However, add us a new item (or rather, a restriction of relax) for the PIX 7.0 code (to be released in December/January) to allow clients VPN packets 'u-turn' on a Hub PIX to PIX spoke connected via Lan-to-Lan tunnels. The program 7.0 beta is about to begin (may have just begun) so if interested, please contact your local account engineer Cisco. Sorry for the news but help is on the way.

  Scott

• 2 VPN SITE to SITE with ACCESS REMOTE VPN

  Hello

  I have a 870 router c and I would like to put 2 different VPN SITE to SITE and access remote VPN (VPN CLIENTS) so is it possible to put 3 VPN in the router even if yes can u give me the steps or the sample configuration

  Concerning

  Thus, on the routers will be:

  

  Cisco 2611:

  LAN: 10.10.10.0/24

  access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
  

  access-list 100 permit ip 14.1.1.0 0.0.0.255 10.10.20.0 0.0.0.255--> VPNPOOL

  !

  10 ipsec-isakmp crypto map clientmap

  defined by peer 172.18.124.199

  match address 100

  !

  IP local pool ippool 14.1.1.1 14.1.1.254

  !

  access-list 120 allow ip 10.10.10.0 0.0.0.255 14.1.1.0 0.0.0.255
  

  access-list 120 allow ip 10.10.20.0 0.0.0.255 14.1.1.0 0.0.0.255 --> NETWORK REMOTE
  

  !

  crypto ISAKMP client configuration group ra-customer
  

      pool ippool

  ACL 120

  !

  Please note that the configuration is incomplete, I added that relevant changes, you should bring to the allow clients of RA through the LAN-to-LAN tunnel, of course, the LAN-to-LAN settings should match to the other side of the tunnel that is mirror of ACL, NAT and so on.

  HTH,

  Portu.

• Access remote VPN question - hairpin

  Hello, I did a search before posting this question but I have not found anything specific to my situation.

  We have our ASA5520 configured in our main office to allow remote access Cisco VPN client users to access our network.  We have a (network 192.168.1.0/24) remote desktop we have a configured on the same ASA5520 VPN IPSec tunnel that allows the use of internal users (in the main office) to access resources on the network remote (192.168.1.0) and vice versa.  The problem is that when users connect to the remote VPN access, they are not able to access the resources of the remote office network.  We created the nat0 ACL and labour, and split tunnel routing is implemented for users VPN remote network access (if I make a copy of the route on my laptop after connecting to the VPN, I see the road to 192.168.0.0/24 in my routing table).  Routing everything is in place to do this, since the IPSec VPN tunnel is up and working.  My suspicion is that the question has something to do with the consolidation of these VPN clients.

  What else needs to be configured to work?  Thank you.

  Hi Scott,.

  I have a client with a PIX 515E which allows connections to remote VPN and VPN LAN2LAN multiple connections.

  We had this problem too... so what I made in my pix was:

  TEST (config) # same-security-traffic intra-interface permits (its off by default)

  If you use ASDM go to:

  Configuration > Interfaces >

  at the bottom of this page, there is an option that says: 'enable traffic between two or more host computers connected to the same interface '.

  Check and it should work... I hope

  I await your comments...

  Kind regards.

  Joao Tendeiro

• How to change supplier so that our current provider can access our information?

  How to change supplier so that our current provider can access our information?

  Please see the following in detail:

  Adobe® Creative cloud to teams

  Concerning

  Stéphane

• Access remotely - VPN - ASA - port restriction

  Hello

  Is there a way to limit the vpn connection to an ip address and a port? I can do an IP only, but we may restrict with a single port? I mean that the user must connect only to a port?

  Thank you

  Hello

  You should be able to restrict the access of a user to a specific destination IP and port using a vpn-filter.  Here is a link that can help you understand and configure a vpn-filter on your ASA.

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

  As you can see from the information provided in the link you can apply the vpn filter for the group however, policy making all users who connect to this group policy will inherit the vpn-filter and is limited to what you have defined in the ACL on the filter.  In your case, it would be better to simply apply your vpn-filter ACL specific user as part of their attributes.  When this particular user connects their access will be limited to what you have configured in the vpn-filter while other users will continue to have unlimited access.

  I hope this info helps!

  -Jason Espino

• Cisco IOS - access remote VPN - route unwanted problem

  Hello

  I recently ran into a problematic scenario: I am trying to connect to a remote LAN (using a Cisco VPN client on my windows xp machine) my office LAN and access a server there. The problem is that I need a remote local network access at the same time.

  Remote LAN: 172.16.0.0/16

  LAN office: 172.16.45.0/24

  Topology:

  (ME: 172.16.10.138/25) - (several subnets form 172.16.0.0/16) - (Internet cloud) - (VPN-Gateway) - (172.16.45.0/24) - (TARGET: 172.16.45.100)

  To provide access, I configured a VPN to access simple distance on a 1700 series router. It's the relevant part:

  (...)

  crypto ISAKMP client config group group-remote access

  my-key group

  VPN-address-pool

  ACL 100

  IP local pool pool of addresses-vpn - 172.16.55.1 172.16.55.30

  access-list 100 permit ip 172.16.45.100 host 172.16.55.0 0.0.0.31

  (...)

  The configuration works fine, I can access the 172.16.45.100 server every time I need to. However, the problem is that when the VPN connection is connected, Windows wants to somehow rout the packets intended for 172.16.0.0/16 through the VPN tunnel. This is apparently due to a static route that added by the Cisco VPN Client and all other specific VPN routes.

  I suspect that the culprit is the IP LOCAL POOL, since when the VPN is connected, debugging of Client VPN log shows something like "adapter connected, address 172.16.55.1/16. Focus on the part "/ 16". I checked the VPN status page and the only road indicated there was "172.16.45.100 255.255.255.255" under remote routes. Local routes was empty.

  Is this a known problem I missed the obvious solution for? Is there no workaround apart from the pool local vpn penetrating high-end 10.x.x.x or 192.168.x.x? Thank you in advance for advice or tips!

  Hello

  The best way is to avoid any overlap between the local network and VPN pool.

  Try 172.17.0.0/16, is also private IP address space:

  http://en.Wikipedia.org/wiki/Private_network

  Please rate if this helped.

  Kind regards

  Daniel

• Problems with remote access IPSec VPN

  Dear Experts,

  Kindly help me with this problem of access VPN remotely.

  I have configured remote access VPN IPSec using the wizard. The remote client connects to fine enough seat, gets the defined IP address, sends the packets and bytes, BUT do not receive all the bytes or decrypt packets. On the contrary, the meter to guard discarded rising.

  What could be possibly responsible or what another configuration to do on the SAA for the connection to be fully functional?

  It can help to say that Anyconnect VPN is configured on the same external Interface on the ASA, and it is still functional. What is the reason?

  AnyConnect VPN is used by staff for remote access.

  Kindly help.

  Thank you.

  Hello

  So if I understand correctly, you have such an interface for LAN and WAN and, naturally, the destination networks you want to reach via the VPN Client connection are all located behind the LAN interface.

  In this case the NAT0 configuration with your software most recent could look like this

  object-group, LAN-NETWORKS-VPN network

  network-object

  network-object

  network-object

  network of the VPN-POOL object

  subnet

  destination of LAN-NETWORKS-VPN VPN-NETWORKS-LAN static NAT (LAN, WAN) 1 static source VPN-VPN-POOL

  Naturally, the naming of interfaces and objects might be different. In this case its just meant to illustrate the purpose of the object or interface.

  Naturally I'm not sure if the NAT0 configuration is the problem if I can't really say anything for some that I can't see the configuration.

  As for the other question,

  I have not implemented an ASA to use 2 interfaces so WAN in production environments in the case usually has separate platforms for both or we may be hosting / providing service for them.

  I imagine that there are ways to do it, but the main problem is the routing. Essentially, we know that the VPN Client connections can come from virtually any public source IP address, and in this case we would need to default route pointing to the VPN interface since its not really convenient to set up separate routes for the IP address where the VPN Client connections would come from.

  So if we consider that it should be the default route on the WEBSITE of the ASA link, we run to the problem that we can not have 2 default routes on the same active device at the same time.

  Naturally, with the level of your software, you would be able to use the NAT to get the result you wanted.

  In short, the requirements would be the following

  • VPN interface has a default route, INTERNET interface has a default route to value at the address below
  • NAT0 between LAN and VPN interface configuration to make sure that this traffic is passed between these interface without NAT
  • Interfaces to special NAT configuration between LAN and INTERNET which would essentially transfer all traffic on the INTERNET interface (except for VPN traffic that we have handled in the previous step)

  The above things would essentially allow the VPN interface have the default route that would mean that no matter what the VPN Client source IP address it should be able to communicate with the ASA.

  The NAT0 configuration application would be to force ASA to pass this traffic between the LAN and VPN (pools) for VPN traffic.

  The special configuration of NAT then match the traffic from LAN to ANY destination address and send to the INTERNET interface. Once this decision is made the traffic would follow the lower value default route on this interface.

  I would say that this isn't really the ideal situation and the configuration to use in an environment of productin. It potentially creates a complex NAT configuration such that you use to manipulate the traffic instead of leave the mark of table routing choice in the first place.

  Of course, there could be other options, but I have to test this configuration before I can say anything more for some.

  -Jouni

• Cisco 881 - Access Gateway VPN session

  Nice day

  I configured my Cisco 881 and finally has surpassed "thecan't see my network" issue IPSec VPN.

  I have a usecase where I need to access the gateway of the VPN Session.

  When I connect to the VPN using Cisco VPN Client 4.8 x, I do not return a default gateway on the VPN map. When I try to ping my IP from the LAN (10.20.30.1) bridge that does not work and I cannot access it with other tools.

  I'm sure it's an ACL question and it makes sense to hide the default gateway, but the big question is how to configure my router to see the gateway and access them from the VPN session?

  Please see my attached cleaned configuration.

  Network Info:

  • Internet Internet service provider gateway: 192.168.68.1
  • DNS: 192.168.2.1
  • Address WAN Cisco 881 at: 192.168.68.222
  • Address on Cisco 881 LAN: 10.20.30.1
  • DHCP for LAN on Cisco 881: 10.20.30.10 - 10.20.30.50
  • DHCP for IPSec VPN: 10.20.40.10 - 10.20.40.50

  Thank you in advance for your help!

  Kind regards

  -JsD

  Brand pls kindly this post as answered so that others facing the same issue can follow the workaround solution provided according to your final configuration.

  Great update and explanation btw. Thank you for that.

• Routing and Remote Access Server & VPN

  We have Server Windows 2008 R2, which is our domain, but also DHCP server controller. On this server we have Setup RRA for VPN and it works fine. We had to stop our DC due to a failure and after I got the domain controller to the top and it is a problem for users that connect to the VPN.

  When users try to connect to the VPN, it connects successfully. But they did not access network as usual. I looked in the VPN properties, and it receives an IP address of 169.254.xxx.xx which is not the correct network IP address. So while the user who is remote think they are connected, they are currently not connected.

  Does anyone have advice what is the cause of this and how to troubleshoot or resolve?

  Hello

  Given that you are working on Windows 2008 R2 please post your question here:

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home

• Unable to connect to other remote access (ASA) VPN clients

  Hello

  I have a cisco ASA 5510 appliance configured with remote VPN access

  I can connect all hosts on the INSIDE and DMZ network, but not able to access other clients connected to the same VPN.

  For example, if I have 2 clients connected to the VPN, customer and CustomerB, with a pool of vpn IP addresses such as 10.40.170.160 and 10.40.170.161 respectively, these two clients are not able to communicate with each other.

  Any help is welcome.

  Thanks in advance.

  Hello

  I'm a little rusty on the old format NAT, but would be what I would personally try to configure NAT0 on the 'outer' interface.

  It seems to me that you currently have dynamic PAT configured for the VPN users you have this

  NAT (outside) 1 10.40.170.0 255.255.255.0

  If your traffic is probably corresponding to it.

  The only thing I can think of at the moment would be to configure

  Note of VPN-CLIENT-NAT0-access-list NAT0 for traffic between VPN Clients

  list of access VPN-CLIENT-NAT0 permit ip 10.40.170.0 255.255.255.0 10.40.170.0 255.255.255.0

  NAT (outside) 0-list of access VPN-CLIENT-NAT0

  I don't know if it works. I did not really have to configure it on any ASAs running older software. There was some similar questions here on the forums for the new format.

  -Jouni

• 64-bit machine access 887VA VPN

  Hi guys,.

  I have a VPN solution for remote access in place of a Cisco 887VA router running.

  Until recently, all remote users were both OSX and WinXP users and as such as the native client VPN and VPN Cisco Client 5.x worked perfectly. Now, I have a user who is trying to connect using a Windows machine 7 64-bit which he apprers is not supported by this type of client and documentation, I can find says that there is no alternative other than the AnyConnect platform.

  I ran up to a Windows 7 machine to set up an AnyConnnect client that is a failure on the connection.

  After reading further the AnyConnect administration guide I see that it says this will allow only access to a device of type ASA with no mention of an IOS device.

  Is this the case? If Yes, how someone connect a 64-bit computer for a remote access vpn based IOS?

  I'm confused and I'm not going to be able to allow users of 64-bit on the VPN network.

  Any guidance is appreciated.

  Thank you

  Bruno

  Yes, you can still use IPSec VPN Client (version 5.0.7 (440)) to connect, however, Yes, IPSec VPN Client is going EOL.

  Here are the name of the file that you can download which take supported Windows 7 64-bit: vpnclient-winx64-msi - 5.0.07.0440 - k9.exe.

  Notification of end of LIFE for the VPN Client are:

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5743/ps5699/ps2308/end_of_life_c51-680819.html

  You can also use the AnyConnect for remote access to the router IOS, however, you must purchase the SSL VPN license to connect using the AnyConnect client.

  Hope that helps.