Cisco Application :: Third Party Payment Gateway Design For CSS115003
Dec 16, 2011
I have a scenario.On our website, there is an option to pay mobile,electrycity etc bill from payment gateway (third party). when user click on that link, my servers(behind CSS) should go to paymrent gateway using their SSL cert (payment gateway SSL cert) and should provide payment gateway link to user on our website.
How to implement this scenario using CSS115003 ?
user access URL---click on Payment Gateway---My servers get authenticated from pyament gateway using their cert--revert back and provide payment gateway link to user on URL.
We are evaluating the one-arm design for the ACE 4700 and need some clarifications:
1. Are there any limitations in the one-arm design and the SSL offloading
2. Can the ACE be configured with an IN and an OUT vlan to the router
CLIENT -> Router -> ACE IN -> ACE OUT -> Router -> Server Vlan
so that the SSL and the clear text traffic is in a separate Vlan?
3. In some sample configuration i saw SNAT configuration on the ACE to modify the client IP. This i assume is for instructing the return traffic from the server to go through ACE? Using SNAT we eliminate the requirement for NAT or PBR on the router? Will i still be able to insert the client IP address after the SSL offload?
Current topology in network is such: web servers with content needing to be load balanced are in vlan 35 and these servers are directly connected to Core switch (two 6509 VSS) via 20 Gb EtherChannel. Vlan 35 also spans some other switches with other servers residing in this vlan. Additionally, there are dozens of another vlans (including external users) that need to communicate with web servers. IP addresses of these two web servers are: 192.168.35.1/24 and 192.168.35.2/24 accordingly with default gateway 192.168.35.254/24 (SVI on Core switch). Currently these ip addresses are used by management and other purposes and need to be reachable for same purposes after configuring load balancing with ACEs - it is needed to have direct access to servers behind ACE. How I can do that using ACE in routed mode?
I have Cisco 6500 with FWSM and ACE module which are in one central DC. Also we have four different Datacenter (Hub & spoke) and in our FWSM we have configured four contexts in central DC FWSM for each DC. Each DC servers are different VLAN and IP subnet. Now we have to configure ACE module for load balancing among those different subnet servers. What will be the design and configuration for this solution? Like routed or one-arm mode design.
Now customer requirement is we have to load balance using ACE between these App Servers which are in different context s in FWSM and one Server is not FWSM. how to configure or design or placement of ACE and FWSM for above scenario.
Is it all possible to use an ACE30 to RHI a VIP which acts as route for servers on LAN A to reach LAN B . We have 2xL2 WAN circuits between 2 sites used by only 4 servers for (different L3 subnets for the hosts). I`m considering using a VIP to load balance across 2 WAN circuits using L3 interfaces on the MSFC either side as rservers with a single VLAN in/out on the ACE where the VIP resides - simlair to using the Cisco design for firewall load balancing minus the inspections etc. Obviously we can do this entirely in the MSFC but considering options.
ACE version is A5_2_1.the transfer was carried out by the following procedures.1) C6509 vlan set2) client and serverfarm vlan svclc vlan-group not included.3) ACE configuration. - FT vlan 999 - Client vlan 20 - Serverfarm vlan 154) ACE services enable
Problem occurs, I know why I do not know.
Was configured as follows.
======>> MSFC Configure (C6509#1 and C6509#2) svclc autostatesvclc multiple-vlan-interfacessvclc module 4 vlan-group 150svclc vlan-group 20 999 C6509#1interface Vlan20 ip address 172.16.20.2 255.255.255.0 no shutdown ip route 192.168.15.0 255.255.255.0 172.16.20.100 [Code]....
I'm setting up an ACE 4710 in our test lab before deploying in production. Do the test web servers I am using need to use the ACE as their default gateway? The are currently configured to use a multilayer switch on their vlan as their gateway but I'm guessing the ACE needs to see the return traffic for load balancing to work correctly?
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway.Issue is while connecting specific application like team viewer in which application tried to send keepalive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
We use a phone system that requires SIP Application Layer Gateway to be disabled on the router. We replaced the older RVO42 routers with the WRVS4400N routers and the VOIP phone works fine with this check mark option disabled.
Does the new RVO42 router allow you to disable this option? I did not find it in the manual so far. I do not want to buy two routers and find that it will not work with the phone system. We need Dual WAN this time so I thought we would try RVO42 model again as long as it is the latest version. Any issues with newer RV042, RVO82 with NEC VOIP phone systems?
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway. [code]
Issue is while connecting specific application like team viewer in which application tried to send keep alive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
Any 3rd party CA to provide a root cert for the ACS & verify csr's generated by the 7925's? I've spoken with customer service at Verisign and GeoTrust and either i'm explaining it totally wrong or their not providing CA services for this type of secured environment. sHA1 using EAP-TLS.
I would like to use the NCS 1.2 to monitor Juniper SRX 210 firewall. When I try to import the MIB File from NCS, which show "Error: Failed to load MIB File "mib-802" because it is not in the resource path.what I can upload the MIB File from Juniper. [code]
I have came across some third-party ws-g5483's that I was thinking of using. But when I go to plug them in, nothing seems to happen. I have tried them in ws-c3548-xl-en and also a ws-c3524-pwr-xl-en with the same results. I know on the newer switches you can do the serviice unsupported-transceiver command but is there anything I can do to get these to work with older switches?
I am using a cisco asa5520 and i have set up remote access vpn with an AnyConnect connection profile.In the connection profile i have set up that users should authenticate using both certificate and AAA.Due to a high security requirement, the user certificate is issued from a 3rd party. This is working fine and the user now need a valid certificate and a username/password to authenticate successfully.I added the CA certificate as a associated trustpoint on the ASA box to get the certificate verification working.Problem:If Jane and Joe both have a valid certificate AND a valid username/password, Jane could authenticate using a combo of Joes certificate, and Janes username/password. Both are valid (isolated), but i only want jane to be able to authenticate with her username/password and her personal certificate.
I'm responsible for designing the network for a LAN party that will be held in October. There will be up to 400 participants and 25-30 crew members. 10 table rows, 40 participants and one 48-port gigabit switch on each table. Core network will be a couple of Cisco 3560G or similar. There will be 2xGbit between the table and core switches.So, how to set up VLANs and subnets for a 400+ people network?
1) Everything on one /23 subnet, or
2) Participants on one /23 subnet, separate subnets for servers, crew and wireless, or
3) Participants on two /24 subnets, separate subnets for servers/crew/wireless, or
4) Separate /26 subnets for each table switch and for servers/crew/wireless?
As far as I can see, the main disadvantage of all participants on one subnet is troubleshooting and isolating network problems - and the main disadvantages of separate subnets is more complex setup and that people cannot browse LAN games other than those on the same switch.
I am thinking about running some third-party unified communications apps under VMWare ESXi5 on a Cisco SRE 900 module. According to the Cisco docs, third-party apps are supported on these modules (see table below) but the app in question is NOT on Cisco's list below.
[URL]
Some questions:
1. As long as the third-party app is capable of running under VMWare/VSphere ESXi5, is there anything on the SRE that would prevent you from running this third-party app even though it's not on Cisco's list?
2. What is Cisco's policy on the use of third-party apps that are not on their list? For example, will they take a support call on the SRE running a non-listed app. (I don't want to void any sort of support contract through the use of a third-party app not on their list).
I have a school club, but our school does not allow any wireless networks within the school perimeters.Wired are allowed, but wireless are not allowed.I plan to host a LAN party for my club, and we will have about 20-30 people.We cannot have any internet access, and I have not touched a wired stuff, There is a 24 ethernet switch, and if I buy one, and suppose I buy another 24 ethernet switch (I know there is a 48 ethernet switch), can I connect those two 24 ethernet switches to make 47 ports?* For a LAN party without internet access, can we use an ethernet switch or do we use something else?* For 20-30 people, it is recommended that we have a ~8mbps upload speed. When ethernet switches advertise 10mbps, is that upstream & downstream? When all the computers are hooked to 24 ports, does the advertised 10mbps go lower? (I have seen 100/10 mbps, and I don't know what that means)
I'm trying to connect a few of my devices to the wireless internet at home.
1.Xbox 360 2.Galaxy Tab 10.1 3.My Touch 4g
All of them can recognize the the network they just will not connect. All my freq are good 2.4 or 2.5. WEP Key works no problem, just the minute I try to connect the galaxy tab and cell phone just says "remembered, secured with WPA/WPA2 PSK." The xbox when running the test connection fails as well.
I had something odd happen to my Dlink router DIR-651 model. During the early evening hours someone changed the SSID name of my Router. Nothing else changed that I could see right off. So I reset the router to Factory Defaults.
I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN. I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.
I have windows 7 clients (supplicants), D-link access point (authenticator), Cisco acs 5.2 virtual appliance with evalution license (acts as authentication server - Radius server). I want to setup EAP authentication (PEAP) that users will be able connect to Wireless LAN with login-password. I've done some configurations, but I did not get any result. in ACS 5.2 I get this error message: 11014 RADIUS packet contains invalid attribute(s): RADIUS Request dropped.
So since my web auth cert is expiring I got it renewed from VeriSign and they sent me back the file. Do I need to again combine the "myprivatekey.pem" file and the new one that I got and then load it on the WLC? Can't find any guidelines and instructions from Cisco on this. Or do I need to go through the whole regenration of CSR process again etc?
We have just installed a Cisco RV120W behind a third party firewall. All works correctly now, but we are struggling to get the Quick VPN clients connected. I have enabled port forwarding for PPTP & L2TP over IPSEC on the third party router, but still cannot connect (the RV120W was previously used as a primary router & worked perfectly). What ports do I need to open on the third party router to get this to work correctly?
I'm fairly new to networking but I've learned quite a bit on my own without being educated. I'm trying to just figure things out on my gear. So for my LAN party i'm going to need an internet connection. I'm not going to rely on my venues subnet though so i want to create a new /24 subnet(250 hosts is good for a start). I want my subnet to be able to speak to the outside network too.
I am new to these forums and I have upgraded from firmware 1.00 on the DIR-815 to the 1.01 firmware and once I upgraded, I can log into Xbox, but can't host party chats or host game rooms. I also noticed that any and all messages sent from friends didnt show until I rebooted my console. Something is SERIOUSLY WRONG here and would like a MOD to comment on this.
Xbox works fine for some things, I can access Netflix, can download from live marketplace, etc, but cannot join a party and cannot play a game. Other people cannot join my party, cannot play my game. Error when I try to join a party is "Can't connect to xbox live party, there might be a network problem."
Xbox join party and games work fine when connected directly to comcast (motorola) modem.Dir-601, firware 1.02NA and 101NA. Hardware version A1.Port forwarding TCP 53,80,3074 and UDP 53,88,3074 - also included TCP 80 and 21 to no avail.
In CUCME if you do not configure any translation rules and leave the system mainly at default, when a call is routed to the PSTN the CUCME system sends the true calling party ID which would be a users extension number. Is it correct to assume that a CUCM server based system, when too left at the majority of default (without translation rules or stripping etc) that it will send the true calling ID to the gateway?
I've got a Cisco 1941 setup working fine for Cisco Anyconnect. Clients can connect to local resources fine. The issue I have is I need the remote clients to access a third party IP address but to do so they must do it through the VPN. At the moment only local resources are accessed across the vpn and if they need internet they use their own internet connection they are connecting with.I've added the below to make sure traffic going to the IP is going across the VPN.
how ISE support on third party LAN switch, if the requirement is doing 802.1X based flexauth.Refer to the diagram i attached; 01 topology.png
Concern 1: if the 3com switch with 802.1X feature, but still without the full feature to support FlexAuth, policy encforcement, DACL etc. In this kind of situation, will user still able to authenticate (using method PEAP-MSCHAP v2), but authorization just grant with permit any any?
Concern 2: Can i assume i authenticated the 3com switch using MAB? But this will cause endpoint with no 802.1X, am i right?
Concern 3: cisco switch C4507-E, loaded with IOS version Cat4500e-UNIVERSALK9-M, version 03.04 and Supervisor Engine :WS-X45-SUP7-E, is this platform is supported in Cisco TrusctSEC?
