No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to configure NAT mapping to access eSight

Publication Date:  2018-04-30 Views:  286 Downloads:  0
Issue Description


How to configure NAT mapping to access eSight

Solution

1 modify the eSight side
Open the default ssoclient.xml file of eSight (take eSight Solution V300R005C00 for example)

 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<config name="oms">
    <!-- Single Sign On -->
    <config name="sso">
        <config name="client">
            <param name="enabled">true</param>
            <param name="isLocalsso">true</param>
        </config>
        <config name="servers">
            <config name="upper_layer_server">
                <param name="name">192.168.3.10:8087</param>
                <param name="public">https://192.168.3.10:31942/sso</param>
                <param name="private">http://192.168.3.10:8087/sso</param>
                <param name="logout">https://192.168.3.10:31942/sso/logout</param>
            </config>
            <config name="server">
                <param name="name">192.168.3.10:8087</param>
                <param name="public">https://192.168.3.10:31942/sso</param>
                <param name="private">http://192.168.3.10:8087/sso</param>
                <param name="logout">https://192.168.3.10:31942/sso/logout</param>
            </config>
        </config>
    </config>
</config>

1, from the content <param name= "enabled" >true</param> you can see that the SSO feature is open, so you need to configure the ssoclient.xml and sso.xml files when you do NAT mappings to access eSight.
2, <config name= "upper_layer_server" means eSight supports superior network management configuration, such as no superior network management does not need configuration:
3, <config name= "server" > eSight lower level network management, please refer to the following steps to modify the NAT mapping eSight access steps:

Modify the lower level network management NAT map to access the eSight step:

1. modify the ssoclient.xml file

File path: AppBase\etc\oms.sso\ssoclient.xml.

To ensure that large and small nets can access eSight after the NAT mapping is completed, a new entry is required.

<config name="server">
    <param name="entryAddressMapping">6.6.6.6</param>
                <param name="name">192.168.3.10:8087</param>
                <param name="public">https://6.6.6.6:31942/sso/</param>
                <param name="private">http://192.168.3.10:8087/sso</param>
                <param name="logout">https://6.6.6.6:31942/sso/logout</param>
            </config>

2. modify the sso.xml file
File path: AppBase\etc\oms.sso\sso.xml.
Modify the following parameter values:

<param name="client-trusted-ip">10.136.64.98,6.6.6.6</param>

3. restart the eSight server.

4. The final configuration file is:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<config name="oms">
    <!-- Single Sign On -->
    <config name="sso">
        <config name="client">
            <param name="enabled">true</param>
            <param name="isLocalsso">true</param>
        </config>
        <config name="servers">
            <config name="upper_layer_server">
                <param name="name">192.168.3.10:8087</param>
                <param name="public">https://192.168.3.10:31942/sso</param>
                <param name="private">http://192.168.3.10:8087/sso</param>
                <param name="logout">https://192.168.3.10:31942/sso/logout</param>
            </config>
            <config name="server">
                <param name="name">192.168.3.10:8087</param>
                <param name="public">https://192.168.3.10:31942/sso</param>
                <param name="private">http://192.168.3.10:8087/sso</param>
                <param name="logout">https://192.168.3.10:31942/sso/logout</param>
            </config>
            <config name="server">
                <param name="entryAddressMapping">6.6.6.6</param>
                <param name="name">192.168.3.10:8087</param>
                <param name="public">https://6.6.6.6:31942/sso/</param>
                <param name="private">http://192.168.3.10:8087/sso</param>
                <param name="logout">https://6.6.6.6:31942/sso/logout</param>
            </config>
        </config>
    </config>
</config>

2 configuring port mapping on a AR like device
2.1 take AR as an example to configure the port map as follows:
Nat server protocol TCP global 6.6.6.6 31943 inside 192.168.3.10 31943
Nat server protocol TCP global 6.6.6.6 31942 inside 192.168.3.10 31942
Nat server protocol TCP global 6.6.6.6 8080 inside 192.168.3.10 8080

END