Publication Date: 2018-04-30 | Views: 1305 | Downloads: 0 | Author: l00509359 | Document ID: EKB1001542788
How to configure NAT mapping to access eSight?
modify the eSight side
Open the default ssoclient.xml file of eSight (take eSight Solution V300R005C00 for example)
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<config name="oms">
<!-- Single Sign On -->
<config name="sso">
<config name="client">
<param name="enabled">true</param>
<param name="isLocalsso">true</param>
</config>
<config name="servers">
<config name="upper_layer_server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
<config name="server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
</config>
</config>
</config>
1)from the content <param name= "enabled" >true</param> you can see that the SSO feature is open, so you need to configure the ssoclient.xml and sso.xml files when you do NAT mappings to access eSight.
2)<config name= "upper_layer_server" means eSight supports superior network management configuration, such as no superior network management does not need configuration:
3)<config name= "server" > eSight lower level network management, please refer to the following steps to modify the NAT mapping eSight access steps:
Modify the lower level network management NAT map to access the eSight step:
1.modify the ssoclient.xml file
File path: AppBase\etc\oms.sso\ssoclient.xml.
To ensure that large and small nets can access eSight after the NAT mapping is completed, a new entry is required.
<config name="server">
<param name="entryAddressMapping">X.X.X.X</param>
<param name="name">192.168.3.10:8087</param>
<param name="public">https://X.X.X.X:31942/sso/</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://X.X.X.X:31942/sso/logout</param>
</config>
2.modify the sso.xml file
File path: AppBase\etc\oms.sso\sso.xml.
Modify the following parameter values:
<param name="client-trusted-ip">10.13X.X4.98,X.X.X.X</param>
3. restart the eSight server.
4. The final configuration file is:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<config name="oms">
<!-- Single Sign On -->
<config name="sso">
<config name="client">
<param name="enabled">true</param>
<param name="isLocalsso">true</param>
</config>
<config name="servers">
<config name="upper_layer_server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
<config name="server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
<config name="server">
<param name="entryAddressMapping">X.X.X.X</param>
<param name="name">192.168.3.10:8087</param>
<param name="public">https://X.X.X.X:31942/sso/</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://X.X.X.X:31942/sso/logout</param>
</config>
</config>
</config>
</config>
2.configuring port mapping on a AR like device
2.1 take AR as an example to configure the port map as follows:
Nat server protocol TCP global X.X.X.X 31943 inside 192.168.3.10 31943
Nat server protocol TCP global X.X.X.X 31942 inside 192.168.3.10 31942
Nat server protocol TCP global X.X.X.X 8080 inside 192.168.3.10 8080