No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

FAQ-How to configure NAT mapping to access eSight

Publication Date:  2018-04-30  |   Views:  1044  |   Downloads:  0  |   Author:  l00509359  |   Document ID:  EKB1001542788

Contents

Issue Description

How to configure NAT mapping to access eSight?

Solution

modify the eSight side 

Open the default ssoclient.xml file of eSight (take eSight Solution V300R005C00 for example)

 <?xml version="1.0" encoding="UTF-8" standalone="no"?>

<config name="oms">

    <!-- Single Sign On -->

    <config name="sso">

        <config name="client">

            <param name="enabled">true</param>

            <param name="isLocalsso">true</param>

        </config>

        <config name="servers">

            <config name="upper_layer_server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

            <config name="server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

        </config>

    </config>

</config>

1)from the content <param name= "enabled" >true</param> you can see that the SSO feature is open, so you need to configure the ssoclient.xml and sso.xml files when you do NAT mappings to access eSight. 

2)<config name= "upper_layer_server" means eSight supports superior network management configuration, such as no superior network management does not need configuration: 

3)<config name= "server" > eSight lower level network management, please refer to the following steps to modify the NAT mapping eSight access steps:

Modify the lower level network management NAT map to access the eSight step:

1.modify the ssoclient.xml file


File path: AppBase\etc\oms.sso\ssoclient.xml.

To ensure that large and small nets can access eSight after the NAT mapping is completed, a new entry is required.

<config name="server">

    <param name="entryAddressMapping">X.X.X.X</param>

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://X.X.X.X:31942/sso/</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://X.X.X.X:31942/sso/logout</param>

            </config>

 

2.modify the sso.xml file 

File path: AppBase\etc\oms.sso\sso.xml. 

Modify the following parameter values:

<param name="client-trusted-ip">10.13X.X4.98,X.X.X.X</param>

3. restart the eSight server.

 

4. The final configuration file is:

 

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<config name="oms">

    <!-- Single Sign On -->

    <config name="sso">

        <config name="client">

            <param name="enabled">true</param>

            <param name="isLocalsso">true</param>

        </config>

        <config name="servers">

            <config name="upper_layer_server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

            <config name="server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

            <config name="server">

                <param name="entryAddressMapping">X.X.X.X</param>

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://X.X.X.X:31942/sso/</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://X.X.X.X:31942/sso/logout</param>

            </config>

        </config>

    </config>

</config>

2.configuring port mapping on a AR like device 

2.1 take AR as an example to configure the port map as follows: 

Nat server protocol TCP global X.X.X.X 31943 inside 192.168.3.10 31943 

Nat server protocol TCP global X.X.X.X 31942 inside 192.168.3.10 31942 

Nat server protocol TCP global X.X.X.X 8080 inside 192.168.3.10 8080