AAA/Identity/Nac :: ACS 5.1 Handling Of Encrypted Backups (gpg)
May 24, 2010
I've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?
View 1 Replies
ADVERTISEMENT
Jul 14, 2012
I'm configuring ACS for the first time and the config is complete and working, except backups of the view database. I've created a TFTP repositiory and if I perform a manual backup or wait for a scheduled one to occur it fails. I do get a .tar.gpg file in the TFTP server (but can not restore from it as it's not listed in "Restore" as a backup).
It works fine if I create and use a local disk repository. I get a .tar.gpg but also a catalog.xml and repolock.cfg file (which I don't in TFTP). Looking at the logs on the TFTP server I can see it tries repeatedly to read the catalog.xml file but fails:
Read request for file <DB/catalog.xml>. Mode netascii [15/07 16:05:52.167]
File <DBcatalog.xml> : error 2 in system call CreateFile The system cannot find the file specified. [15/07 16:05:52.167]
That seems correct, the file doesn't exist. However it never seems to try and create it.
View 2 Replies
View Related
Mar 14, 2012
are the connections between the ACS and external identity stores encrypted?I know that when setting up LDAP identity store there is the option to specify SSL conection. Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?
View 3 Replies
View Related
Apr 12, 2013
My current modem, the Arris DG860, when in router mode, handles uTorrents set to 1500 max connections fine, same with my FIOS Actiontec router at my work. However, I just bought a DLink DIR655 router (which I thought I researched properly to be great with torrents) and it crashes even with max connections set to 300 in my client.
Tempted to return the thing and get a better router, any great wireless router that has awesome range and can handle lots of torrenting?
View 7 Replies
View Related
May 22, 2012
We have a Terminal Server through which everyone access their outlook. To avoid any impact on its performance, we have disabled the IE in it. Everyone access the terminal server using the Remote desktop.For the above mentioned setup, is there any way to make the weblinks in the remote machine to get open in the main machine? Main Machine or the Local Machine runs with Windows 7 OS.
View 3 Replies
View Related
May 29, 2012
I know that it's possible on the CSS to handle multiple incoming HTTP requests that terminate on the same IP address and port and balance them to various servers based on the url. For instance, I can set up URL at the same 192.168.35.12 address in DNS, and set up two different content rules:
content cats
vip address 192.168.35.12
port 80
url "//www.cats.com/*"
add server cats1
add server cats2
active
content dogs
vip 192.168.35.12
port 80
url "//www.dogs.com/*"
add server dogs1
add server dogs2
active.
Easy and straightforward.
But what if I want to add SSL handling for URl. I'm not sure how to create the ssl-proxy-list where one content rule (ip address/port) combination needs to pass through the ssl module and get matched with the proper ssl certificate.
Can this be done? Can one associate multiple certs and keys with a single ssl-server entry and a single ssl accelerator service? Or do I have to create multiple ssl-proxy-lists for cats and dogs and build multiple ssl services each referring to a unique ssl-proxy-list, and then use the url parameter in the https content rule to determine which ssl service (and therefore which key/cert pair) gets the traffic?
View 1 Replies
View Related
Nov 16, 2011
I'm living in a house with 6 people on 2 floors, and the router isn't handling all the traffic well. I have an extra router that might be able to serve as an wireless access point, but from what I've been told that wouldn't solve anything if the problem was that the first router doesn't have the capacity for that much traffic. It's a 50+ dollar wireless N router though and fairly new (forgot the model number)
View 5 Replies
View Related
Mar 6, 2012
We're testing the reference system shown in the figure below. System Description Four 2960 switches are used for transport;Equipment 1 and Equipment 2 exchange packets for synchronization;To reach synchronization Equipment 1 and 2 must exchange data with a very low jitter. 2960 Configuration details Four our test puprose, we're using 100Mbit/s ports (22 and 23) as trunk.In order to obtain minimum jitter We performed these configurations:We Enabled QoS;We Marked Synchronization packets with CoS 7 and DSCP 63;We marked other kind of traffic inserted in different ports) with CoS 0;We set "trust DSCP" on trunk ports;On the trunk ports we mapped traffic with CoS 7/DSCP 63 (and only this) on output queue 1;We enabled the expedite queue (priority-queue out). QuestionWith these settings we aim at forcing our synchronization packtes to precede other kind of traffic and go from Equipment 1 to Equipment 2 with minimum jitter.Unfortunately we experienced high jitter when both synchronization packets and other traffic are sent through the systems.
View 9 Replies
View Related
Jun 19, 2012
i have a 2008 server that needs 80GB of data backed up over a VPN.i want to use backup exec 2012 i tried backing up the first 10GB but at the rate it will take two weeks to copy across we are upgrading our upload, but it still wont be viable i need to put the machine on the local network, do a full backup then point a differential backup to the same full backup (Anyway thats what i think should happen)
View 8 Replies
View Related
Mar 11, 2013
With this Windows 7 & 8 needing storage device for ISO, looking for a better way to back'em up through my network... or having storage device attached to My router..?This is my router.. It has ReadyShare USB storage Access [URL] PDF Manual Router:[URL]I have available hardware 500Gb eBook device I can use???I also have a [URL]How to set these items up for best preference.
View 6 Replies
View Related
Feb 7, 2013
I understand that a full backup backs up everything, and a differential backs up all changes since a full backup, and an incremental backup backs up all changes since the previous incremental.My belief is that I can do a full backup on Sunday, then differentials Mon- Fri. Then, if everything crashes, I can restore the full, then the most recent differential (As opposed to a full restore, an a bunch of incrementals to catch up)My question is if I do a full backup on Sunday, on Tuesday user Mary creates a file, on Wednesday she deletes it by mistake, then on Friday she realizes it and calls me.Will that file still exist on Thursday night's differential? Or do I need to load up Wednesday night's backup?The reason I am asking is because I am trying to go off of tapes and use a NAS instead. I would like to have a Sunday full backup, then have one differential backup that gets overridden nightly, to save space.By doing this, I will only have a full backup and the most recent differential. The alternative is to have a weekly backup and 5 differentials, which takes up more space?
View 1 Replies
View Related
Oct 31, 2012
I have an SSL VPN set up on my ASA 5520 with a self signed cert. When I run the AnyConnect install on my desktop machine I have click through a few windows to accept the certificate. When I connect through the mobile client on Android, the connection goes right through without a prompt to import/choose/download a certificate. I'm able to connect but I'm wondering if the phone has actually recieved a certificate. I'm in the 'Advanced Connection Editor' screen and the certificate setting says "Automatic".
View 2 Replies
View Related
Nov 18, 2012
I have a new installation of LMS 4.2 on the Soft Appliance and seem ot be only able to configure backups to the local disk? There is no option to select any of the configured repositories like there is in ACS. I can backup to /local disk, after change to filesystem as below:
chgrp casusers -R /local disk chmod 0775 /local disk
But the issue is, how to I get this off the box in an automated fashion so it can be part of our corporate backup schedule?
View 0 Replies
View Related
May 15, 2011
I have been trying, so far unsucessfully, to trigger backups to a TFTP server of our SGE201 switches. I have testesd TFTP backups via the web interface, and that does work. I need SNMP as I need a scriptable method to trgiger the backups on a regular schedule. I am running the SNMP query from a RedHat Linux server. So far I have the following query work out, but it is failing: [code] The error I am getting is generic, and the same query failed on multiple switches running Software Version 3.0.0.18. The switch is set with the community having full SNMP-admin access from the server's IP address.
View 3 Replies
View Related
Mar 2, 2012
I would like to schedule automatic backups of our ASA5500's OoO-hours:
1. SSH from secure server and create _FULL_ backup - what would be the CLI command(s) ?
2. SCP from secure server and retreive file(s) - what is the location of the file(s) ?
View 12 Replies
View Related
Jul 24, 2012
I had a pair of Dell R710's and need to revamp our battery backups badly. Having almost no budget has its difficulties.These are 2x 120v 2200 smart ups. The servers both run win2k8r2. Not looking for run time, looking for safe shut down. Thinking 1 server per.
View 19 Replies
View Related
Jun 7, 2013
Although I have no problem with backup/restore in ISA550 when I do it in the same device, I do have problems when restoring in one unit the backup of another unit, i.e. when cloning devices in order to avoid having to configure every device from scratch. Lets call A the master device and B and C the devices I try to clone (to save most of the configuration) to modify them later. I get two different situations here, but none of them works:
Situation 1.B reads without complaining the backup from A and gets the same configurations settings than A, but once modified appropriately to stablish a VPN Site-to-Site tunnel with A, ther is no way to make it work. Furthermore, this unit cannot be configured to VPN with A, even using the Site-to-Site wizzard (which resets all VPN settings).
Situation 2.C complaints when reading the backup from A and does not read it. However, this unit can be configured by hand using the wizzard and the VPN works fine.
So, I suspect that something in the backup identifies the unit in such way that VPN gets in troubles. What it does work is doing a FULL RESET of the unit B and then configure it manually.
I have reported the issue but the Cisco agent closed it simply saying that this cannot be done. I have serious dificulties believing that in you have N devices you have to do N configurations from scratch. I am aware that perhaps some codes must be removed before doing a backup, or that should be something like an "anonymous backup" for such objective, but I cannot accept that it is impossible to do.
View 1 Replies
View Related
May 29, 2011
I have a simple wireless network in my home run through a Linksys WRT54G Router connected to a cable modem. I set up a Western Digital 1TB external hard drive as a network drive through use of a Seagate FreeAgent DockStar. (The HD connects to the DockStar by a USB cable, which in turn connects to the router by an Ethernet cable.)
The hard drive functions as a network drive and I've configured Windows 7 Home Premium on my laptop computer to recognize it at start-up so it can essentially be used read and written to like a local drive.
Is there a way to make Windows 7, either by built-in software or third party software, automatically backup certain files or directories when changes are detected?
For example, I have a folder on my internal HD where I organize the vast amount of photos that I take so that I can easily find them through the operating system instead of having to go through a photo manager. In my ideal situation, something would be monitoring to see if I have made changes in only that folder (either adding new folders, deleting photos, or modifying files) and simultaneously make the changes to the network hard drive. Effectively, I want something to mirror the changes on my local hard drive on the fly and update the network hard drive accordingly. I do this all manually at the moment and it sucks up a lot of time that could probably be done automatically.
View 3 Replies
View Related
Sep 23, 2011
I reloaded XP on an old laptop I have, a Toshiba Satellite, and it works fine. Problem is when I try to connect to my wireless network, it comes up as being security protected...and it isn't...and never has been. I have other computers connecting just fine, but I can't seem to figure this one out. I don't have a key to enter as there isn't one! I installed a USB wireless adapter, and it works fine, but I don't want to use the adapter on the laptop.
View 6 Replies
View Related
Mar 13, 2012
How WEP cracking works. I have a much better understanding now but it seems whatever programs I download and however close I get I always hit a wall somewhere. I am using windows 7 64 bit and my network adapters/cards are Broadcom 802.11n Network Adapter and Broadcom Netlink(TM) Gigabit Ethernet. I am not sure if these are adequate. I was using Commlink and aircrack but not sure if they are compatible and which versions i should have installed. I got as far as the collecting packets stage but the packets that appeared said ENCRYPT which was not correct and then my computer went to blue screen adn shut down and I had to system restore.
View 1 Replies
View Related
Mar 4, 2012
The only way we can use our Motorola router is unencrypted. I have gone into the router numerous times and reset it, unplugged it, retyped the WEP key, tried to shift to WPA and nothing works. None of three computers in the house will connect unless all encryption is off. We live in a good neighborhood on a cul de sac, don't get a lot of traffic through here, and know the immediate neighbors, but nothing is stopping a stranger with a laptop from sitting on the street and using our wifi. I've talked to the Comcast tech. The trouble just seems to be our boxes won't get past the WEP encryption stage.
View 8 Replies
View Related
Aug 21, 2011
I have XP running on this older laptop for my kids.I wish to connect this laptop wireless (WPA2 encrypted) with the internet AND with other hardware in my home (other pc, harddisk, mediaplayer, printer).I know it can be done in windows 7, and Microsoft also had a virtual WiFi research project for a WEP encrypted visual WiFi.But as said I need a WPA2 encrypted virtual WiFi for a laptop running XP.
View 14 Replies
View Related
Dec 1, 2012
Packet Sniffing is mainly used on non-switched networks to display data that was supposed to be sent to nodes other than yourself, allowing you to see information such as usernames and passwords etc.My question is, why can this technology not be used as easily on a switched network? When nodes send data through a switch does it become encrypted?
View 6 Replies
View Related
Oct 12, 2012
How can we check when we connect using VPN client software if traffic is getting encrypted ?
View 7 Replies
View Related
Jan 13, 2012
This is a 5-year-oldish Gateway MX-6124 laptop running under Win XP 2002, SP3. I'm using SureWest DSL, with an ISP-supplied ComTrend NexusLink 5631 Modem/Router. The router is set up as a Secure Network, using WPA encryption. The laptop wireless operation light toggles off/on correctly using Fn-F2 control keys.I can connect to an open or non-secured wireless router, & have verified that at my church, at the Public Library, and at Starbucks. However, I cannot successfully connect to a passworded secured wireless source. I tried to use a secured network connection at my church yesterday, and could not connect. It "tries & tries" and eventually gives up and displays a cannot-connect type of message.
The laptop has worked correctly for several years on my home wireless network. It only stopped working about 3 or 4 weeks ago. I cannot recall changing anything in setup; I probably did it accidentally.I've spent about 2 hours in a couple of sessions with SureWest tech support. They diagnosed router setup using direct connect to the router, plus they talked me through several attempts at configuring the wireless config setup on the laptop. Everything I reported to them on the config settings appeared to be just fine. They also deduced that the wireless config on the desktop & router was correct.SureWest techs finally concluded that something was wrong with my laptop software config or the hardware, disabling it from making a encrypted connection. That sounds right to me, now having witnessed the secured connection failure described above, at my church wireless site.
I've looked at all the refs & things I can think of, plus followed step-by-step directions a couple of times with the SureWest techs. They rightfully pointed out that they could not make a tech support repair call on what did not appear to be a SureWest-related problem.I can easily make screenshots of any config screens needed on the laptop & upload to this forum.
View 5 Replies
View Related
Sep 19, 2011
I am actualy trying to make a remote access VPN between a ISR1921 and Windows 7 pro. I already managed to put a PPTP VPN with an authentication against our LDAP databse via radius. But our password are in SHA1 in our LDAP, so I had to let the password unencrypted on the network using pap and this is bad.If I don't use pap, it simply doesn't work since all the other method need unencrypted password for the challenge authentication.Does that mean that every remote access VPN keep our password unencrypted ? Maybe use EAP (but I can't find a howto or good documentation about it)? Can I add a certificate or something?
View 1 Replies
View Related
May 13, 2012
Is it possible to configure an IPSEC GRE tunnel with RIP on an SRP527w? I see RIP, GRE & IPSEC are all possible.. But I'm not sure about them all together securing the GRE tunnel??
I basically want to do this with the SRW routers not native IOS. Single head end hub & spoke.
View 1 Replies
View Related
May 26, 2012
I've configured an ASA5505 to be Lan to Lan VPN tunnel endpoint, peering with a linux box. The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets. It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
ACL for NO_NAT:
access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)
[code]....
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN. The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post. I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa. The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.
View 4 Replies
View Related
Sep 14, 2011
I have
MLS : C6509-E
SUP : VS-S720-10G
PFC : VS-F6K-PFC3CXL
I'm trying to find out what is its limitation for encrypted traffic via SVTI there .
I don't have a SPA for the ip sec .
View 2 Replies
View Related
Oct 8, 2012
Is a 3750 sw capable of handling full routing tables and what can you recommend in a small mutihomed BGP router or switch capable of handling full routing tables?
View 2 Replies
View Related
Jun 24, 2011
Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?
View 3 Replies
View Related
Mar 28, 2011
Our campus using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco 1130 access point and Cisco Secure ACS 4.2 Solution Engine 1113 Appliance as radius server. For username and password, ACS will export the data from Oracle database (production DB). The problem that we are facing right now is password that store in oracle database is in encrypted format. Base feedback from our database administrator, the encryption is done by oracle - application layer and cannot be decrypt back. In Oracle they call it "Oracle Stored Procedures"
My questions :
1- Can Cisco Secure ACS 4.2 work with Oracle 10G or 11G?
2- Is there any option to tackle the encrypted password? Can ACS handle the "Oracle Stored Procedures" function?
View 2 Replies
View Related
Sep 12, 2011
The design is typical Cisco unified wireless solution. In such a implementation, is the traffic from the guest user who has successfully authenticated via WEB-AUTH encrypted? If so, what is the standard used, AES128 or TKIP?
View 6 Replies
View Related
