Cisco AAA/Identity/Nac :: ACS 3415 - Users Access Our Site Using VPN Client Connecting To ASA5550

Jun 3, 2013

I currently have a Cisco ACS 3415 appliance with 5.4. Coming from the ACS 4.2 world, I'm have a bit of a struggle creating the following and I was hoping if I could be shown clear steps I can duplicate the rest.
 
I want to creat a group ie: AIRTEMP with access time from 7:00am to 5:00pm and add 2 users to the group.
 
Users access our site using a vpn client connecting to a ASA5550. The ASA and the ACS already communicate with each other.
 
The ACS 5.4 user guide has me bouncing all over different page.

View 5 Replies


ADVERTISEMENT

Cisco VPN :: Client To Site Users On PIX515E

Feb 12, 2011

i have PIX515E firewall but i need to know through CLI how can i see the usernames for my VPN clients?
 
SH vpnclient?  or sh ?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: CSACS-3415 ACS 5.4 NIC Bonding / Teaming?

May 7, 2013

Does the new UCS hardware change anything ?Can we bundle 2 NICs somehow to get interface redundancy ?If still not possible to configure that in ACS 5 itself:Can it enentually be done on the "hardware" level within the appliance firmware (UCS BIOS)  ?(RHEL would provide NIC bonding,,, unfortunately its not accessable from ACS5 CLI)

View 6 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Cannot Access Remote Office Over Site-to-site

Jul 15, 2012

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 192.160.0.0 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 192.160.40.0 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.

Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4

Site A internal: 192.160.x.x     External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x     External: 66.66.666.54(all)

I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?

Here is my NAT config:

nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
!
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL

[code]....

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ASA5510 / VPN Client And Clientless Users Not Authenticating With AD?

Oct 16, 2012

Web clients are receiving login failed messages and VPN clients are getting disconnected by host messages. I am able to ping the server from the ASA5510.  Users authenticate in AD.  I am not sure if the problem is on the server or the ASA.

View 1 Replies View Related

Cisco VPN :: Asa 5520 Vpn Client On Stick Access From Site To Site

Mar 15, 2012

Have asa 5520 ver 8.0(4) I have vpn client access created and working I have l2l vpn created and working with another set of asa The issue at hand VPN client from internet connects and authenticates, this client can access Site A's networks with no problems. However vpn client on Site A ASA can not access Networks through l2l tunnel located at Site B.

View 2 Replies View Related

Cisco Routers :: RV180W Site-to-site VPN And Client Access?

Feb 9, 2013

I am considering to buy two RV180Ws and place them on two separate locations. But before buying I would like to make sure that the units meets my requirements. Lets call the locations A and B. I would like to connect location A with full network access to location B. But at the same time I would like to have that location B also gets full access to the network at location A.Besides this I would like to be able to connect to one of the networks from remote with my laptop.Preferably all connections should be made using IPSEC and not PPTP.I would like to know if it is possible to make such a configuration, and eventually if there is a smarter way to do e.g. only letting clients connect to location A or B and granting them access to all ressources at both location A and B from there.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ASA5550 / ACS 5.3 - 22056 Subject Not Found In Applicable Identity?

Dec 5, 2012

I have a new ACS 5.3 configure and a ASA5550 to authenticate VPN users using a remote LDAP server. Once I try to authenticate the users with the ACS it gives me the error message "22056 Subject not found in the applicable identity store(s)."
 
I checked out the documentation and have already configure the Identity store sequences to redirect everything to the LDAP server, I also did the Bind test and it says that is ok, but I still have the same problem.
 
I validated the Access Policies Menu, and tried to create a new Service Selection Rules, but whet I get to the option of modifying the Identity option I get the error: "This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page. " and I'm not able to modify the identity, not in this new option I created, nor in the ones already created in the ACS.

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Identity NAT Configuration For Remote Access VPN And Site-to-Site

Mar 9, 2011

I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .

i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
 
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).

View 6 Replies View Related

Cisco AAA/Identity/Nac :: Configure Radius Authentication Across Site-to-site VPN For ASA 5510-01 For Remote Access?

Jun 28, 2012

I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.
 
 ASA5510-1 currently has a live site to site to ASA5510-2.
 
ASA 5510-1 - 10.192.0.253
 
ASA 5510-2 - 172.16.102.1
 
DC - 172.16.102.10
 
ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.
 
I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.

View 3 Replies View Related

Security / Firewalls :: VPN Client Users Cannot Access LAN?

Jul 23, 2012

I configured a dynamic vpn(easy vpn) in a cisco isr. But the vpn clients cannot access any of the lan devices. VPN pool is 10.0.0.1- 10.0.0.20 & internal netwrk add is 172.17.x.x. I tried to disable zone based firewall but no resultout[CODE]

View 1 Replies View Related

Cisco Routers :: RV042 VPN Client Access Not Able To Connect Two Users At Same Time

Mar 14, 2012

I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running Win XP PRo SP3.

View 1 Replies View Related

Cisco Routers :: RV042 VPN Client Access Not Able To Connect Two Users At Same Time

Mar 15, 2012

I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running WinXPPRo SP3.

View 4 Replies View Related

Cisco VPN :: ASA 5505 - Users Aren't Able To Reach Remote Network Through Site-to-site Tunnel

May 21, 2011

Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
 
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
 
Remote-access (vpn-houston) uses 192.168.69.0/24.
The main site (houston) uses 10.0.0.0/24
The remote site (lugoff) uses 10.0.1.0/24

View 5 Replies View Related

Cisco VPN :: ASA 5520 / Routing Site-to-Site VPN To Remote Users?

Oct 29, 2011

We have a site-site and remote vpn configured in same interface in ASA 5520 ( software version 8.3  ). When Remote vpn users try to connect to computers located on the distant end of site-site VPN, their request failed. I tried No-Nat between  remote vpn private IP to the remote site private IP, also stated the same in Split tunneling. I cant find even the tracert, ping also timed out.

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS Controlling Users Access On Symbol WS6000

Dec 29, 2010

i want to control manageent access to symbol Wireless Switch WS6000 with my ACS. the issue is that i can't find the Vendor Specific Attributes forSymbol devices. i wonder if theres a way to control it with IETF or Other Radius Attributes.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - Screenshot Of All Users That Have Access To Configure Firewall

Jul 26, 2012

I have an auditor wanting a screenshot of all users that have acces to configure our firewall, I am unfamiliar with 5.1. Is there a way of running such a report on a paticular device?

View 1 Replies View Related

Cisco VPN :: PIX-515E / How To Access Remote Site Over IPSEC Through Client

May 29, 2011

In my Cisco PIX-515E Version 6.3(5), I have a IPSec VPN tunnel and also to the same firewall home users connect through VPN client. I am unable to find a solution that allows my home users to connect to office network and again access the remote network through the IPSec tunnel.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.3 Authenticate Wireless Users / Admin Access To WLC / Switches

Mar 13, 2013

Deployed two Cisco ISE 1.1.3. ISE will be used to authenticate wireless users, admin access to WLC and switches. Backend database is Microsoft AD running on Windows Server 2012. Existing Cisco ACS 4.2 still running and authenticating users. There are two Cisco WLCs version 7.2.111.3.Wireless users authenticates to AD through ACS 4.2 works. Admin access to WLC and switches to AD through ISE works. Wireless authentication using PEAP-MSCHAPv2 and admin access wtih PAP/ASCII.

Wireless users cannot authenticate to AD through ISE. The below is the error message "11051 RADIUS packet contains invalid state attribute" & "24444 Active Directory operation has failed because of an unspecified error in the ISE".Conducted a detailed test of AD from ISE. The test was successful and the output seems all right except for the below: [code]

Update:

1) Built another Cisco ISE 1.1.3 sever in another datacentre that uses the same domain but different domain controller. Thais domain controller is running Windows Server 2008. This works and authentication successful.

2) My colleague tested out in a lab environment of Cisco ISE 1.1.2 with Windows Server 2012. He got the same problem as described.

View 6 Replies View Related

Unable To Access Internet After Connecting To VPN Using Cisco VPN Client?

Aug 4, 2011

On my Windows 7 laptop, after connecting to my office Network using Cisco VPN clientThe entire Internet is utilized by the VPN. I am unable to browse the internet on my computer till I disconnect the VPN Client.

View 3 Replies View Related

Cisco VPN :: Remote Client Cannot Connect To Local Network Or Site To Site ASA 5510

Jul 21, 2011

I setup RA-VPN under local asa 5510 IP pool (192.168.127.0/24) and all was working fine. I got internet and local network access.
Then i have 5 site to site VPN working fine but when im traying to access to those L2L VPNs from the remote acces client im not able to do that. So after that i decided to obtain IP addresses from my DHCP server so i can obtain IPs from my local network (172.17.16.0/16) and then access normally to the VPN site to site. But the surprise was that the VPN cisco client is getting local IP address (172.17.16.222) perfectly but im not able to access even to my local network.

I have the same-security-traffic permit inter-interface same-security-traffic permit intra-interface enable.

View 6 Replies View Related

Cisco VPN :: ASA5505 - IP Address Pool In IPSec Client And Site-to-site VPN

Jul 10, 2012

We have a scenario where the Cisco ASA 5505 will be one end of a site-to-site VPN. The same ASA 5505 also allows Client VPN connection. The question is around IP pooling. If I assign a pool of IP's (192.168.1.20 - 192.168.1.30) for Client VPN connections - do I need to be sure that those same IP's are not used on the other side of site-to-site VPN ?

There could be PC's/Servers running 192.168.1.0/24 on the other side of site-to-site VPN. Would this cause an address conflict ?

View 4 Replies View Related

Cisco VPN :: 876 ISR / Traffic From Easy VPN Client To Remote End Of Site-to-site?

Apr 27, 2011

A user with Easy VPN client connects to a 876 ISR (router A). This router also has a site-to-site VPN to another 876 ISR (router B). What I want to achieve is that the user dials in to router A and can access the network on the remote end of the site-to-site tunnel (router B) In diagram:
 
user (192.168.18.x) - Easy VPN - Router A (192.168.16.x) - sitetosite - Router B (192.168.17.x)
 
I have added routes in router B to the 192.168.18.x network with router A as next hop, but I can't reach the other segment.

View 1 Replies View Related

Cisco VPN :: ASA 5505 Site-to-site VPN Tunnel And Client VPN Sessions?

Nov 14, 2012

i have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z).  His satellite office will have a single PC sitting behind the ASA.  In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.The first question I have is about the ASA 5505 and the various licensing options.  I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A.  Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules?  Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?

View 1 Replies View Related

Cisco Firewall :: ASA5550 - Set Up To Access Servers?

Nov 11, 2012

I am trying to set up an ASA5550 so that I can access the servers behind it. Simple.
 
As of now, I am unable to even create an access-list to allow traffic from my remote IP into the firewall. As far as my level of experience with Cisco firewalls, it's basically zero but I have taken the Cisco CCNAX class and feel that I have a good understanding of the fundamentals. That said, we only dealt with routers and switches, and it's not impossible that I'm missing something that would be totally obvious to most folks on this board. I've used CLI and ASDM with no success.
 
Here are the relevant parts of the config:

[code]...

View 6 Replies View Related

Cisco VPN :: How To Setup VPN Client And Site-to-site Tunnel On 831

Feb 8, 2011

How can I set up a Cisco 831 router (branch location) so that it will accept inbound VPN Client connections and initiate a site-to-site IPSec tunnel to our hub location that uses a VPN 3005 Concentrator?  I could get the tunnel to work by configuring it in a dynamic crypto map but interesting traffic on the Cisco 831 side would not bring the tunnel up. 

View 5 Replies View Related

Cisco VPN :: 5505 Configuring VPN Client To Site-to-site

Jun 3, 2013

We have a Cisco ASA 5505 at our CORP location, which I have configured the Site2Site VPN to our COLO with a Juniper SRX220h, the site to site works fine, but when users access the Cisco VPN client from home, they cant ping or SSH through the Site2Site.  Contacted JTAC and they said its not on their end, so I tried to contact Cisco TAC, no support.  So here I am today, after for the 3 days (including Friday last week) of searching the Internet for over 6hrs a day, and trying different examples of other users. The VPN client show the secured route to 10.1.0.0. [code]

View 19 Replies View Related

Cisco Security :: VPN Site-to-site And Client On ASA 5520 On Same Outside

Jun 21, 2012

i have an ASA 5520 Version 8.0(2), i configured the VPN site to site and works fine, in the other apliance i configured the VPN Client for remote users, and works fine, but i try to cofigure the 2 VPNs on ASA 5520 on the same outside interface and i have the line   "crypto map outside_map interface outside (for VPN client)", but when I configure  the "crypto map VPNL2L interface outside, it overwrites the command", and therefore I can only have one connection. [code]

View 36 Replies View Related

Cisco AAA/Identity/Nac :: Authenticate VPN Users Via ACS 5.4 And AD Via External Identity Store

Feb 22, 2013

I have installed ACS 5.4 and we are looking to authenticate our Anyconnect users with ACS via Active Directory. I think I have the correct commands in our ASA ( we had ACS 4 and authenticated our anyconnect users ).
 
I also have configured ACS to use Active Directory  and installed the server side cert in ACS. I'm just uncertain how to program ACS to use the security group that I have setup in Active Directory.

View 6 Replies View Related

Cisco VPN :: Configure Site-to-site VPN Using 881 Router On End And Connecting To ASA5510?

Aug 22, 2011

I need to configure a site-to-site VPN using a Cisco 881 router on my end and connecting to an ASA5510 on my suppliers end.Our supplier has configured their end and I do not have access to their configuration.
 
They told us we have to NAT all inside address' to a single address (192.168.89.1) as this is the only one they will let through their firewall/tunnel.I know how to set up the VPN but not too sure how to set up the NAT part.
 
My sanatized config is attached. The code I am using to NAT my inside network to the single address 192.168.89.1, and send all traffic accross the VPN tunnel as this address is correct? With the router running this config the VPN tunnel does not connect.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5505 - Procedure For Monitoring Site-to-site VPN Tunnel?

Apr 30, 2012

Need to know the step by step procedure for monitoring site-to-site VPN tunnel (up/down) using SNMP on Cisco ASA 5505. 

View 1 Replies View Related

Cisco VPN :: 5510 Site To Site VPN Access To Servers With Overlapped Remote Site

May 18, 2012

I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only  My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.

View 2 Replies View Related

Cisco Firewall :: ASDM 7.1(2) / ASA5550 9.0(2) Multicontext - How To Get Remote Access To VPN Wizard

Mar 29, 2013

I have the latest ASDM 7.1(2) & ASA5550 9.0(2). When I try to start Remote Access VPN Wizard, it's just nothing to select in Wizards-VPN Wizards, except "Site-toSite VPN Wizard..."

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved