Cisco AAA/Identity/Nac :: ACS 5.1 AD Connection Setup DNS Failing To Resolve Address
May 9, 2010
I am trying to configure the ACS with AD in the identity store but am running into the following issue.I enter the AD Domain Name and username and password and hit the 'Test Connection' button and receive a DNS error stating that it 'Cannot resolve network address'.I have logged into the CLI and test to the domain name from there and it works fine.
View 5 Replies
ADVERTISEMENT
Oct 29, 2012
So i see tons of threads here and on google talking about dns issues with their linksys router but I never see a solution other than to locally change the dns servers on the client machine to prevent it from using the linksys router dns. My router is the WRT310Nv2 running the latest firmware but I see others are affected as well. url...My issue is this router continues to fail dns resolutions and I have to either reset it or tell my client machine not to use my router as a point of dns resolution.
1. Why is my router failing to resolve domains correctly?
2. Is there anyway to fix this from the router?
View 7 Replies
View Related
Mar 6, 2012
I have fitted a thomson router to my desktop coputer using an ethernet cable and all is working fine. My Sony Vaio laptop recognises the wireless connection but fails to connect at the acquiring network address. I have been into the properties section of the network connection page and am only allowed 8 characters for the network key. But the Network key on the bottom of the modem is longer than 8 digits.
View 1 Replies
View Related
Nov 30, 2011
where the host names do not properly resolve with the right ip address.Example, I ping a host name, it gives me an IP, but when I VNC into the workstation, it is a totally different host.
View 2 Replies
View Related
Mar 27, 2011
I am using the Cisco VPN Client 5.0.06.0160 - and am having an issue connecting to my ASA 5510 via VPN. This issue is happening on 1 of our laptops. All other laptops connect just fine. So the problem is not in the ASA. I have double checked the client setup and config and it too is correct. The interesting thing is, we are connecting to an IP Address and not a host name.
View 1 Replies
View Related
Jan 15, 2012
I have been trying to connect to the Internet via a wireless connection but keep receiving the above error. None of the Windows solutions resolve the problem. On Google Chrome I see a screen saying 'This web page is not available', and receive 'Error 105: Unable to resolve the server's DNS address'. I cannot access Internet Explorer either.The strange this is that this problem only seems to occur with some wireless networks, as I can connect fine at home. In certain places, however, I am told that I am connected but that accss is 'Local Only', and I cannot open any browsers. I need the problem resolved as soon as possible as I cannot access the internet where I need it most.
View -1 Replies
View Related
Feb 8, 2013
Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.
View 1 Replies
View Related
Aug 13, 2012
I have a fixed external ip address.I have port forwarding setup for accessing a NAS inside my LAN, lets say port 12345.Now when I use my laptop outside my own LAN, e.g. 99.99.99.99:12345 resolves nicely to my NAS. But when I use the same 99.99.99.99:12345 inside my LAN, it does not resolve. Instead, it gives me a 'server takes too long to answer' error
I have also setup a virtual host to an ip cam inside my network. That one resolves just fine. I tried enabling remote management on the DIR-655 and also that works fine using 99.99.99.99:8888.When I replace the external ip address with the internal ip address of my NAS, thus bypassing port forwarding, it obviously also works ok.
Why the forwarded ports are not accessible when I use my own external fixed IP address? Does the DIR-655 treat it different than other external IP addresses?
View 4 Replies
View Related
Jun 3, 2012
I have a 2800 with one Gigabit interface connection to our Lan and the other interface connected to the internet with a public IP address. Now I'd like to setup the router to resolve both internal and external DNS requests. Thus requests like www.google.co.za and LocalLanPcName should be resolved to their public and private IP's respectively. [code] When I ping any name the only DNS server that is ever queried is 192.168.1.200 (it does resolve internal name correctly though).
None of the other servers are attempted to resolve the name. It does not matter if I specify a FQDN or not.
How do I setup the router so that my internal resolution is handled by 192.168.1.200 and .201, while external resolution is handled by 41.160.36 and .37. Or alternatively, how do I configure it to at least try all 4 specified name-servers for resolution, and not fail after trying the first one unsuccessfully.
View 9 Replies
View Related
Dec 27, 2011
I'm connected through the router, a few times a day I cannot open web pages, getting error: Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.Skype continues to work. Here are the results of pinging:
Quote:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersSri Guru>ipconfig /all[code]....
One technician said that this is the providers problem, but I don't think so. When I restart the modem everything works.I have a Netgear WGR614 v9 router.I use ESET 5 security. Btw, connection drops on all computers connected through the router, so it's not my firewall.
View 3 Replies
View Related
May 2, 2011
we have a Cisco ACS 1113 SE running v4.0.1.44 and are trying to upgrade it to v.4.2.0.124 following the instructions to upgrade it to v4.1.1.24 first.
We are using the following CD "ACS SE Overall Upgrade CD ACS 3.3.4 and 4,1,1,24 Upgrades"
We can download the 4.1.1.24 image to the ACS appliance via distribution server but the upgrade fails- we obtained the following console output when attempted upgrade was tried;
Upgrade package was not verified
Applying this upgrade package may corrupt the appliance
Continue at your own risk!
[Code].....
View 5 Replies
View Related
Jun 24, 2012
I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
View 31 Replies
View Related
Oct 6, 2010
ACS 5.2 , in my Primary ACS under System Administration > Operations > Distributed System Management I see my Secondary but it shows "PENDING" under Replication Status.
View 3 Replies
View Related
Jan 5, 2012
ACS 5.1 is failing to authenticate tacacs authentication to the ASA firewall, getting
View 6 Replies
View Related
Jan 13, 2012
I am trying to set up a network with my modem (Speedtouch 546T2) and router (Jensen AirLink 89300), but it won't work. No network connection on the laptop (Toshiba) nor the MacBook.Ipconfig /all (when "connected" wireless) on the laptop:In Norwegian, just ask for translation if needed. Don't think it'll be necessary however.
Quote:
Microsoft Windows [Versjon 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Med enerett.
C:Windowssystem32>ipconfig /all
Windows IP-konfigurasjon
[code]....
I have updated the router's firmware. Reset both the modem and router as well.
View 5 Replies
View Related
Mar 3, 2012
I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3.Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below: "24401 could not establish connection with acs active directory agent"I'm not seeing anything telling in the logs on the domain controllers.
View 1 Replies
View Related
Nov 16, 2011
I am trying to upgrade a brand new ISE 3395 from 1.0.3.337 to 1.0.4 (latest). It keeps failing with % Manifest file not found in the bundle Here is the output:
company-ise-01/admin# application upgrade ise-appbundle-1.0.4.573.i386.tar.gpg ftp
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
% Manifest file not found in the bundle
[code]...
I can't find anything about this for ISE, although there are a lot of topics for the same error for ACS.
View 7 Replies
View Related
Dec 4, 2012
I set up a connection from a laptop (Windows 7) that goes through a LAN proxy server to a secure ftp server (Windows Server 2003).The sftp server is assigned a public ip address.I opened the firewall at the destination and allowed port 22 traffic to the sftp server. Well, the connection is failing.I know for a fact the connection from the client laptop is making it to the sftp server.If I issue this command on the client laptop:
telnet sftpserver 22
The DOS screen clears and tells me the type of SSH server I'm connecting to. While this connection is still active, I logged into the destination sftp server and did a netstat command. I can see the address of the proxy server in the "Foreign Address" column of the netstat results. I also can see the proxy server address when I look at the Application Log on the sftp server, so I know the connection is making it to the sftp server.
I beleive the problem is the control port (return traffic) from the server back to the client. Something is being blocked or is misconfigured. I always thought the router negotiated the control port, and that the control port didn't need to be put into any firewalls.
View 1 Replies
View Related
Jul 31, 2012
I've got an application running on a Windows 2008 server that I have verified as live on port 8085 at localhost. I've also verified on the server itself that port 8085(and in fact, all ports) are open right now. Despite this, I have no connection to this port on the server. Let me back up a bit an explain the architecture I'm working with.windows_server >> Switch >> Firewall >> Firewall >> InternetEverything but my server is managed by my hosting company who is insistent that this is a server issue. Is there a way to find out at what point my connection to port 8085 is failing? I feel like it's stopping at one of the Firewalls but need proof of this theory to get something done about it
View 3 Replies
View Related
Nov 6, 2012
To start off with, I own the network, and every system connected to it. I run and admin it, so the chances that anyone else has changed anything is essentially zero.This computer has a wired network connection (The issue) and a wireless one. They are connected to two separate networks. A few days ago the wired card stopped getting an IP address from my router, always ended up with a 169 address. Eventually I just disabled it, and installed a PCI network card.
Now what happens is that all works fine for a while, then stops. Suddenly I am "Not connected to network" despite the fact my ip address hasn't changed. I run the network troubleshooter, it tells me the "Gateway is unreachable" Resets the network card, and all is good. Then after a while the network fails again. I did already scan with malwarebytes, and everything is fine as fat as its concerned.
View 4 Replies
View Related
Aug 27, 2012
I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.I have installed the ADAgent on a domain member Win2008 and configured as follows: [code]
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.The ADagent has been properly tested and ASA can register to it.The ASA can connect to AD DC controller and query user database.I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity.Do I need to add extra rules in the access-list 122 to permit trafic to DC?Can I check on the AD Agent if it can retrieve the user to ip mapping ?
View 6 Replies
View Related
Jul 24, 2011
The connection of the computer before is activating.. after how many days of using,it losses the internet connection.. what is the possible reason for this?
View 1 Replies
View Related
Oct 19, 2011
I have a server in a DMZ behind the ASA, connections to this server work sometimes and then fail others, so I dont think i'm looking at an ACL or NAT problem here.The syslogs report a SYN Timeout,I have taken a trace on the ASA, it seems that a SYN-ACK does come from the destination server within the 30sec timeout, but its not passed through the ASA back to the source ? there is one odd thing, what seems to be an out of sequence ACK from the destination which arrives before the SYN-ACK at the ASA, i'm wondering if this might be the problem ? This only occurs on the connections which fail, the connections that work, the destination responds quickly to the initial SYN, and the 3way handshake completes.
Syslogs :
Oct 18 19:17:32 nzlsudfedsi001-pri Oct 18 2011 19:17:32 NZLSUDFEDSI001 : %ASA-6-302013: Built outbound TCP connection 42327212 for IIP-ARCHIVE-PROD:172.24.32.31/21 (172.24.32.31/21) to BPO-TRANSIT:x.x.x.x/59392 (x.x.x.x/59392)
Oct 18 19:18:02 nzlsudfedsi001-pri Oct 18 2011 19:18:02 NZLSUDFEDSI001 : %ASA-6-302014: Teardown TCP connection 42327212 for IIP-ARCHIVE-PROD:172.24.32.31/21 to BPO-TRANSIT:x.x.x.x/59392 duration 0:00:30 bytes 0 SYN Timeout
[code].....
View 2 Replies
View Related
Jul 10, 2012
I have a 1941 Cisco router with WIC-!AM-V2 card that is uning pots( regural phone ) line for data traffic.the problem I am having is the line is establishing connection but it intermittently dropos.The router is configured to dial to Centraal office and I have more that 100 other locations with the same setup that are working fine. The only differene on htis one is it is going thru a PBX line.
View 1 Replies
View Related
Mar 18, 2011
I am having problems with my wireless internet. I am using windows 7 64-bit OS and am connected to a WRG614v6 Netgear router. I will be on the internet and will have superb connection then my connection will drop, when i view the network it says that i have lost IPv4 connectivity. Pulling the power to my router then powering it on again fixes the problem for a hour or two but then connection is lost again.Here is the readout when connection is stable
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersKyle>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Kyles-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid[code].....
View 19 Replies
View Related
Jun 28, 2011
I am working on getting ACS to authenticate VPN users. I have a wireless/TACACS policy in place and working.setup of the Authorization profile as well as the policy?
View 6 Replies
View Related
May 29, 2013
I have set up an ACS 5.4 box and have some test devices connected to it.Cisco and Juniper, both working fine using TACACS I can connect to both using SSH or Telnet but my problem is the J-Web Juniper GUI I can access the J-web no problem with the root account. i can not seem to get it to work, no matter what I try. Here is my shell from the ACS box And the following Juniper configuration. I have tried binding the local-user-name attribute to both the remote and remoteadmin with no luck.
version 9.6R1.13;
system {
host-name Juniper-Firewall;
authentication-order [ tacplus password ];
root-authentication {
encrypted-password "$1$1tRuy9o2$LwSPxNwe4XGNMOMIMo1pd1"; ## SECRET-DATA
[code].....
View 17 Replies
View Related
Nov 26, 2012
I'm trying to set up a command set in Cisco ACS 5.3, I can't get i to work no mather who I try What I'm trying to accomplish is that some users, say Bob can run every priv. level 1 command + show run, or just to specify which commands Bob will be able to run, whatever is easiest to set up.
In my switch I have the commands:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 1 default group tacacs+
aaa authorization commands 15 default group tacacs+ <--- tried diffrent apporaches whith priv level..
(and specied a tacacs server)
is the "default" under "aaa authorization commands 1x default group tacacs+" the name of the command set?
In the ACS I have specied a Authorization group and binded it to the command set, should the user have priv 15 for this to work or priv 1?(I have also specied a user and an identity group and specied ip ranges under "Network Devices and AAA Clients")
View 2 Replies
View Related
Nov 10, 2011
Using LMS 4.1 with an address that are natted I see that SWIM-jobs to fetch IOS-images are using the server's "un-natted" address.Can't find how to setup the nat-address in LMS so the devices uses that one instead when communicating with the server with scp for instance..
I believe this was possible in LMS 3.x, but how is it configured in LMS 4.1?
View 1 Replies
View Related
Jan 9, 2012
I am having ACS 4.0.2 in my network, which I want to use for 802.1x Radius Authentication for Clients on PEAP-MSCHAPv2 methodology.As per the documentation " EAP Authentication with RADIUS Server", Doc ID: 44844.I have configured Network Configuration and populated AAA client IP range and Secret Key.
Question1: Under Authenticate Using option, there are various RADIUS flavors available for selection. For a Non Cisco AAA client, should I select RADIUS IETF?
Question 2: In the above snap shot, It has an option called Global Authentication Setup, where we can setup EAP configuration. Under PEAP subsection there is an option to "Allow EAP-MSCHAPv2" check box.After checking that, is a restart required to the ACS Server? Would it cause any disruptions to the existing services on the ACS?
View 3 Replies
View Related
Dec 4, 2011
I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the acs.nyc as primary and acs.sjc as the secondary, how do i setup it up?
View 1 Replies
View Related
May 2, 2013
I'm porting our configuration from a Pix 515 firewall to an ASA 5512x. What's vexing me right now is with the deprecation of the "static" command, I can't quite figure out the best way to Identity NAT my inside sub nets (multiple) to the DMZ sub net
So on the pix I have my identiy NATs as an example:
static (inside,dmz) <IntSubA> <IntSubA> netmask 255.255.255.0
static (inside,dmz) <IntSubB> <IntSubB> netmask 255.255.255.0
static (inside,dmz) <IntSubC> <IntSubC> netmask 255.255.255.0
Cisco's migration guide seems to do them one object at a time, which I guess is straightforward enough to do:
object network SubA
subnet <IntSubA> 255.255.255.0
[code]...
I'm thinking that there must be an easier way (aka less lines) to implement this for all the sub nets I want to Identity NAT to the DMZ.
1) Can I do this creating objects using a sub net with a net mask of 255.255.0.0 - one object to cover multiple internal sub nets?
2) Can I do this using object groups and trim this down to: (assuming I have to commands right)
Object-group network Inside_Subs
network-object <IntSubA> 255.255.255.0
network-object <intSubB> 255.255.255.0
network-object <intsubC> 255.255.255.0
nat (inside,dmz) source static Inside_Subs Inside_Subs no-proxy-ARP route-enabled. What would be the best way to translate my Identity NATs?
View 10 Replies
View Related
May 14, 2012
I have a 5505 that currently has inside/outside interfaces and everything is working just fine. I am trying to create a DMZ that will essentially be just for vendors/guests. the DMZ will have full access to the outside (Internet) but no access to the inside. I am using the FW for DHCP, and 8.8.8.8 and 4.2.2.2 for DNS. I currently have 1 laptop in the DMZ vlan, and it is getting a correct IP, and it is showing 8.8.8.8 and 4.2.2.2 in ipconfig. I can ping/tracert 8.8.8.8/ 4.2. 2.2/74.125.137.147(what url... resolved to on a laptop connected to the inside vlan), but I cannot ping nor browse to url.... [code]
View 1 Replies
View Related