Cisco AAA/Identity/Nac :: ACS 5.2 Looses Connectivity To AD
Jun 5, 2011
I'm trying to configure ACS 5.2 so that should it loose connectivity to Active Directory it chooses the local authentication, however I can't seem to make this work.Within ACS 5.2, Access-Policies, Access Services, Default Device Admin, Identity,
I have a single rule configured for any device that matches tacacs to use the identity source of Active Directory,
If authentication failed: Reject
If user not found: Reject
If process failed: Drop
The ACS can not access Active Directory, when I debug TACACS authentication on any 65k or 2921 device I get "Received Authen status error".
View 2 Replies
ADVERTISEMENT
Mar 3, 2011
I recently started having trouble with my VPN clients loosing connection.I can create the conenction, work with it for a while, and then loose connectivity.Timing seems to be dependent on the activity over the connection.More activity, the conenction stops working sooner.
The cleint doesn't disconnect, I just can't access anything from the client.Disconnecting and reconnecting the client fixes the problem, temporarily depending on how much data I'm transferring.This works 90% of the time.The other 10% if I wait 30-45 minutes, and try again.. It works...with the same results...
It was originally isolated to a Win 2003 server that I was using as the client.It is now happening on my Win XP client as well.I'm using the AnyConnect client ver. 2.5.2014 with the VPN service on the UC520.Which I beleive, is similar to the ASA 5500 series VPN device.I am running ver 8.1.0 on the UC 520, and I can't remember if this started after upgrading to the new software.
View 2 Replies
View Related
Apr 27, 2011
Newly purchased DSC-930L connected to DIR-625. Firmware is 1.0 for DCS-930L and A1-1.09 for DIR-625.Camera works fine when connected with cable. Wireless enabled, fixed IP address.Unplug cable and camera still works fine for a while: can access the view page and view picture that does change. F5 refreshes page no problems. After a while (about 5 minutes) web page no longer reachable by browser. Reconnect cable and works fine, unplug and repeat the cycle same thing happens.Also tried: unplug ethernet cable, unplug power cable, wait 10 seconds, connect power cable, try to browse to camera - cannot reach camera.
View 13 Replies
View Related
Nov 19, 2012
I have an EA4500 router. It's the latest in a long line of Linksys routers I've owned and I'm pretty familiar with setting one up and making changes. But the EA4500 seems a bit more picky than previous routers. Last night I tried to enable port forwarding for ports 53, 80, and 88 for my xbox. I already had port 3074 forwarded. When I did that and applied the change, I lost all Internet connectivity. I tried cycling the power on the router with no luck. I finally got connected again by going to 192.168.1.1 and disabled those ports. The status page then said I had Internet connectivity but I really didn't at least right away. It took a couple minutes before I was actually able to to connect to the Internet again. What else should I check when it says I don't have internet connectivity?
View 3 Replies
View Related
May 10, 2011
I dont know why this keeps happening, It was a problem last summer and now its happening again. My modem looses connection and only a few lights are on. Im using comcast in the DC/Metro area and Im using a telephone modem.
View 12 Replies
View Related
Aug 18, 2011
My new RVS4000 (2.0.2.7) connects the WAN via PPoE with dynamic IP which is held at DynDNS and normally I see the RVS4000 via a router-to-router-VPN. That works fine so far, but every "some" days the router looses WAN connection (and with ist VPN). When this happens, last DynDNS-update is hours ago, so it didn`t reconnect. Looking on the routers site, the LAN is fully functional for clients that have got their DHCP-Information. New clients don`t get DHCP-Info (IP-address, DNS), both do not have internet access. The router`s WAN-summary shows, that it thinks to be "CONNECTED" but with empty WAN-IP and DNS entries. Klicking "DISCONNECT" and then "CONNECT" again solves the problem so far. The loss of connection is not the periodic break from the IPC, which is correctly identified and reconnected as configured. I wanted to trace the problem with the log, but there is also a bug. It stops logging at some time completely - neither email-log nor local log, so I never happend to be lucky to hit the point of loss of connection. Also the local log provides a first and next pages, but the next pages are always empty - not really useful.
View 3 Replies
View Related
Oct 18, 2012
I have a server (Windows Server 2003) that randomly looses connection with the default gateway and anything on the outside. When this happens, the server cant ping the gateway (A Juniper SSG5 firewall/router) and the gateway cant ping the server. But the server still can ping anything else on the network and everything inside the network works fine with it. The most reliable remedy is to reboot the router. Rebooting the server or resetting the network card sometimes works. I have tried both onboard network cards and a separate PCI network card on the server. There are no router log entries that correspond to the problem. This server is used as a Terminal Server for a remote office and as a file server.
View 1 Replies
View Related
Jan 2, 2013
Something strange is happening to my Cisco 1941W. Every time I reboot the router i loose the running configuration of the service-module (Access Point module). The weird thing is that the router's configuration remain the same. I made sure i save the configuration by issuing the wr command on the service module console but still happens. My router's current IOS version is 15.0(1)M1 and my AP's is 12.4(21a)JA1.
I also did another test by making sure the startup-configuration was identical to the running configuration and when I reload the router still happens.
View 7 Replies
View Related
Jun 30, 2012
I have a wireless router which is connect to a DSL modem. Everything was working fine but now the wireless router looses connection often and if i remove the RJ45 check from my wireless router and plug it in after few minutes it works but again it looses connection.
View 2 Replies
View Related
Mar 20, 2012
wrt54gs connects but after about a minute it looses connection and boots continuously
View 1 Replies
View Related
Sep 30, 2011
I have copied my computer's time in the router time setup under Time in the "tools" section of the router setup. After a few days of the router being up without a hard restart, it has lost 10 minutes somehow. I went to the logs and cleared them out and then looked at the entry showing that the log was cleared and looked at my computer clock and the time stamp of the log entry, and it was 10 minutes slower than my computer clock that I had originally set it from. I have a clock plugged in by the computer, and my computer always matches the clock that it plugged in, so I know it isn't my computer loosing time. What is going on here? Why does the router loose the correct time after it has been up and not unplugged or rebooted at all? I know that the router will loose the time if you unplug it, but this isn't the case here.
View 5 Replies
View Related
Aug 27, 2012
We have some 1242 LAPs in a two 5508 controller setup working fine. All LAP are configured to obtain address from DHCP. After first join we usually change some configs like HOSTNAME, AP GROUP, PRIMARY AND SECONDARY WLC. After a software restart or a complete power off/power on the LAPs joins the primary controller and all configuration still there. We now add a 1142 LAP and is does not retain the configuration after a power off/power on cycle, but after a software restart there is no problem. The only way to retain the config is setting the AP with a static IP address.
We use WLC 7.0.116 and we see no errors in the LAP console.
View 1 Replies
View Related
Sep 27, 2012
When I start a VPN-session my server looses internet access. The server is host for a few virtual machines and they have internet access.using 5505 and asa is version 8.4(2). [code]
View 6 Replies
View Related
May 14, 2013
I have a DIR-655 Rev B1, FW 2.01 (I will probably upgrade the FW tonight to the latest.)
I have at least 20 items that connect wirelessly to this router (2 PCs, 2 Laptops, 2 Tivo Box, 3 Game Consoles, 3 Cell Phones, 2 Tablets, 2 TVs, Printer, AP Gateway, and some other projects) It's been a solid connection to everything for the past couple of years.
I bought a new Dell Inspiron 15r SE laptop (uses the Intel Centrion Wireless-N 2230 Wifi Solution.) After anywhere from 2 - 10 mins of browsing/watching a video/downloading files the access out to the internet simply stops.
At this point I'm still connected wirelessly to the router, and if I go to the router address I still have access and can login and see the router settings. I check and there's plenty of time left on the lease (days.) Still not getting internet access. Eventually my Laptop will disconnect and reconnect (or I do it manually.) I've performed hard resets of the router, I've had my laptop Forget the network and then reconnect, etc. Nothing has resolved it.
I thought it may be my laptop, but I've taken it to Starbuck, Work, Neighbors WiFi, etc and I don't have any problems staying connected on their networks.
I've had Dell on the line, we connected hardwired, and there solution was to force forget and reconnect to the router, which worked for the 10min he was on the line with me, but then failed soon after, and back in the same connectivity hell
View 4 Replies
View Related
Mar 1, 2013
Region : UnitedStates
Model : TL-WR1043ND
Hardware Version : V1
Firmware Version : 3.13.12 Build 120405 Rel.33996n
ISP : AT&T
Every 5 to 7 days my router loses connection with WAN (ISP modem) but connection over LAN is fine. It seems that 1043ND tries to connect to DSL modem from AT&T by username and password (that does not exists) instead of doing Dynamic IP. I understand that AT&T modem is of type of PPPoE but there is not a password or user id and connection must be dynamic. Page 192.168.0.1/logininfo of modem complains that I was trying to login with incorrect user id password. Every time I have to
1- connect the modem directly to my computer so the modem resets.
2- I have to reset 1043ND to factory default, reboot, and connect cables back how they were, Then go to WAN page do a release and renew to get connected to WAN again.
View 2 Replies
View Related
Dec 27, 2012
My F5D8235-4 v3 constantly looses it's DHCP service and needs to be rebooted.
View 1 Replies
View Related
Sep 8, 2011
i have a WUSBF54G that will connect to my router just fine. Right when the device is first plugged in there aren't any problems. I can ping my router, I can ping google.com. The browsers all work correctly, etc. But after a while, maybe 30 minutes (it varies) I lose the connection to the internet. I can still ping the router. I can ping other devices on my network. But I cannot ping any websites by DNS name or by IP address and any browser I use won't display any websites. I have other wired and wireless connections on this network that don't have any problems. I even unplugged this adapter and plugged it into a different computer and had similar results. The device is relatively new (maybe a month old, but only used a few times within that month, and the use that it did get is mostly from trying to troubleshoot this issue.) Both computers I have installed the device on are running Windows 7 Ultimate. Both computers have the latest drivers installed from this site:
[URL]
I have a netopia 3000 router and I have checked to see if the problem could be caused by this router but there is nothing out of the ordinary there. All of my troubleshooting has been using the Win 7 "network and sharing center" to connect. I couldn't get the linksys connection tool to work and actually, I noticed after reading this forum that the linksys wifi connection tool doesn't work with win 7 after all so I don't think using the built in win 7 wifi tools would cause the issue. Also, just to clarify, in an attempt to resolve the issue I have tried dynamically assigning an IP address for this connection and also a static IP address. Either method seemed to yield no results. It is a frustrating problem to say the least. I don't want to believe that the adaptor is faulty. As I said it is relatively new. Also, as I mentioned, when I first plug it in it will work correctly for about the first half hour or so before it will stop reaching the internet. I then have to physically unplug the device and plug it back in in order to correct the issue. I was thinking of creating some kind of script that will automatically disable the adapter every 30 minutes and then enable the adapter. I ran into another issue here though. If I disable the adaptor (either from device manager or from "Network Connections) the device will change status from "Not Connected" to "Disabled." So far so good. But then, when I go to enable the adaptor again the adaptor disappears from the list. It's as if it isn't plugged in any more. The only way to get it back is to physically unplug the device and physically plug it back in. How to "Enable" the device without it disappearing from the network adapter list.
View 1 Replies
View Related
Mar 17, 2013
I have an e4200 with the latest firmware 2.1.39. I just upgraded the firmware due to connection issues with my DSL. I now have the same issues with disconnects but I believe they are being caused by a different issue. When I try and log into my router through the IP address it wont let me, it says it can't find the router. Eventually after getting in the first time by using the default password, I have twice found out that all my settings are gone. This has happened twice this week and only happened after upgrading the firmware but I can not tell if firmware is causing it or if it is hardware related. I now reboot and restore saved firmware but that is a hassle and am pretty sure that is not the way it was designed to work.
View 9 Replies
View Related
May 7, 2011
I have a problem with my laptop...i have a Packard Bell laptop connected to my wireless router WAG 320n and it has been working fine until yesterday when it didnt connect automaticly as it have been doing before because i have my ssid network saved on my laptop!
I logged on to the router page and changed from standard channel to wide channel and also tried different channels at the same time that i tried connecting with the laptop but i get the same message everytime "Unable to connect!
View 2 Replies
View Related
Aug 1, 2011
I am now on my second E4200... But still the same failure.. It looses the internet connection 5-6 times a day, and then I have to switch it off and on to get connection again.
View 9 Replies
View Related
Apr 20, 2013
Updated firmware was installed and settings were reviewed. Intermittently the E1500 looses its ability to connect only to our Android devices and "Cisco Connect" displays that it has lost Internet connectivity. The PC hard-wired to the E1500 and another PC connected wirelessly both work fine when this happens, despite the Cisco Connect message. The Android devices show the presence of the network, but they never "connect" - find the IP address. The problem can only be resolved by re-booting (powering off/on) the E1500. The loss of connectivity to our two Android devices and the Cisco Connect error display always are concurrent. E1500 looses connection to Android devices
View 9 Replies
View Related
Apr 10, 2012
I have a WES610N in my office connected to a E4200 @ the cable modem in the family room. ~30'.The connection is fine and works well when working.Connected to the WES610N I have:
-Polycom VOIP phone
-HP Mediasmart Windows Home Server
-Desktop
-Multi-Function Laser Printer
I have two issues.
1) The Polycom does a random reboot that I have traced down to it loosing it's IP
2) The Windows Home Server looses it's IP requireing a hard reset.
I have enabled QOS for the polycom and that just worked with managing data. However both devices seem to loose their IP regularly. The desktop might also be having the issue but because it is Vista I suspect Vista is better equipped to deal with IP issues.
View 9 Replies
View Related
May 7, 2012
I upgraded my Linksys from 160n router to 4200V2 router. I configured 3 wireless Linksys webcams and they work fine. After 24hrs they i cannnot connect the via HTTP and webcames IP addresses disapear from the DHCP client table. If reboot the webcames the it works fine for next 24hrs. I did not make any modification to any settings and the setting looks just like i had on the 160N router
View 1 Replies
View Related
Oct 28, 2012
I'm trying to test such 802.1x wired environment:windows xp sp3 as supplicant windows NPS as radius server 2960 as authenticator latest anyconnect (3.1.01065) + nam and standalone profile editor.I have a question: What is the difference between protected identity pattern and unprotected identity pattern (set in nam profile editor)? As I understand documentation PEAP-MSCHAPv2 is a tunneled method and it uses un- protected identity pattern to protect user's identity during phase 0. But if I use any fake identity here (anonymous, anonymous@[domain], etc) access is rejected (Access-Reject in switch debugs). I have to use exacly the same pattern in unprotected identity pattern as in protected identity pattern ([username] or [username]@[domain]) to gain access, regardless of authenticaton mode (same in machine only, user only authentication).
View 1 Replies
View Related
May 18, 2011
I have a new Cisco Secure ACS 5.2 on a VM. We want to use it to for administrative access to our Cisco equipment with TACACS+. I am trying to map user permissions to different groups of devices based on active directory group membership, however it is not working.
I am using an LDAP (configured for secure authentication) external identity store. On the directory organization tab, I have confirmed the accuracy of the subject and group search base and the test configuration button shows that it's finding > 100 users and >100 groups.
On the directory groups page I have entered the groups according to the required format. cn=groupname1,ou=groups,dc=abc,dc=com
I have a rule based result selection under group mapping. I have two rules in the format below.
Conditon
LDAP:Externalgroups groupname1
Result
Identitygroup1
I have the default group set to a identity group named other. My problem is, no matter what user attempts to authenticate, the Default rule is applied, and the user is put into the other identity group.This occurs when I log on as a groupname1 user, groupname2 user, or as user that is not a member of either of those groups. LDAP authentication works and the user is able to logon to the device.
View 3 Replies
View Related
Jul 11, 2011
We are using ACS 5.2 and we are trying to create a Microsoft Active Directory (AD) Identity Store. We have a user to be used in the Active Directory creation General page and we would like to know how the test communication / ACS to AD communication takes place.
Our user is a predefined user in AD and has admin rights, but the password expires every 60 days. Will this affect the communication between AD and ACS 5.2 at everytime the entered user's password expires?
View 2 Replies
View Related
Jan 24, 2012
I'm currently looking for a solution in order to restrict the modification of the host internal identity store (add or delete MAC host) per group. The default administrator roles does not include "per group restriction". Under the ACS I defined one group per department? My objective it to allow each department to access their ACS MAC database to add or delete MAC addresses as required.
How to restrict internal identity store per group?Do I need to create new roles? and how?I was not able to get an answer from the ACS ADMIN manual.
View 1 Replies
View Related
Dec 5, 2012
I have a new ACS 5.3 configure and a ASA5550 to authenticate VPN users using a remote LDAP server. Once I try to authenticate the users with the ACS it gives me the error message "22056 Subject not found in the applicable identity store(s)."
I checked out the documentation and have already configure the Identity store sequences to redirect everything to the LDAP server, I also did the Bind test and it says that is ok, but I still have the same problem.
I validated the Access Policies Menu, and tried to create a new Service Selection Rules, but whet I get to the option of modifying the Identity option I get the error: "This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page. " and I'm not able to modify the identity, not in this new option I created, nor in the ones already created in the ACS.
View 8 Replies
View Related
Oct 6, 2012
I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.The local site topology is like this:
PC - AP - WLC - ACS - AD
Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.Users was working fine but some users reports intranet disconnections. I see in the ACS log many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.
I switched the role for ACS primary to works as secundary and we see the same alarms.
View 2 Replies
View Related
Apr 14, 2011
I have ACS 5.2 running as a VM. I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this. If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups.
View 1 Replies
View Related
Dec 3, 2012
We have a ACS 4.3.2 installed with users authenticating against an Active Directory database. The AD database not only authenticate the users but also assigns the group that is used to select IP address pool.Now the requirements require to use token authentication with SafeNet. This authentication uses the same username but the password is composed of the original password + OTP.The problem is that the SafeNet server doesn't return the group membership.I've read about the Identity Store Sequence in ACS 5.x and I think I could use it in the following sequence:! configure an Authentication Sequence using the SafeNet token server (this works with ACS 4.x)I configure an Attribute Retrieval Sequence against the AD database. This would use the username only, no password and would retrieve the group membership.
View 1 Replies
View Related
Dec 5, 2011
I'm looking for Cisco ISE v1.1 to use the following licensing feature. url...Endpoint is dynamically profiled by Cisco ISE and assigned dynamically or statically to an endpoint identity group. Cisco ISE authorization rules do not use this endpoint identity group.
View 2 Replies
View Related
May 11, 2012
I am currently running cisco ACS 5.1.0.44 and use active directory as the main authentication identity store to allow network administrators to have access to network devices in my organization .As per the established security policies in my organization , the ACS has to disable any account after 3 failed login attempts to any network devices .i have gone through all the settings oN the acs but couldn't find where or how it is done .
View 3 Replies
View Related
