Cisco AAA/Identity/Nac :: ACS 5.2 And 8.2 Remote Access VPN Configuration
Feb 11, 2012ACS 5.2 , and I can't find document about how to configure remote access vpn authentication in ACS 5.2.
View 6 Replies
ADVERTISEMENT
Cisco Firewall :: ASA 5510 Identity NAT Configuration For Remote Access VPN And Site-to-Site
Mar 9, 2011I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .
i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).
AAA/Identity/Nac :: ASA5510 With 2 Remote Access VPN And 2 MS IAS
Jun 17, 2011We have a Cisco 5510 with 2 IPSec Connection Profiles each using a different IAS for authentication.If we add another VPN profile we need another IAS.With Cisco ACS can it be configured for different VPN profiles from the same ASA 5510?
View 4 Replies View RelatedCisco WAN :: 1921 NAT / Remote Access Configuration
Dec 15, 2011I have to open several ports from the WAN to LAN on a 1921:
For example:
Say I need port 41795 both UDP and TCP to go from the WAN to the LAN, can some provide me the context I have to follow?
Currently I have this in place
Another piece of this is that the devices that will need to be accessed remotely are on VLAN10 - will that cause a problem?
is installed at a clients home for a very complex Crestron network that included 5 Cisco POE GB switches, 2 VLANS, with VLAN10 utilizing QOS and is the AV network (VLAN1 is the computer network), 8 1142 WAP's, and this 1921.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.12.16 19:52:41 =~=~=~=~=~=~=~=~=~=~=~=show runBuilding configuration...
Current configuration : 3340 bytes!! No configuration change since last restartversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname DHOWE_Router!boot-start-markerboot-end-marker!!enable secret 5 $1$JuTn$zn6CnXIm1bJGgPhtRCfB0.enable password ********!no aaa new-model!!no ipv6 cefip source-routeip cef!!ip dhcp excluded-address 192.168.39.0 192.168.39.49ip
[Code] ........
Cisco VPN :: Remote Access VPN Configuration On ASA 5550 Version 8.2
Oct 29, 2012I have a problem relating to remote access VPN configuration on Cisco ASA 5550 verion 8.2(1). I used Cisco VPN client 5.0.03.0560 with a simple topology : laptop(client) -----( Internet) ------- (IP public) ASA. Now, I can ping from laptop to OUTSIDE Interface on ASA from Internet when I connect from Cisco VPN client to ASA , I was notified log on Cisco VPN client as below: [code]
View 1 Replies View RelatedCisco Routers :: Remote Access Configuration On SRP527W
Feb 20, 2013I'm using SRP527W router at the moment and there are 10 PCs in the office.First of all, I'm not expert on network administration at all.Anyway, I set up remote access for particular PC and it works good.I made it like this.Add "Port Forwarding Entry" in Network Setup > NAT > Port Forwarding menu.
- Type: Single Port Forwarding
- External Port: 3389
- Internal Port: 3389
- Protocol: TCP and UDP
- IP Address: 192.168.0.20
I need to set up another remote access for another PC (IP: 192.168.0.25).I'm not quite sure I can use 3388 port for remote access.However, I added another "Port Forwarding Entry"
- Type: Single Port Forwarding
- External Port: 3388
- Internal Port: 3388
- Protocol: TCP and UDP
- IP Address: 192.168.0.25
However, it doesn't work.when I tested internal network(use private IP -192.168.0.25:3389), it works fine.But when I tried through the Internet (use public IP 202.171.xxx.xxx:3388), it returns "Remote Desktop can't connect to ...." message.How can I open 3388 port in router administration colsole(Services Ready Platform Configuration Utility)?
Cisco VPN :: ASA5502 - Remote Access VPN Configuration Using FQDN
Apr 29, 2013We have dns server(only Internal IP) inside our network, right now we have configured Remote Access VPN using Public IP and we connect it using the same Public IP. I need to use FQDN instead using Public IP.
Device : ASA 5520
Configuration Type : IPSec
Cisco AAA/Identity/Nac :: ASA 5510 - Remote Access To Network When Server Is Down
Jan 2, 2013I have a Cisco ASA 5510. I have configured Cisco Anyconnect to authenticate via Windows IAS. We had an outage of that server recently and I tried to remote in via anyconnect and could not. Once the IAS server came up I could get back into the network.
Is there a command that I'm missing that will let me use Anyconnect to connect into the network even if my AAA server is down?
Cisco VPN :: 5520 Remote Access VPN (IPSec) Configuration Using FQDN
Apr 29, 2013We have dns server(only Internal IP) inside our network, right now we have configured Remote Access VPN using Public IP and we connect it using the same Public IP. I need to use FQDN instead using Public IP. What is the configuration for this.
-Device : ASA 5520
-Configuration Type : IPSec
Cisco AAA/Identity/Nac :: Use ACS 5.2 To Create Static IP Address User For Remote Access VPN
Sep 17, 2011At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I dont't know how to do it.
I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this:
Step 1Add a static IP attribute to internal user attribute dictionary:
Step 2Select System Administration > Configuration > Dictionaries > Identity > Internal Users.
Step 3Click Create.
Step 4Add static IP attribute.
Step 5Select Users and Identity Stores > Internal Identity Stores > Users.
Step 6Click Create.
Step 7Edit the static IP attribute of the user.
I just do it,but it's not work.When I use EasyVPN client to connect ASA 5520,user could success to authentication but will not get the static IP address which I configure on Internal Users,so the tunnel set up failed.I try to Configure a IP pool on ASA for ACS users get IP address,and use EasyVPN client to connect ASA , everything is OK,user authenticate successed.but when I kill IP pool coufigurations and use the "add a static IP address to user "configurations,EzVPN are failed. how to use ACS 5.2 to create a static ip address user for remote access VPN?
Cisco AAA/Identity/Nac :: Configure Radius Authentication Across Site-to-site VPN For ASA 5510-01 For Remote Access?
Jun 28, 2012I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.
ASA5510-1 currently has a live site to site to ASA5510-2.
ASA 5510-1 - 10.192.0.253
ASA 5510-2 - 172.16.102.1
DC - 172.16.102.10
ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.
I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.
Cisco AAA/Identity/Nac :: Remote Agent With ACS 4.2
Mar 18, 2013We have ACS 4.2.0.124 runnning with remote agent installed on win 2003/32 bit ent server. Now we are facing issue like logs (daily backup) from ACS to the Remote Agent is not happening properly. We usually get logs around 1 MB everyday in remote agent but sometimes we are getting 1 KB continuosly untill the services to be restarted in ACS manually.
View 9 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Remote Database Compatibility?
May 26, 2013Would like to check up either Microsoft SQL Express 2012 is able work with ACS 5.3 remote database?
View 5 Replies View RelatedCisco AAA/Identity/Nac :: 1120 ACS 5 - Remote Log Targets?
Mar 19, 2012I have configured the appliance everything is working fine.We have a remote syslog server and I have configured the remote syslog server details in the "Remote Log Targets" and and Logging Categories.But I cannot see any logs on my syslog server
View 4 Replies View RelatedCisco AAA/Identity/Nac :: Upgrading ACS 4.1 SE And Remote Agent
Mar 20, 2012Presently we are upgrading the existing domain controller to Windows Server 2008, R2 Standard Edition.
I'm bit confound with the information available for the upgrade scenarios. Listed out the present working versions.
Cisco ACS SE - Release 4.1(1) Build 23 Patch 5
Cisco ACS Remote Agent version 4.2(0.124)
As the new operating system is going to work on 64 Bits, I think the existing ACE SE and remote agent may/should be upgraded.
Based on my existing versions, provide the possible upgrade scenarios available for me.After upgrading SE and Remote Agent should be working for 64 bit OS.
Cisco AAA/Identity/Nac :: ACS 5.2 Identity Groups - Restrict Device Access
Apr 14, 2011I have ACS 5.2 running as a VM. I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this. If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups.
View 1 Replies View RelatedCisco AAA/Identity/Nac :: ACS 4.2 Remote Agent Compatibility (2008 R2 DC)?
May 7, 2012I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC.
View 3 Replies View RelatedCisco AAA/Identity/Nac :: Remote Agent For ACS For Windows 2008 R2 64-bit?
Jul 17, 2012We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
[code]...
Cisco AAA/Identity/Nac :: Windows Remote Agent For ACS 4.2 Appliance?
Jun 7, 2011The problem is that i had configured the ACS appliance with a remote agent to Integrate with Microsoft active directory and I installed that agent on one of our domain controls and it is working fine.
When I installed another agent on anther domain control and add it to the ACS server it appear that the remote authentication service is working on it but when try to make the new agent the primary and the old one the secondary from External database configuration all the domain users authenticated but only to one group which configured in Unknown User Policy.It appeared like it can't read any more groups from active directory.
Cisco AAA/Identity/Nac :: ACS Remote Agent 4.2.1 On VMWare Server?
Jul 17, 2011it's possible to install ACS Remote Agent 4.2.1 on VMWare server. Is it supported by Cisco?Do you have any experience with running the remote agent on VMWare servers?
View 2 Replies View RelatedCisco Wireless :: CT2504-k9 - DHCP At Remote-Configuration
Apr 16, 2012City A is the data center with 2 WLC (CT2504-K9) and a number of AP. City B is a branch with MPLS between A and B. Right now the APs at City B has joined the controller. Users at B is getting ip's assigned from DHCP at City A. How do I configure the WLC so users can get ip's assigned from DHCP server present at B. Option 43 is enabled.
View 2 Replies View RelatedAAA/Identity/Nac :: ACS 5.2 - Unable To Delete Remote Log Target?
Oct 12, 2011I have two ACS 5.2 running as primary and secondary instances respectively. When I try to delete a remote log target under System Administration > ... > Configuration > Log Configuration > Remote Log Targets I get the following error message...."The item you trying to delete is referenced by other items. You must remove all references to this item before it can be deleted".
I have searched the configuration within the web gui and was unable to find anything that reference the object that I'm trying to delete.
D-Link DIR-615 :: Cannot Modify Configuration From Remote Site
Nov 9, 2011The day before yesterday, I bought the dir-615.
I had set an admin password and user's password. It was not same password. In this setting, there was no problem. Sure, no problem at connect from private IP, internet IP or just reboot and anywhere. The problem is the next.
If you got an electronic timer-switch and apply the DIR-615 then you cannot obtain an admin privilege from a remote. It just general user's permission even if I put the admin password.
I have been DIr-615 E4 hardware and 5.10 firmware. It does not happens at local IP address(i.e. 192.168.0.1) but it happen as trying connect from a remote IP address after AC plug re-powered.
I am doing use the AC timer for the remote internet managing at every day. It useful things for the router and IP camera. I need a admin privilege from a internet for the router managing.
DHCP Configuration To Provide Address For Remote VPN Client?
Mar 17, 2011I have DHCP server running in windows 2003. Presently its unable to provide Ip address for VPN clients who connect remotely. What I should do / reconfigure in DHCP, so that the DHCP server provides address for VPN clients.
View 4 Replies View RelatedCisco AAA/Identity/Nac :: ACS 1121 / 5.3 - Remote Database Settings In Monitoring And Reporting
Mar 26, 2012I am configuring new ACS 1121 appliance with version 5.3 and wanted to know how to configure Remote Database settings in ACS5.3 Is that necessary to configure that option ?
Also one more thing I can see that ACS 5.3 generates lots of logs is there any solution to reduce such logs. It seems many unuseful logs which are system related are getting logged into device which might no be good for memory requirements of device.
Cisco AAA/Identity/Nac :: ACS 4.2 / Logs Are Lost Frequently In Remote Agent Server
May 2, 2013ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.
View 5 Replies View RelatedCisco AAA/Identity/Nac :: 2960 - Remote Desktop To Machine 802.1x Authenticated By User (Wired
Jan 22, 2012802.1x is working properly, 802.1x port is up,but;when I do a remote desktop to machine that is 802.1x authenticated by an user(Wired), first, login to pc successfuly then(3 minutes) is switch port down..
Debug radius authentication
Debug aaa authentication
Does not appear in the log only message port is down
Equipment;
Cisco 2960, Cisco ACS 4.2 ,MS Active Directory Authentication
Client:windows xp, windows 7
Cisco 2960 Port Config
switchport mode access
dot1x pae authenticator
dot1x port-control auto
spanning-tree portfast
spanning-tree guard loop
Cisco AAA/Identity/Nac :: ACS 5.3 - Configuration Of MAB Table
Mar 25, 2012Any good link to find how to configure MAB table on acs 5.3? I cannot find one by myself. If it is possible a guide with picture in it.
View 7 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.1 Basic Configuration Through CLI?
Oct 21, 2011step by step ACS 5.1's basic configuration through CLI?
View 2 Replies View RelatedCisco AAA/Identity/Nac :: Backup Configuration On ACS 5.2?
Jun 8, 2012How to backup the configuration on cisco acs 5.2 and how to restore it , if some thing wrong happened
View 7 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.x RADIUS VSA Configuration?
Dec 3, 2011I need to configure RADIUS VSA configuration for a my alvarion device. Following are the attributes that need to be configured.
- Packet Data Flow ID (ID 1, integer16)
- Direction (ID 4, integer8)
- Transport Type (ID 6, integer8)
- UplinkQoSID (ID 7, integer8)
- DownlinkQoSID (ID 8, integer8)
[code]....
I was able to configure the first 6 attributes, how can I add the Sub - TLV's ClassifiedID, Priority, VLAN-ID and Classifier Direction which come under Classifier. Don't see any option for that in ACS 5.x
Cisco AAA/Identity/Nac :: ACS 5.x / How To Backup Configuration
Mar 10, 2013Cisco ACS 5.x appliance?How to back up Config?What is best way, via TFTP? COPY Startup-config tftp:?COPY Running-config tftp:?I currently use Solarwinds CatTolls to back my Cisco Switches, can I use this for Cisco ACS also?
View 3 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Configuration Web Services
Feb 20, 2013I am trying to do a query, according to chapter 4 in the ACS 5.3 Secure Access Control System 5.3
doing a PUT request have a header of Content-Type: application/xml and my payload is: [code] All I want to do is get a list of users who belong to that group?