Cisco AAA/Identity/Nac :: ACS 5.4 Support Wildcard SSL Certificates?
Apr 29, 2013Getting ready to order a SSL Certificate for my newly installed ACS 5.4 and before I did that i want to verify if ACS 5.4 supports Wildcard SSL's.
View 5 Replies
ADVERTISEMENT
Cisco AAA/Identity/Nac :: ACS 5.2 Compound Condition Wildcard Support
Jan 26, 2011is it possible to use wildcards in Compund Conditions in ACS 5.2? i've been suing the following to try and match a username that contains @*.*:
This would hopefully match a username like j.blogs@somewhere.com but doesn't work as expected - am i doing something wrong or are wildcards not supported in compund conditions?
Cisco AAA/Identity/Nac :: ACS 5.2 Wildcard / Regexp
Sep 1, 2011Is it possible to use wildcard (*) or regexp in ACS 5.2? For example, I would like to create an End Station Filter that would match when the DNIS is *something
View 1 Replies View RelatedCisco WAN :: Does 837 Router Support 2048 Bits Certificates
Oct 16, 2012Does the Cisco837 router supports 2048 bits certificates?
View 1 Replies View RelatedCisco Application :: Does ACE Service Module Support SHA2(256) Certificates
Sep 1, 2010Does ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00
View 6 Replies View RelatedCisco AAA/Identity/Nac :: Install Certificates On ACS 5.2
Jan 31, 2012I have generated request and our CA server gave us two files, one is certificate from CA itself, one is the certificate CA created for the ACS. I used the "Bind CA Signed Cerficate" under "local certificated"Option to bind the latter. it shows successful.and a web access from any pc will give you error info, "that the security certificate presented by this website was issued for a different website's address." And all the while I dont know how to deal with the other file, which is "Internal CA certificates" I was try to use the first option import server option, but it seems not right,
View 1 Replies View RelatedCisco AAA/Identity/Nac :: Multiple EAP Certificates In ACS 5.2?
Feb 10, 2011I want to use multiple cert (enterprise certs and verisign cert) for authentication in wireless.Users that have their computer in the domain should use EAP-TLS and PEAP (verisign) are for users in the domain but on non-domain computers.I can only enable one certificate in system adminstration->local server certificates-> local certificates to use EAP.I have installed both enterprise and verisign cert in the CA store in User and Identy store and enbled the enterprise cert for EAP-TLS.The EAP-TLS connection works fine when the enterprise cert is enabled for EAP (in local certificates) but PEAP does not. If I enable EAP on the verisign cert in local certificates the enterprise cert get EAP disabled and that authentication stops working av PEAP starts working.
Is the ACS5.2 only able to have one certificate enabled at the time for EAP?
Cisco AAA/Identity/Nac :: How Certificates Work When Using PEAP On ACS 5.2
Apr 23, 2013how the certificates work when using PEAP on ACS 5.2.Currently we have clients which are Cisco wireless IP phones that are using the ACS server(s) for authentication to the wireless network. The phones are configured to use PEAP with server validation enabled. The phones have a Godaddy root certificate, and Godaddy intermediate certificates installed on them, (in addition they have all the certs that are on the phone by default). On the ACS server there is a certificate that is signed by Godaddy. This was creating doing the CSR process etc...
So from what I understand, because all the phones are set up to validate the server certificate, they require the public root certs and the intermediate certs that are installed on them, in order to validate the private cert that is on the ACS server. The private certificate (the one signed and issued by Godaddy), expires the middle of next year (2014) (a little ways off I know, but it is never too early be concerned about stuff). When we go to get a new private certificate for the ACS servers (or get a renewal) and when we install this new signed certificate onto the ACS servers…will all the clients still trust this new certificate, and everything will continue to work smoothly? Or will the clients all need to have new root certs installed, and new intermediate certificates installed? From what I can gather I think the first scenario should be the case, because the root certs and intermediate certs are there to trust certs that are signed by Godaddy, so as long as the new private certificate is signed by Godaddy everything should be okay.
Cisco AAA/Identity/Nac :: 4506 - ACS 4.2 Authentication With Certificates
Jun 7, 2012I have a Cisco 4506 With IOS 12.2 54SG1
Iam new on Acs 4.2 and i want to use Certificates to authenticate my windows XP Client and Igels.
On Windows Xp i selected : IEEE 802.1X Authentication enable EAP (Peap)
But i dont understand the Certification of ACS 4.2.
I generated a Self-Signed Certificate. Is this right ? and under installed Certificates the Certificate Status is okay.
Do i have to create for each windows Machine one user Account under user-Setup to authenticate the Machine?
Where do Windows Xp know whitch Certificate he have to take ?
I configures the Switch on Global Configuration like this:
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
[Code].....
Iam triying to configure ist szenario till 4 days and it still dont work.. On Windows i Only get the Error" authentication failed" on the Switch the same : dot1x : Authfailed
Cisco AAA/Identity/Nac :: Anyconnect 2.x / Certificates And ACS 5.2 Samples?
Sep 25, 2011I'm looking for samples about anyconnect 2.x with PKI authentication through ASA 8.x and ACS 5.2.The CA could be a internal Microsoft CA.
View 8 Replies View RelatedCisco AAA/Identity/Nac :: Import Server Certificates On ACS 5.2
Jan 10, 2012When I tried to import the file, there are two lines there, One is Certificate file, the other is for "Private Key File".
My question for you is, is this the private key of CA? My understanding has always been that the private key stays in CA only, not going to any other devices.
Cisco AAA/Identity/Nac :: ACS SE 4.2 / 802.1x Certificates For Machine Authentication
Apr 25, 2010A PC with a machine cert gets connected to a switch running 802.1x. The switch uses EAP with .1x to query PC, handing this off to ACS, that bit I'm ok with. The ACS needs to query the CA server to authenticate the PC, its this process I'm not sure about.
Reading the documentation I think that I need to configure LDAP between the ACS and the CA, which is running on 64-bit 2008 server. But, ACS SE remote agent is 32 bit only.
Is this correct, if so how do I get ACS SE to communicate with a 64-bit 2008 CA server?
Cisco AAA/Identity/Nac :: ACS 5.2 With Certificates And Wireless PEAP
Apr 3, 2012I have been trying to figure out for days now how to get Windows XP/Windows 7 and Apple iPads to connect to a broadcasted SSID and authenticate with PEAP without getting prompted to verify a certificate that exists on ACS.
In Windows 7, I get a window that says the connection attempt could not be completed and get a warning that the certificate could not be validated. If I manually configure a wireless connection and specify PEAP to accept my trusted root certificate authority (in the default list), it doesn't prompt but having users do this is not acceptable and more work than to just verify when prompted. I have no control over the devices connecting so I can't push anything down using GPOs.
For the iPad, I get a similar message that the certificate authority can't be verified and you have to accept.
For the certs, I have tried GoDaddy and Starfield. How to get this working without getting prompted to verify/validate a certificate authority? If so, what cert are you using? I have the intermediate certs installed in ACS and Windows and iPads see them because as soon as I delete, the screen that pops up changes to my actual cert.
Cisco Application :: Update SSL Certificates To 2048 Bit Key Certificates?
Sep 17, 2012I'm working on task to update the SSL certificate for an application. steps to upgrade the SSL, stuffs need to be checked before and after the installation and how to verify the new certificates.
View 1 Replies View RelatedCisco AAA/Identity/Nac :: WLC 5508 Does Not Support MAB
Aug 20, 2012As we know that WLC (i.e. 5508) does not support MAB (MAC Auth Bypass) and it supports CWA in 7.2.x. CWA is a result of successfull MAB. So how CWA work for wireless? So it means WLC support MAB?
View 5 Replies View RelatedCisco VPN :: ASA 5510 / Wildcard Cert - Only Have CER File
Dec 5, 2011how to install a wildcard certificate with only the .cer file. I've found quite a few things here in the forums, but everyone seems to also have a pkcs12 file, which I do not.
This is an ASA 5510 on ver 8.4.
Cisco AAA/Identity/Nac :: ACS1120 Does Support ACS Version 5.2.0.x
Aug 27, 2011I have ACS 1120 appilance does it support ACS version 5.2.0.x and corresponding patches.
View 2 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.2 Cannot Support Alcatel Switch
Dec 18, 2011I have Some Alcatel Switch and I want to use ACS 5.2's tacscs+ for Alcatel Switch admin authentication.the Failure Reason:13011 Invalid TACACS+ request packet - possibly mismatched Shared SecretsBut I was check the share secret is correct.Before I was tried associated ACS with vision 4.2 is work.
View 12 Replies View RelatedCisco AAA/Identity/Nac :: 5508 - ISE To Support Wireless LWA
Dec 14, 2011How Cisco Identity Service Engine (ISE) can work with WLAN controller 5508 to do the Local Web Authentication, on behalf tje guest profile is create using Cisco ISE guest management?
As i check Cisco ISE caveat wireless only support on LWA, and LWA not supported on Authorization's VLAN assignment.
what i need to concern abou the ISE authentication and authorization policy on behalf on Wireless LWA with use of ISE guest management case?
Cisco AAA/Identity/Nac :: ACS 5.3 And Enterasys A2 Switch Support
Mar 11, 2012I am using ACS 5.3.I need to make macauthentication on Enterasys switch with Cisco ACS 5.3.I get the following error;
Parsing error or event type unknown:xxxxxxxxxxxxx ERROR RADIUS : RADIUS packet contains invalid attribute(s) ;Failed-Attepmt:Radius request dropped
How can I integrate Custom Attribute Enterasys A2 Switch with Cisco ACS 5.3 ?
Cisco Firewall :: Installing A Wildcard Cert On ASA 5500
Apr 15, 2013I am basically looking to install the wildcard on the outside interface for my ASA
View 1 Replies View RelatedCisco :: Install GoDaddy Wildcard SSL On WLC 2504 Controller
Jan 28, 2013I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).
Cisco VPN :: Anyconnect 3.1 Untrusted Server Cert With Wildcard
Jan 21, 2013I've seen a bunch of discussions on the untrusted server cert error with self signed certs. But I have a valid wildcard that I use on my ASA. How do I make that work with out the untrusted server cert error?
View 5 Replies View RelatedCisco :: Identity Services Engine (ISE) Support For WLC 2500?
Dec 5, 2011Is the ISE going to support the 2500 series Wireless LAN Controller WLC? If yes in what release and appriximately when is that due to be released?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: ASDM 6.5(1) For ASA-SM Doesn't Support RSA / SDI Authentication
Apr 23, 2013I'd like to configure ASDM access to ASA-SM using RSA SecurID authentication.I've followed instructions in this documen [URL]When I test access from CLI everything looks fine:
asa-vss/admin/act# test aaa-server authentication RSA
Server IP Address or name: xx.xx.xx.xx
Username: testuser
Password: **********
INFO: Attempting Authentication test to IP address <xx.xx.xx.xx> (timeout: 12 seconds)
INFO: Authentication Successful
[code]....
When I try to use ASDM, I'm unable to login and I can see lot of authentication error (Token reuse) messages on RSA server monitor window.It looks like ASDM 6.5(1) for ASA-SM doesn't support RSA/SDI authentication.
Cisco AAA/Identity/Nac :: Does Nac 4.7 Support Kaspersky Endpoint Security
May 17, 2012we have installed nac for our customer and it works fine ,but the customer want the change the version of kaspersky antivirus from 6 to 8 end point security ,when we have try this the nac agent does not find the antivrus on the the workstation . i want to know if this version of kasoersky (end point security ) is supported by nac ,if no is ther a solution to make it works with the NAC .
View 3 Replies View RelatedCisco :: 5508 - Wildcard Certificate Accepted By Wireless Lan Controller?
Feb 13, 2011I have 3 WLC 5508 and a NAC guest server. We want to download a wildcard certificate after a few seconds at the download of this certificate I got the failure message download failed.
Accept the WLC wildcard certificates or must I generate a SAN (Subject Alternative Name) Certificate.
Cisco AAA/Identity/Nac :: Can Latest Version Of ACS 4.0 Support Nested AD Groups
Dec 20, 2012We are running ACS 4.0 so understandably so we are looking to upgrading to a Cisco supportable version of ACS. The limitation of our current version of ACS does not support nested AD groups. The latest version of ACS (I think it is 5.4) will?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: ISE-3315-k9 / Support For Command Level Accounting
Nov 28, 2012Whether ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting.
Cisco AAA/Identity/Nac :: WS-C4510R Critical Voice Vlan Support
Dec 15, 2011Critical voice vlan feature, used to place a newly authenticating phone when radius server is dead into appropriate voice vlan, seems to be a new feature and I find the documentation to be incomplete. Do the following switches support this feature in any IoS versions? WS-C4510R, 4506, 3560, 3550,2960s.
View 1 Replies View RelatedCisco AAA/Identity/Nac :: Can ACS 5.2 Support Multiple Active Directory Domains For 802.1x
May 25, 2011I'm looking to implement ACS 5.2 using 802.1X, we have two seperate AD domains.A single switch will need to support both ADs, so if a machine in AD1 is connected, it will be authenticated to the ACS using AD1 and applied to VLAN1, while a machine that is in AD2 will be authenticated to AD2 and applied to VLAN 2.
I'm looking at machine authentication, not user authentication, so I assume that I will need to import two certs from each AD.
Cisco AAA/Identity/Nac :: How Many Network Devices Can Secure ACSv4.1 Support
Sep 13, 2012How many newtork devices can Cisco Secure ACSv4.1 support is there any limit on the same? How to get the Specs of Cisco Secure ACSv4.1 on the above grounds...
View 2 Replies View RelatedCisco Application :: CSS 11501 - Wildcard Certificate With Subject Alternative Names
Sep 6, 2012I generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies View Related
