Cisco AAA/Identity/Nac :: How To Setup Sync Between Two New ACS Server V5.3

Dec 4, 2011

I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the acs.nyc as primary and acs.sjc as the secondary, how do i setup it up?

View 1 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: How To Setup ACS 4.2 As LDAP Server To Authenticate Devices

Sep 1, 2011

I have a ACS 4.2 under windows, I setuped it to authenticate routers by RADIUS and TACACS+  protocols. now I have some devices whitch know only LDAP protocol. How can setup ACS as a ldap server to authenticate those devices?>

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Sync With Windows 2008 AD But Cannot See Groups

Jan 2, 2011

Recently I've been working with the ACS 5.2 (Installed on VMWare). At the beginning I was using a Win Server 2003 Enterprise edition AD, and there was no problem with the AD and the CA Authority. Because some of my customers use Win Server 2008 I change the AD platform to Win Server 2008 Enterprise edition  (x64).I don't really have a great experience with Win Server Platforms and, for what I've seen, the Win Server 2003 Services deployment is easier than the Win Server 2008 is.
 
So, when I used the Win server 2003 I could not only synchronize the ACS with the AD but also use some groups created on the AD to perform the Network Access Authentication. When I try to do the same with the Win Server 2008 AD the ACS and the Server get Synchronized but when I want to add the groups for the Authentication purposes there is no one, absolutely nothing... so I cannot do any test.Also I looked for information about the compatibility between the ACS 5.2 and the Win Server 2008 platforms and at the end the platforms are compatibles.

View 13 Replies View Related

Cisco AAA/Identity/Nac :: Sync / Copy AAA Clients Between Two ACS5.2

May 17, 2011

we are moving network devices (200+) authentication/authorization/accounting to new ACS5.2, is there any easy way to copy/sync all those AAA clients configuration to another ACS5.2 server? I don't need other configuration to be synced/copied to another ACS5.2 server

View 8 Replies View Related

Cisco Wireless :: WAP4400N / How To Setup Access Point To Sync With New Router

Feb 16, 2012

I had been using a Linksys Wireless-N Router WRT350N with a Linksys Wireless-N Access Point WAP4400N.  The router quit working so I upgraded to a Linksys Wireless-N Router E1550.  The problem is, the new router doesn't sync with the old access point. how to setup the Access Point to sync with the new router?

View 1 Replies View Related

Backup / Sync Between File Server?

Mar 21, 2013

I have a Nas4Free (FreeBSD) server on location A and another Nas4Free server on location B.

I need to regulary access to location B's some folder from Windows machine at location A. What is the best scenario for this?

I think to rsync those folders/files every night to location A, but then I think what if in the future there are many other locations (C, D, E, F) that need to be rsynced to location A, that will make location A need a very large harddisk space that maybe not available in the market or limit
by the hardware/BIOS support.

View 2 Replies View Related

Find Active Sync Usb FV Setup File For Connectivity Between PC To Airflair Tablet

Jul 27, 2011

Where can I fint the flair activesync usb FVsetup file for connectivity between PC to Airflair tablet

View 2 Replies View Related

Sharing :: Use Old Computer As Auto-sync Backup And Production Server?

Jun 20, 2011

I have this idea of using my old computer (which is still pretty awesome) as a back up + production server. What this would entail would be that each person in my house has a dedicated hard drive that auto-syncs folders they've selected for backing up (not Memeo under any circumstances!). Then there will be a hard drive for me to work on web projects on. I'd like this computer to be very secure but if needed, I could show my work on the production drive to my boss.

View 6 Replies View Related

Windows Server 2008 - Online / Offline File Sync

Jan 24, 2012

Domain support with these operating systems seems to be hit and miss.I have 11 computers connected to a domain and I was wondering what the best way to back up the files on the workstations to the server would be. The server has a mirrored raid array and online backup as well. Just checking to see what the best way to do this would be. I am having trouble with the offline files sync / online files sync with these operating systems.

View 1 Replies View Related

Cisco Wireless :: WAP321 Lost Time - Cannot Sync With Time Server

Jul 8, 2012

I just bought a WAP321 Wireless AP. I wonder why it cannot sync with our time server automatically. Every time I reboot it, the system time become "Fri Dec 31 1999 12:00:00 UCT".  I have to do the sync manually by clicking on the "Save" button under the menu Administration > Time Setting.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACL 122 - Setup Identity Firewall On ASA Version 5.6 On DMZ Interface

Aug 27, 2012

I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.I have installed the ADAgent on a domain member Win2008 and configured as follows: [code]
 
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.The ADagent has been properly tested and ASA can register to it.The ASA can connect to AD DC controller and query user database.I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
 
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity.Do I need to add extra rules in the access-list 122 to permit trafic to DC?Can I check on the AD Agent if it can retrieve the user to ip mapping ?

View 6 Replies View Related

MSCHAPv2 / Setup Secure VPN Server Using Windows Server 2012 Without Domain?

Jan 10, 2013

i've been using a VPN to connect to my home network from elsewhere for a few months. It's set up as follows:

PPTP
Maximum Strength Encryption
EAP-MSCHAP-v2 Authentication

Now I find out that MSCHAPv2 authentication has been broken and is no longer considered secure (even by Microsoft), so I want to change the protocol I'm using to make it secure.

However, I've spent 3 hours now researching this and I cannot for the life of me figure out how to use a better protocol on my Windows Server 2012 home server. I've tried setting up PEAP authentication (still PPTP) a la Microsoft's recommendation document, but it requires a certificate. I've created a self-signed certificate but it seems I can't issue certificates (via this method) without being a member of a domain, so I'm stuck. I can't even get started with L2TP since I can't find the option for it.

My question is this: Is there a way to setup a secure VPN server using Windows Server 2012 without a domain? If so, how do I do this?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup VPN On ACS 5.2

Jun 28, 2011

I am working on getting ACS to authenticate VPN users. I have a wireless/TACACS policy in place and working.setup of the Authorization profile as well as the policy?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup ACS 5.4 And Juniper J-Web

May 29, 2013

I have set up an ACS 5.4 box and have some test devices connected to it.Cisco and Juniper, both working fine using TACACS I can connect to both using SSH or Telnet but my problem is the J-Web Juniper GUI I can access the J-web no problem with the root account. i can not seem to get it to work, no matter what I try. Here is my shell from the ACS box And the following Juniper configuration.  I have tried binding the local-user-name attribute to both the remote and remoteadmin with no luck.
 
version 9.6R1.13;
system {
host-name Juniper-Firewall;
authentication-order [ tacplus password ];
root-authentication {
encrypted-password "$1$1tRuy9o2$LwSPxNwe4XGNMOMIMo1pd1"; ## SECRET-DATA

[code].....

View 17 Replies View Related

Cisco AAA/Identity/Nac :: Setup A Command Set In ACS 5.3?

Nov 26, 2012

I'm trying to set up a command set in Cisco ACS 5.3, I can't get i to work no mather who I try What I'm trying to accomplish is that some users, say Bob can run every priv. level 1 command + show run, or just to specify which commands Bob will be able to run, whatever is easiest to set up.
 
In my switch I have the commands:

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 1 default group tacacs+ 
aaa authorization commands 15 default group tacacs+ <--- tried diffrent apporaches whith priv level..
(and specied a tacacs server)
  
is the "default" under "aaa authorization commands 1x default group tacacs+" the name of the command set?
 
In the ACS I have specied a Authorization group and binded it to the command set, should the user have priv 15 for this to work or priv 1?(I have also specied a user and an identity group and specied ip ranges under "Network Devices and AAA Clients")

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.0.2 Radius Authentication Setup

Jan 9, 2012

I am having ACS 4.0.2 in my network, which I want to use for 802.1x Radius Authentication for Clients on PEAP-MSCHAPv2 methodology.As per the documentation " EAP Authentication with RADIUS Server",  Doc ID: 44844.I have configured Network Configuration and populated AAA client IP range and Secret Key.
 
Question1: Under Authenticate Using option, there are various RADIUS flavors available for selection. For a Non Cisco AAA client, should I select RADIUS IETF?

Question 2: In the above snap shot, It has an option called Global Authentication Setup, where we can setup EAP configuration. Under PEAP subsection there is an option to "Allow EAP-MSCHAPv2" check box.After checking that, is a restart required to the ACS Server? Would it cause any disruptions to the existing services on the ACS?

View 3 Replies View Related

Cisco Firewall :: ASA 5512 - Best Way To Setup Identity NAT

May 2, 2013

I'm porting our configuration from a Pix 515 firewall to an ASA 5512x.  What's vexing me right now is with the deprecation of the "static" command, I can't quite figure out the best way to Identity NAT my inside sub nets (multiple) to the DMZ sub net
 
So on the pix I have my identiy NATs as an example: 
static (inside,dmz) <IntSubA> <IntSubA> netmask 255.255.255.0
static (inside,dmz) <IntSubB> <IntSubB> netmask 255.255.255.0
static (inside,dmz) <IntSubC> <IntSubC> netmask 255.255.255.0
 
Cisco's migration guide seems to do them one object at a time, which I guess is straightforward enough to do: 
object network SubA
subnet <IntSubA> 255.255.255.0
[code]...
 
I'm thinking that there must be an easier way (aka less lines) to implement this for all the sub nets I want to Identity NAT to the DMZ. 
1)  Can I do this creating objects using a sub net with a net mask of 255.255.0.0 - one object to cover multiple internal sub nets?
2)  Can I do this using object groups and trim this down to:  (assuming I have to commands right)
 
Object-group network Inside_Subs
     network-object <IntSubA> 255.255.255.0
     network-object <intSubB> 255.255.255.0
     network-object <intsubC> 255.255.255.0
 
nat (inside,dmz) source static Inside_Subs Inside_Subs no-proxy-ARP route-enabled. What would be the best way to translate my Identity NATs?

View 10 Replies View Related

Cisco AAA/Identity/Nac :: Setup ACS 5.1 For Dot1x-Port Authentication?

Jan 24, 2010

I want to setup the ACS 5.1 for dot1x-Port authentication. I want to make a machine authentication against an AD-Domain and I got the following error Message:24435  Machine Groups retrieval from Active Directory succeeded

View 13 Replies View Related

Cisco AAA/Identity/Nac :: 5520 How To Setup Another Access Policy 5.3

Jan 30, 2012

I am new to v5.3, and I am not good at VPN.I just have my consultant to configure this correctly just today. Currently, there is only one rule for the access policy (Single Result Selection). That rule is to use Active Directory as the source for the authentication. And by default will deny any other access which is not found in the rule.Now... I just got an order that I need to setup a new user who will need to access to our network by using Cisco IPSec VPN (the software one). But that user is not setup in our Active Directory, and we do not want him to access our domain anyway. He only needs to access non-domain resourse...such as airconditioning controller by IP. So I am thinking to setup his account by using "internal identtity". If I do this way, what do I need to do to setup another access policy? May you give me some steps with little more details? OR... if it is not the way I should do...what else can I do to achieve this goal? Also, he said he could provide his static IP trying to access from. I have a ASA 5520.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Add RADIUS Attributes Under Group Setup In ACS 4.2

Jul 5, 2012

I need to add RADIUS attributes for a custom vendor under "Group Setup" page in ACS 4.2. As of now, I see Cisco Aironet RADIUS Attributes, IETF RADIUS Attributes etc in "Group Setup" page. How can I make sure that the RADIUS attributes for a vendor also appear on that page?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Setup ACS 5.2 With An ASA V8.3.2 To Lock Users Into VPN Groups?

Jan 18, 2011

I'm trying to setup ACS 5.2 with an ASA v8.3.2 to lock users into VPN groups based on a users AD group.  I've tried various combinations but the group lock isn't working.  I've done steps 1 & 2 ...
 
1) Network Devices and AAA Clients -> Define VPN

2) Users and Identity Stores -> Setup AD and Directory Groups, test connection
  
Policy Elements:
 
Q1) Policy Elements - Do I need an authorization profile for each group:

Q2) What RADIUS attributes should I use to match my ASA tunnel-groups?
 
RADIUS-IETF attribute 25?RADIUS-Cisco VPN 3000/ASA/PIX 7.x 85 (Tunnel-Group-Lock)?Other?
 
Access Policies:
 
Q1) Do I need to enable and use group mapping?

Q2) Do I need a Network Access Authorization Policy for each group?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: Setup RA VPN On ASA 8.4 With 2 Groups - VPNGp1 And VPNGp2?

Aug 21, 2011

I am trying to set up RA VPN on ASA 8.4 with 2 groups - VPNGp1 and  VPNGp2. VPNGp1 users will access 1.2.3.0/24 and VPNGp2 users will access  5.6.7.0/24. User authentication will happen using ACS 5.3 Radius.
 
On ASA, I have configured the IP pools, VPN ACLs, VPN groups, group policies for each group, and tunnel groups.
 
On ACS, I have created vpn-user1 and vpn-user2 for each of 2 groups.
 
I am not sure if some more configuration needs to be done on ASA and  ACS... Do I need to add new users - vpn-user1 and vpn-user2 - on ASA,  under each corresponding group policy, using vpn-group-policy command?  Or I need to do something else on ACS?
 
Lastly, how can I configure authorization and accounting for the VPN users? Do I need to do this on ACS or on ASA?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 - Setup EAP-TLS Authentication For Wireless Access Points?

Jun 22, 2011

I am trying to setup EAP-TLS authentication for my wireless access points, but I can't sign my ACS certificate with my enterprise CA certificate.If I generate a self-signed certificate on the ACS server, and try to sign it on my CA, I get an ASN tag error.  It looks like that is because the ACS server is not in the certificate path of the CA server.If I generate a certificate on the CA and try to import it into ACS, I get a "unable to parse certificate" error.  Is there a way to edit the Certificate Trust List in 5.2?  It looks like that was possible with 4.2, but not with the latest version.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ISE 3315 Does Not Boot After Running Setup Command

May 24, 2013

we have a new ISE 3315 installation going on, I powered on the Appliance and appliance booted sucessfully,  I run the Setup command. however after Setup is completed and appliance got a reload, it is not booting at all , booting seems to be hang up as per the snapshot attached.however Appliance is pingable, . i carried the following tasks as part of troubleshooting.
 
2: suspecting that Setup was corrupted, i then re-initialzied / re-installed the ISE Completely, then i run the setup command and after self reload, exactly same behaviour.
 
3: I tried with both Secure CRT & Putty and results are same

View 2 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup Enable Mode Password On ASA 5510

Jan 24, 2013

how do I setup an enable password for an ASA 5510?  At the moment its setup to authenticate using RADIUS (which I'd like to keep doing) but I need to setup an enable mode password.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 AD Connection Setup DNS Failing To Resolve Address

May 9, 2010

I am trying to configure the ACS with AD in the identity store but am running into the following issue.I enter the AD Domain Name and username and password and hit the 'Test Connection' button and receive a DNS error stating that it 'Cannot resolve network address'.I have logged into the CLI and test to the domain name from there and it works fine.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Setup Tacacs Config Onto New NEXUS 5000

May 26, 2011

I m trying to setup a Tacacs config onto my new NEXUS 5000 series.Nevertheless the authentication doesn't work.Actually I followed the config guide but something is not working or missing.I have setup everything through VMWARE with ACS installed on a Windows server.

View 20 Replies View Related

Cisco AAA/Identity/Nac :: Setup AAA For Anyconnect With Active Directory On Asdm 6.4

Aug 20, 2012

Im sure this has been asked before but a quick search has not yielded any exact results so here goes
 
I have anyconnect up and working great on for vpn users using local authentication. Im going over the white papers and seeing a lot of options for NT domain, LDAP, tacacs+ etc
 
we would like remote vpn users to autherticate using their windows domain password, but Im not sure which would be the easiest and quickest option to configure, and I cant find a guide for asdm setup for this topic that doesnt cause more questions than answers . The white papers Im finding are confusing since I am a rookie at this topic.
 
what is the easiest/quickest way to setup windows domain authentication via asdm?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 7000 Setup Switch To Be Able To Authenticate Users With Tacacs+

May 2, 2012

I have a cisco nexus 7000 switch and a cisco ACS 5.2. I would like to setup the switch to be able to authenticate users with tacacs+ using RSA secureid tokens when they try to logon to the switch.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 3750 / Get RADIUS Setup For Authentication To Switches And Routers?

Sep 19, 2012

We are setting up a new office and I am trying to get RADIUS setup for authentication to my switches and routers.  Currently I am working on a 3750 running IOS 15 and getting hung on what I think on something small.  I have attached my Microsoft NPS Network Policy.  Below is my IOS config:
 
aaa group server radius corp-radius
server 10.15.10.20 auth-port 1812 acct-port 1813
!
aaa authentication login default group corp-radius local
aaa authentication login radius-localfallback group corp-radius enable
aaa authorization exec default group radius

[code]....

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.1 In New MCS Server?

Mar 21, 2011

we Bough new mcs server in order to install ACS 4.1,now acs is running on normal PC and its fully configured , so now i want to back up the acs database and the configuration file in order to install it in the new server so how to do that

View 4 Replies View Related

Cisco :: Setup NTP Server Using 2811?

Sep 30, 2012

I've setup a NTP service by using Cisco 2811 routers. This works fine at the moment, but in the end there are some questions left.
 
1. I'm using two 2811 Routers, one for primary, which is resceiving the time from PUBLIC NTP 1, and one for backup, which is resceiving the time from PUBLIC NTP 2. Is it possible to compare these to times an check if the match? And if not, generate an alarm via e.g. SNMP
 
2. Is it possible to check via SNMP, if the routers are reaching PUBLIC NTP 1 and PUBLIC NTP 2 for sync?

View 3 Replies View Related

Cisco WAN :: 5505 With 9.1 VPN Server Setup?

Mar 17, 2013

ASA 5505 Sec plus lic w/OS 9.1
 
I want to setup a quick and simple VPN server on my ASA. I want to do local authentication and, once authenticated, I want to allow all internal access. I only have 1 WAN IP. I'm finding a ton of conflicting info online. The ASA is already setup and is operational. I just need the correct commands to setup the VPN.

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved