Cisco AAA/Identity/Nac :: Session Duration On ACS 5.1?
Aug 15, 2011
IPSEC VPN users are using ACS for extended authentication, whenever authentication is made, entries are available on ACS, now i need the session duration info on ACS, that means total time during which the user was active should be available.
i have enabled accounting globally on the ASA firewall through aaa accounting enable console ACS and also enable accounting in the tunnel-group itself, to which the user is using.
on ACS 5.1 ,i could not find any option / TAB that can give some information on the session duration.
View 3 Replies
ADVERTISEMENT
Sep 18, 2012
How can i determine the current PPPoE session duration on ASA 5500 Systems? If i use the different CLI commands like "show vpdn session state / show vpdn session pppoe state" the output says:
State: SESSION_UP Last Chg: 593595 secs.
The ISP is forcing a reconnect every 86400 seconds, so the value can't be the actual duration of the pppoe session. Does it only indicate the link duration to the attached modem or interface state? Is the only way to detect interruptions of the pppoe session with debug and syslog?
View 0 Replies
View Related
Jan 19, 2012
We're having trouble trying to deploy 802.1x authentication on a brand new site.
Our primary and secondary ACS are located in Paris and the new site located in Toulouse, France. Both sites are connected through the WAN. Everytime a computer/user connects to this new site in Toulouse, ACS 5.2 sends a "5411 EAP session timeout" error message.
View 9 Replies
View Related
May 25, 2012
I am using ACS 5.3 for certificate based authentication for lan workstation. Now few times I received this message from ACS.5411 EAP session timed out : EAP session timed out?
View 1 Replies
View Related
Sep 3, 2012
I've got ACS currently authenticating wireless users - using EAP-MSCHAPv2. There are a large number of failures being reported as:
View 4 Replies
View Related
Aug 15, 2011
Our company has installed ACS Version: 5.1.0.44.6 Internal Build ID: B.2347 with patches: 5-1-0-44-5, 5-1-0-44-6. The security policy of our company includes a password change every 3 months. Our programmers had written a script that allows us to do it. When testing revealed that the script does not work. This is due to the fact that it is not possible to enter the mode "acs-config". In determining the reasons it was found that to enter this mode there is a limit on sessions (6 sessions). When the number of connections becomes larger than 6 then the script does not work. The documentation says that the update is not active sessions is set with terminal session-timeout. In this case, the terminal session-timeout 30. But after 30 minutes of the session will remain active. It interferes with our script.
View 1 Replies
View Related
Aug 7, 2011
We have Cisco ACS 4.2 in our network and the accounting is done for 750-1000 devices and only for level priv-15.If i want to enable accounting for all levels from priv-1 to 15. All commands executed in devices are sent to ACS. Does the ACS can that much sessions from those many devices?Am also planning to configure acs remote agent to store all the accounting history.
View 1 Replies
View Related
Jun 17, 2010
I have upgraded Cisco ACS from 4.1 to 4.2, I have Cisco Access Control 1113 apliance, as soon as I upgraded I am getting error in failed logs "Authen session timed out: Challenge not provided by client", what is wring with this?
View 4 Replies
View Related
Jun 12, 2013
i've checked in on one of our 5510's and also on a 5505 but i don't seem to find the license duration (i.e "perpetual).is this normal or just an IOS or platform specific? [code] Cisco Adaptive Security Appliance Software Version 8.2(5)
View 1 Replies
View Related
May 23, 2011
Everytime I post this message it keeps leaving out the contents...think it might be an IE9 issue.Does anyone know if its possible to see the duration of the internet connection on a WAG320N?
View 4 Replies
View Related
Jul 20, 2011
how to reset old TCP session on cisco ASA 5520?
View 2 Replies
View Related
Feb 28, 2011
Is it possible to log when a user connects/disconnects their VPN session? They are connecting to an asa 5510.
View 5 Replies
View Related
Nov 14, 2012
I have Any Connect (ver 3.1.01065) configured on Cisco router 891. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection). OS Windows 7 SP1 x86.I've read about changing some settings in profile file (changed the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.): url...
But this make sense to the cisco asa... I have a cisco router on the ios 15.1. I've checked the XML file on the local PC to confirm the profile has been downloaded and is has, and I can't see the AllowRemoteUsers option.So I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)This also happened with the previous version of AnyConnect (2.5.xxxx).The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.In the main window of Cisco anyconnect secure mobility client Ive noticed label: Web Authentication required.
View 1 Replies
View Related
May 8, 2011
i have a question regarding the monitor session command. I have following interfaces on my router:i want to monitor the traffic from the source interface Gi0/2 to the destination interface fa1/3,monitor session 1 source interface gigabitEthernet 0/2 brings this error message % Incomplete command.,monitor session 1 source interface gigabitEthernet 0/2?/ : <0-2>,i don't have any ports on the Gigabit Interfaces. Any ideas how to monitor traffic?
View 1 Replies
View Related
Dec 1, 2010
I have configured my Cisco 881 and finally got past the "Cannot see my network" with IPSec VPN issue.I have a usecase where I need to access the gateway from the VPN Session.When I connect to the VPN using Cisco VPN Client 4.8x, I do not get back a Default Gateway on the VPN Adapter. When I try to ping my LAN Gateway IP (10.20.30.1) it does not respond and I cannot access it with any other tools.I am pretty sure this is a very ACL issue and it makes sense to hide the gateway by default but the big question is how do I configure my router to see the Gateway and be able to access it from the VPN session?
Network Info:Internet Gateway to ISP: 192.168.68.1DNS: 192.168.2.1WAN Address for Cisco 881: 192.168.68.222LAN Address on Cisco 881: 10.20.30.1DHCP for LAN on Cisco 881: 10.20.30.10 - 10.20.30.50DHCP for IPSec VPN: 10.20.40.10 - 10.20.40.50
View 17 Replies
View Related
Nov 26, 2012
Is it possible to know the VPN usage for a particular session using Cisco ASDM 6.4? Device type is ASA 5550. ASA version 8.4
View 4 Replies
View Related
Apr 10, 2012
I have installed the ACS 5.1 and linked to my WLC, and when I enter my Logeo I agree Signature: User and password whenever you want from different devices, I want to do is only allow a user to one session at a time.
View 7 Replies
View Related
Jun 2, 2012
What command sequence disconnects you from a TS session? My setup is as followsr1 > TS > 2009-2621XM 2010-3825-R1 2011-3825-R2I can connect from the TS to any of the devices. The issue is that I am telnet'd to r1 and from there telnet'd to the TS. So when I type "Crtl+Shft+6, x" I go directly back to r1 and not the TS. Furthermore if I resume the session on r1 the TS is still connected to whatever session I was in prior to disconnecting. I've experimented with the disconnect and escape characters but I'm at a loss what it is that changes this.
View 4 Replies
View Related
Nov 14, 2012
"how to monitoring VPN Login Session?" I want to the history of VPN User login to my VPN. How could I know?Which software can made me easy to monitoring and store those log in my SNMP Server? How to do that?
View 1 Replies
View Related
Jun 4, 2012
I have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it. I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.
What to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time.
View 2 Replies
View Related
Aug 30, 2012
I will use function of span in sup70-3b.How many session can use in sup720-3b? For example, 2 or 4 session.
View 1 Replies
View Related
Jun 20, 2011
We are trying to configure our 2106 wireless lan controller to expire wireless users sessions so the user is not remembered indefinitely. We are using freeradius to validate the users login information and passing back a "session-timeout" avpair but the WLC seems to be ignoring this value.
How to configure the session expiration time of wireless users on a 2106?
View 2 Replies
View Related
Oct 27, 2005
My app session was working fine and i managed to see it all up and working. now that i have tried to run script commit-redundancy etc i see the session as APP_SESSION_INIT instead of up. The log shows me on the standby box now that it sees the following :
FLOW-MGR 7 - DOS-SYN ATTACK 192.168.1.1 - 192.168.1.2:5001
View 5 Replies
View Related
Mar 5, 2012
I've setup and configured the following local monitor session on a 7606 but it doesnt seem to be outputing anything. Any guess as to why, or what I might be doing wrong? Gi1/1 is doing ~40Mb/s egress & 15Mb/s ingress. Both source and destination ports are routed ports.
monitor session 10 source interface Gi1/1
monitor session 10 destination interface Gi1/10 ingress
interface GigabitEthernet1/1
description WAN Link to ********************* ** CORE BACKBONE **
mtu 9000
ip address ************** 255.255.255.252
[code].....
View 1 Replies
View Related
Apr 19, 2011
I am using site to site vpn with ASA 5550 and some users telnet to a unix macine on the the other end.
the problem appear if the session is ideal for 30s,
View 4 Replies
View Related
Apr 25, 2013
I have a Cisco 5540 that terminates one end of a L2L tunnel, the remote end is a Sonicwall TZ100. The tunnel is in place to carry voice traffic and I have a need to decrypt the traffic that's been captured in .cap file using Wireshark 1.8.5. How to go about getting the session keys from either device?
View 3 Replies
View Related
Apr 5, 2011
How to terminate a vpn session on the asa 5510, when u issue the command sh vpn-sessiondb remote?
View 1 Replies
View Related
Oct 7, 2012
I am able to establish a single VPN session on an ASA 5510. The network is as follows:Cisco 2600 router----> ASA 5510---->non cisco UTM----> LAN.Once another session is connected (same profile different username) is connected the first one disconnected.
View 2 Replies
View Related
Jul 23, 2012
I've got a remote site which is connected to the headquarters via VPN site to site IP Sec tunnel. When I am in my office I have no problem to reach the remote network, but, when I try to connect to the remote network via VPN client, I can't reach it.in the remote office I've hot a Router 3800 (Cisco IOS Software, 3800 Software (C3845-DVENTERPRISEK9-M), Version 12.4(13c), RELEASE SOFTWARE (fc2)) in the headquarters I've got an ASA 5520 Version 8.0(3) I've chequed access-list, and network objects and it seems everythink ok.
local network: 10.30.0.0 0.0.0.0
remote network 10.31.0.0 0.0.0.0
ASA
object-group network remote-network
network-object 172.16.27.0 255.255.255.0
[code]....
View 3 Replies
View Related
May 1, 2012
Our users are using Xmanager to connect to a NNM connection which is going through a Cisco ASA5550 with 8.3. The session of Xmanager is getting terminated exactly after 1 hour and the users have to reconnect it again. How can we make the session to be up always, when I am bypassing the Firewall its always up.
View 2 Replies
View Related
May 21, 2012
My IT Department has recently installed Kaspersky Endpoint Security 8 on our laptops. Through a conversation with my IT guy I found that they can literally see what we are installing/uninstalling, surfing etc on our machines. When I am at home I am connected to my own private wireless network with my work laptop and I RDP to my home computer to surf/download files etc to my home machine. My question is, can my IT department track what I am installing/surfing on my home PC that I am connected to RDP? I was thinking of putting my RDP on the outside so I can connect to my home network and surf securely without my IT department keeping tabs on my history.
View 1 Replies
View Related
Apr 29, 2011
I log in to work from home and if I am inactive for 5-10 minutes, I lose connection to my work server. If I bypass the router, this problem doesn't happen. How I can change settings to keep my session alive?
View 15 Replies
View Related
May 19, 2012
I am running OSX Leopard 10.5 and DDWRT is running on WRT54GL v24-sp2 (08/12/10) vpn.I have an SSH tunnel set up using DDWRT. So now I can surf securely when I am in a remote location.
The problem is after I am done browsing, I can't figure out how to close out the session in a proper manner. For example, I type ssh -p 2222 -N -D 8888 and it works with no problems. However, to kill the session I have to hit "CTR" and "Z". This is not the best solution because it leaves the session and port still open. how to tear down the session without using "ps aux" and then the "kill" command?
View 3 Replies
View Related
