Cisco AAA/Identity/Nac :: Upgrading ACS 4.1 SE And Remote Agent
Mar 20, 2012
Presently we are upgrading the existing domain controller to Windows Server 2008, R2 Standard Edition.
I'm bit confound with the information available for the upgrade scenarios. Listed out the present working versions.
Cisco ACS SE - Release 4.1(1) Build 23 Patch 5
Cisco ACS Remote Agent version 4.2(0.124)
As the new operating system is going to work on 64 Bits, I think the existing ACE SE and remote agent may/should be upgraded.
Based on my existing versions, provide the possible upgrade scenarios available for me.After upgrading SE and Remote Agent should be working for 64 bit OS.
View 6 Replies
ADVERTISEMENT
Mar 18, 2013
We have ACS 4.2.0.124 runnning with remote agent installed on win 2003/32 bit ent server. Now we are facing issue like logs (daily backup) from ACS to the Remote Agent is not happening properly. We usually get logs around 1 MB everyday in remote agent but sometimes we are getting 1 KB continuosly untill the services to be restarted in ACS manually.
View 9 Replies
View Related
May 7, 2012
I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC.
View 3 Replies
View Related
Jul 17, 2012
We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
[code]...
View 3 Replies
View Related
Jun 7, 2011
The problem is that i had configured the ACS appliance with a remote agent to Integrate with Microsoft active directory and I installed that agent on one of our domain controls and it is working fine.
When I installed another agent on anther domain control and add it to the ACS server it appear that the remote authentication service is working on it but when try to make the new agent the primary and the old one the secondary from External database configuration all the domain users authenticated but only to one group which configured in Unknown User Policy.It appeared like it can't read any more groups from active directory.
View 2 Replies
View Related
Jul 17, 2011
it's possible to install ACS Remote Agent 4.2.1 on VMWare server. Is it supported by Cisco?Do you have any experience with running the remote agent on VMWare servers?
View 2 Replies
View Related
May 2, 2013
ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.
View 5 Replies
View Related
May 4, 2011
I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
View 1 Replies
View Related
Dec 27, 2012
I have created a NAC Agent Customization Package and sucsesfully uploaded the 'custom.zip' file to - Policy>Policy Elements>Results>ClientProvisioning>Resources.
However, when I try to edit my Client Provisioning Policy and select AgentCustomizationPackage, my custom package dosn't appear on the drop down list, so i'm unable to select it!
View 4 Replies
View Related
Jul 30, 2012
We have a working L2 OOB VG deployment. The NAC agent pops up then says it has granted full access. The issue is about 45 seconds later it pops again then says it has granted full netowrk access. Then it does it again...etc.... The CAM thinks things are fine as it just keeps adding the user to the OUL.
View 4 Replies
View Related
Jun 24, 2012
I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
View 31 Replies
View Related
May 13, 2013
its been a while since I configured a Cisco firewall (PIX 6.0, SDM) - I've now been thrown in the deep end with a pair of 5525-X's (Latest Software) and I need to achieve the belowWebsense integration (Got this working)AAA Authentication for various outbound traffic routes.I'm using ASDM as I'm more comfortable with the GUI than CLI (I'm the other way round with switches!!!), I have AD Agent configured but the ASA isn't doing anything based on User Name but I have a few other things to try. What I'm trying to achieve now is ignoring certain user names from being matched to IP Addresses as I believe that this may have something to do with it.We use Sophos AV and each PC requires a Service Account to run Sophos under. Each update that Sophos attempts is seen as a login and that is the user attached to the IP Address of the machine. Within Websense, it can be told to ignore certain users for purposes of filtering and reporting etc.. but I dont seem to be able to do this with the AD Agent.
View 3 Replies
View Related
Nov 15, 2011
I have done a ADSSO config. Following all the steps in the guide with the specifics steps for windows 7 to modify the krb.txt and the strattomcat.I restart services activate the "Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)" option on the NAM.Then, the ADSSO service start on the NAS.I modify the local policy according to the guide allowing all encryption except the one for future use.Then the NAC client say "User unknown" contact your network administrator.
View 3 Replies
View Related
Jan 14, 2012
I have two NAC appliances version 4.8.2, one Manager and one Server, I want to know if the “nacagentsetup-win-4.8.2.1.tar.gz” software exists in my appliance or it’s CD or not? Should I download it?
When my client wants to download the software by clicking on “download Clean Access Agent 4.8.2” button this error appears “Failed to download (states=-2)”. I guess I should upload the software first but I don’t know how or where it is?
View 1 Replies
View Related
Mar 3, 2012
I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3.Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below: "24401 could not establish connection with acs active directory agent"I'm not seeing anything telling in the logs on the domain controllers.
View 1 Replies
View Related
Apr 28, 2012
installing the Cisco NAC agent through the Active Directory Group Policy. (Windows 2008 R2)Currently Cisco NAC CAS servers has been installed, configured and the switches are added. But the ports are not active. Currently users are not passing through the NAC. When the ports are active and the users trying to access the network, the browser will ask the users to install the Cisco NAC Agent.I need t by pass this by installing the Cisco NAC agent through the active directory Group Policy. How to install the Cisco NAC agent (4.9.1) to all the users in the Network (Windows XP / 7 )through Active Directory so that the users will not know that the Cisco NAC agent has been installed in their computers. By this way the users need not install the Cisco NAC agent through the Web browser and will just login their user name and password and get into the network.
View 1 Replies
View Related
Mar 22, 2013
I was using Remote Desktop between two home computers hard wired through the router and a switch. Now after upgrading to firmware 1.35 I can't get remote desktop to connect. I get an error that I may not have permission, etc. I have the DIR 655 ver A and am running Windows 7 professional on both computers.
View 5 Replies
View Related
Feb 11, 2012
ACS 5.2 , and I can't find document about how to configure remote access vpn authentication in ACS 5.2.
View 6 Replies
View Related
May 26, 2013
Would like to check up either Microsoft SQL Express 2012 is able work with ACS 5.3 remote database?
View 5 Replies
View Related
Mar 19, 2012
I have configured the appliance everything is working fine.We have a remote syslog server and I have configured the remote syslog server details in the "Remote Log Targets" and and Logging Categories.But I cannot see any logs on my syslog server
View 4 Replies
View Related
Jun 17, 2011
We have a Cisco 5510 with 2 IPSec Connection Profiles each using a different IAS for authentication.If we add another VPN profile we need another IAS.With Cisco ACS can it be configured for different VPN profiles from the same ASA 5510?
View 4 Replies
View Related
Oct 12, 2011
I have two ACS 5.2 running as primary and secondary instances respectively. When I try to delete a remote log target under System Administration > ... > Configuration > Log Configuration > Remote Log Targets I get the following error message...."The item you trying to delete is referenced by other items. You must remove all references to this item before it can be deleted".
I have searched the configuration within the web gui and was unable to find anything that reference the object that I'm trying to delete.
View 2 Replies
View Related
Jan 2, 2013
I have a Cisco ASA 5510. I have configured Cisco Anyconnect to authenticate via Windows IAS. We had an outage of that server recently and I tried to remote in via anyconnect and could not. Once the IAS server came up I could get back into the network.
Is there a command that I'm missing that will let me use Anyconnect to connect into the network even if my AAA server is down?
View 2 Replies
View Related
Mar 26, 2012
I am configuring new ACS 1121 appliance with version 5.3 and wanted to know how to configure Remote Database settings in ACS5.3 Is that necessary to configure that option ?
Also one more thing I can see that ACS 5.3 generates lots of logs is there any solution to reduce such logs. It seems many unuseful logs which are system related are getting logged into device which might no be good for memory requirements of device.
View 6 Replies
View Related
Sep 17, 2011
At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I dont't know how to do it.
I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this:
Step 1Add a static IP attribute to internal user attribute dictionary:
Step 2Select System Administration > Configuration > Dictionaries > Identity > Internal Users.
Step 3Click Create.
Step 4Add static IP attribute.
Step 5Select Users and Identity Stores > Internal Identity Stores > Users.
Step 6Click Create.
Step 7Edit the static IP attribute of the user.
I just do it,but it's not work.When I use EasyVPN client to connect ASA 5520,user could success to authentication but will not get the static IP address which I configure on Internal Users,so the tunnel set up failed.I try to Configure a IP pool on ASA for ACS users get IP address,and use EasyVPN client to connect ASA , everything is OK,user authenticate successed.but when I kill IP pool coufigurations and use the "add a static IP address to user "configurations,EzVPN are failed. how to use ACS 5.2 to create a static ip address user for remote access VPN?
View 7 Replies
View Related
Jan 22, 2012
802.1x is working properly, 802.1x port is up,but;when I do a remote desktop to machine that is 802.1x authenticated by an user(Wired), first, login to pc successfuly then(3 minutes) is switch port down..
Debug radius authentication
Debug aaa authentication
Does not appear in the log only message port is down
Equipment;
Cisco 2960, Cisco ACS 4.2 ,MS Active Directory Authentication
Client:windows xp, windows 7
Cisco 2960 Port Config
switchport mode access
dot1x pae authenticator
dot1x port-control auto
spanning-tree portfast
spanning-tree guard loop
View 1 Replies
View Related
Mar 15, 2013
in my test LAB i have used a 5505 running 9.1.1.I have setup a DC (2008R2) and then AD Agent.I have configured and used Identity firewall rules which worked like a charm.I have also used LDAP Auth which also worked fine.I then disabled all the rules but kept the identity firewall checked.Since it was a lab environment, i had to remove the DC for other tests.A few hours later the ASA initially was stuck.I used the console and i saw it could ping noone! not even directly attached PCs or defgw (i was able to ping them before it stucked).No arp table also!the asa did no NATing so no xlate entries were vavailable.Then i sshed to it.I got a blank screen and from console i could see cpu-usage from ssh to 20%I opened a second ssh: nothing. Blank Screen again. cpu-usage from ssh to 40% (overall ~50%)I opened a third ssh: nothing. Blank Screen again. cpu-usage from ssh to 65% (overall ~75%)I issued reload from console! Nothing! it was trying to shut down!I issued reload quick-> that is when console was lost!!I have to unplug it.
The DC that was removed was also the DNS for the ASA.The only log message i could see, before it stuck was "AD Agent is out of reach".i have ttried this 4 times. Always the same. 100% reproducible.I disabled the identity firewall-> no problem! it worked for days.100% reproducable.I downgraded to 8.4.5--> the same for both above actions.
View 1 Replies
View Related
Jun 13, 2011
I'm using NAC 4.8, and I'd like to login using NAC Web Agent on Ipad. When I'm trying to do that, I'm receiving a message on Ipad that I need to install Java Plug-In, but there is no JavaPlug-in available for Ipad. Any additional configuration that I have to do on NAC Manager to be able to access the network using NAC Web Login on Ipad ?
View 3 Replies
View Related
Jul 6, 2011
I am implementing Cisco Network Access Control with Wireless Controller 5508 (WLC5508 below) . Could you tell me how to register WLC5508 as SNMP Agent for Cisco Access Manager (CAM below) ?
[System Information]
IOS version of WLC5508: 7.0.98.218
Version of CAM: 4.8.0
[Code]....
I succeeded to register WLC5508 by using IP address of Service Port on the CAM Web Console. But WLC5508 has only one Service Port, which has no redundant port. I want to register it by usin Management Interface, which has backup port. It is also desirable to implement redundancy of Service Port if possible.
View 2 Replies
View Related
Feb 7, 2011
i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.It is possibile to generate an email or similar automated process to notify administrators on these audits?
(version in use 4.7.2)
View 2 Replies
View Related
Feb 9, 2011
We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
View 1 Replies
View Related
Jun 17, 2012
how to configure dhcp relay agent and how it's work
View 1 Replies
View Related
Feb 1, 2012
we're currently evaluating how we can attach our web based business application to the AD Agent in order to perform Single Sign-On against it. Our users are connecting via VPN to an ASA 5510 which is configured to use our Active Directory for authentication. After access granted the users may access a web server with our business application and should be automatically logged-in there without having to re-type their credentials.
View 0 Replies
View Related
