Cisco AAA/Identity/Nac :: Using SFTP Option In ACS 5.3?
Mar 25, 2012
Any problem while using SFTP option in ACS5.3.I am trying ot use host-key sync command but giving below error.
ACS/admin(config-Repository)# host-key sync
% Error: First character must be a letter
% Error: Invalid ip address or hostnameSOK-S12-ACS-1/admin(config-Repository)# host-key sync% Error: First character must be a letter% Error: Invalid ip address or hostname
As per documentation this command needs to be added directly.
We have ACS 5.3, and trying to set up sftp backup on freesshd server. SSH connection works, but ACS cannot copy backup file to sftp server, we get following errors:
I am not able to backup ACS 5.x server by means of SFTP protocol. We use ACS 5-2-0-26-2. My configuration of repository is:
repository SFTP url sftp://x.x.x.x/home/user user user password hash 455ad
command 'backup acs01 repository SFTP' does not work and I receive the following error message on ACS server:
%SSH connect error
On my sftp server I can find the following error messages:
Apr 6 06:57:46 CR01 sshd[8561]: Accepted password for user from 10.20.86.72 port 47924 ssh2Apr 6 06:57:46 CR01 sshd[8563]: Received disconnect from 10.20.86.72: 11: disconnected by user
How to successfully performed backup by means of SFTP protocol? Do I need any other configuration settings except repository? Do I need to store my SSHD RSA key to ACS? I am able to copy files using SFTP from other computers, so it seems that SFTP server is set correctly.
After we have installed patch 5 on several ACS 5.2 server they aren't able anymore to write their backups to the sftp servers. I tried to search on the bug tool kit, but it seems to be broken when searching for the keyword "sftp". It's the same when I try to do a "copy logs" with sftp as destination.running a debug I can see,
acs/admin# copy logs sftp://10.1.115.11/,Collecting logs...,Username: backupuser,Password: ,6 [16376]: transfer: cars_xfer.c[301] [admin]: sftp copy out of /var/tmp/ADElogs.tar.gz requested,6 [16376]: transfer: cars_xfer_util.c[412] [admin]: resolved server to 10.1.115.11,7 [16383]: transfer: sftp_copy.c[75] [daemon]: Executing SFTP command: /usr/bin/scp -o StrictHostKeyChecking=no /var/tmp/ADElogs.tabackupuser@10.1.115.11://ADElogs.tar.gz,% Error: Transfer failed3 [16376]: transfer: sftp_copy.c[230] [admin]: sftp_copy ERROR: command execution failed,3 [16376]: copy: cm_copy.c[1226] [admin]: Logs archive transfer to url sftp://10.1.115.11/ failed retcode=-306,acs/admin#
I set up a connection from a laptop (Windows 7) that goes through a LAN proxy server to a secure ftp server (Windows Server 2003).The sftp server is assigned a public ip address.I opened the firewall at the destination and allowed port 22 traffic to the sftp server. Well, the connection is failing.I know for a fact the connection from the client laptop is making it to the sftp server.If I issue this command on the client laptop:
telnet sftpserver 22
The DOS screen clears and tells me the type of SSH server I'm connecting to. While this connection is still active, I logged into the destination sftp server and did a netstat command. I can see the address of the proxy server in the "Foreign Address" column of the netstat results. I also can see the proxy server address when I look at the Application Log on the sftp server, so I know the connection is making it to the sftp server.
I beleive the problem is the control port (return traffic) from the server back to the client. Something is being blocked or is misconfigured. I always thought the router negotiated the control port, and that the control port didn't need to be put into any firewalls.
There are many software available for this but the issues is how they all function. Example: One software Synchronized FTP allows you to set a local/remote folder and sync files between them. What was never disclosed is that you need Windows Task Scheduler to run the synchronization, and you do not see a progress indicator. I also tried TurboFTP but it felt like landing a space shuttle.
how to actually run a .bat on a remote computer through ssh/sftp in a GUI. My problem is that I havent been using command lines for 15 years, I litterally have never used a command line besides using stuff like ipconfig in command prompt.I have a ssh server on my home server using FreeSSH'd and The only ssh program i can find with a gui is winscp. Though theres no option to connect through ssh everyone says it does and theres even options for it.
Though when i try to run the bat file i get this error"Current sftp -3 session does not support command you request" then something about a seperate shell session. if i click ok it goes down to starting the session then just sits there and says host is not communication for more than 15 seconds still waiting and only option is to abort.
i am running windows server 2008 with the hyper V role installed.i have installed windows 7 Professional as a guest OS. assigned 2 GB of Ram to the machine. the point behind the VM is to virtualize my FTP server and incase a format is required i have the VM file on my 2nd partition, host OS on another. i use Cerberus FTP Server on the Win7 OS. i configured the server to accept SFTP and TLS connections. on the host OS i installed Fire FTP and File Zilla, both Clients will at max download a 4 MB file at 64 KB/Sec .. i have seen both jump to about 80 KB but was only a split second and never held.. however if i login without SFTP and transfer over standard protocol, i download at 1 MB/sec. which is my normal speeds. would this be only to the encryption process?, in the Cerberus Server there are options to adjust download speeds, i have left it default, and altered it to allow its max configuration. My ISP is not limiting any connections that shouldnt be.
Have cisco ASA5520 on place and i want to configure it to access my webserver outside of my network throught sftp/ftp with filezila what command to add so as port/service associate to it should be able to run?
I have an application, a solar power plant, where communication cables (Cat.6 UTP) are run close to power cables. We've had a lot of failures in the past due to multiple reasons, electrical noise, surge, etc so we decided to change to Cat.6 SFTP. The problem is that now , even with proper termination of the shielding at either one or both ends, the noise is so bad that packet loss is above 90%.
Does the two listed POE switch ports on the 880 series routers are active out of the box (default) or is configuration or extra parts required as internet pictures appear to show what looks like a power connector new to the POE ports?
In one of our regional office I want to terminate 2 Internet links on a single 2811 Router and use both the links as primary and backup to enable site to site VPN. This also gives redundancy option if primary link fails. The Router has total 3 FE ports.
Current setup is terminating one internet link only on the router and establish site to site VPN to our HQ
I have installed cisco lms4.1, seems to berest all working fine. But am not finding a option to enable email seetings options to send reports. I have already set smtp servers, through whihc threshold alerts are trigering, but am unavle get best practice reports. as per document, email setting option is available under Reports>reports settings. But I cant see email setting option under report setting, only 'set report path' is available.
I see the WS-SVC-AGM-1-K9 was EOL Jan 2010 ,What is the suggested Product Migration Option? Also if any is using this WS-SVC-AGM-1-K9 I would like some feedback ,Our problem is listed below and we are wondering of the WS-SVC-AGM-1-K9 will work ?
Looking at the best option to detect attempts at cracking our SIP servers. We see connections from scanners on the internet trying to brute force SIP passwords reasonably often, and would like to be alerted to them happening. Essentially we see hundreds of SIP registration attempts or Invites from the same IP, and this is how we know it is dodgy.
I have 2 Catalyst 3750-E and I have to make a uplink beetwen them with optic fiber but the uplink will be at 1GB not with 10GB but the default port speed is 10GB on the optional module.I have a CVR-X2-SFP but I don´t know the cli command to convert the Te3/0/1 and Te3/0/2 on Gigabit Interfaces for SFP, what is the command?
Im trying to find an affordable Cisco switch with similar capabilities and features as the WS-C3560X-48T-S (L2/L3 routing as in IP Base, dual power supply, etc.).
I see the WS-SVC-AGM-1-K9 was EOL Jan 2010,What is the suggested Product Migration Option? Our problem is listed below and we are wondering of the WS-SVC-AGM-1-K9 will work ?,Looking at the best option to detect attempts at cracking our SIP servers. We see connections from scanners on the internet trying to brute force SIP passwords reasonably often, and would like to be alerted to them happening. Essentially we see hundreds of SIP registration attempts or Invites from the same IP, and this is how we know it is dodgy. If the Anomaly Detector can alert us to this type of traffic, it will be much easier to stop them quickly.
We have Cisco 6509 switch, in which DHCP is enabled and now we have WDS(Windows Deployment server) that needs option 60 to be enabled on DHCP scope for deplyoing OS remotley to PC's. Where to get sample configuration to enable the option 60.
I upgraded the firmware to latest and apparently i've lost couple of options inlcuding TCP Dump in diagnostic as well as I cannot find how to disable/enable an ethernet port.
ragarding AP AIR-CAP3502I cannot learn option 43 from MS server but it can learn the DHCP ip address. We have 2 sites that option 43 does not learned by new AP's but other site works ok. I tried also to delete and add the dhcp scope and same issue. My temporary solution will be creating the DHCP pool with option 43 and 60 in the access switch and it work ok, new AP's able to show in the WLC. I just need more information why site AP's cannot learn the option 43 of the MS server but other site AP's work ok. Is this IOS bug? AP's issue? MS issue?
i m configuring a 887 router for ssl vpn. The goal is to configure full tunnel mode, so the client connect to the webpage generated by the router, it logs in, it has the "application svc" window where you can download the client and connect. Problem is everything is working except for the fact that the window with the ssl application doesn show up at all and so clients can't download the client and connect.
this is the relevant part of the configuration:
ip local pool sslvpnpool xxxxx xxxxxx ip http server ip http authentication local
just got new hardware and decided to try the newer USB port for IOS upgrades. I could not get the switch to recognize my 2gig flash drive. Do I need a proprietary stick or special format?
I also noticed when I removed it the switches crash dump and rebooted?
I just purchase the Cisco Router RVS4000 vpn and I am having problem configuring the VPN option. I just try all way I could imaging, but somehow something are missing and I don't know what it is. Here are a image of my current configuration.
No matter the change on my configuration, the status always in down.
I can't access the internet through my home pc. I can't setup a new connection because I'm missing the network icon. It was fine a few days ago but somehow somewhere I've lost the icon. I have tried to restore but couldn't bo back that far.
I was using my little PC laptop and it fell, and suddenly the internet doesn't work.It doesn't show me any wireless option at all (in bottom right corner. or in control panel)and in "Network Connections"there isn't the wireless option as there used to be.Now it only has 'LAN or high speed internet"I've tried looking at old threads but haven't found anything suited.Is there a way to reactivate? I've tried everything I can think of! (laptop has no CD drive)
I have an adsl router and windows 7 ultimate. The connction status sometimes show's limited connectivity when I click on disconnect and connect again it prompts for troubleshoot connectivity problem, on clicking this it runs a few checks and brings up a window saying connectivity has been fixed and then my internet work's fine. This problem sometimes does not occur all the time. Sometimes after i switch on the router and then the wifi switch it connects just fine.
I just spilled water on my companies Dell Latitude D630 and it didn't start. On the D630 I signed onto a domain. When I put the hard drive from the D630 to a Dell D620 the domain option is grayed out. The only option is to log onto locally. Is there anywhere to get the domain option back?
