disable telnet for ACS 1120 Appliance version 5.0.0.21 .is there anway to do it , not able to login via telnet and ssh it says wrong credentials but webgui is working fine with same user and password.
View 1 RepliesNeed URL for patch 4.2.1.15.3 with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .
View 4 Replies View RelatedHow do we disable the telnet to ACS appliance 4.2 1113 SE
View 4 Replies View RelatedI have a pair of ACE 4710's that I am deploying within a datacenter. The primary and secondary ACE appliances have identical configurations except for the IP addressing and priorities for FT. The FT peer is going into a TL error state.
On the primary ACE appliance, I am able to ping and telnet from/to it without any issues. All of the routing works as it should and everything is seen in the ARP table as it should. The secondary appliance is able to ping everywhere, but telnet out of or into that appliance does not work.
I am able to see the IP addresses in the arp table and can successfully ping end to end from the secondary device, just unable to telnet into or out of it. When I try to telnet out of the secondary device, it reports that there is no route, even though the IP's I am trying to telnet to are directly connected and those interfaces are up and working (otherwise ping would fail). The exact same filters (access-lists, service-policies) are configured in the exact same format and applied to the exact same interfaces.
I tried removing all of the fault tolerance configurations and just created a Layer 3 vlan interface for management and I am still unable to telnet into or out of the appliance. This is not a complicated setup and I have to think there is something obvious that I'm missing, but I'm hung up on the fact that the config's are almost identical while one works exactly as intended and the other reports no route to host for a directly connected interface.
I have an acs 5.0 running on Cisco 1120 appliance. It has worked for 2 years. Suddenly, I discovered that user can no longer login with their credentials. On close examination, when I console, the booting does not complete. Screen shot attached.
View 3 Replies View RelatedAm I entitle to upgrade from 5.1 to 5.2 by having smarnet on my 1120 Secure ACS Appliance?
View 1 Replies View RelatedI am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)
i am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
I have downloaded client supplicant certficate file for my windows XP machine .When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
I need this SSL certficate installation on my acs appliance 1120 for PEAP clients.I have exported SSL server certficate from my old acs 3.3 server which is under acscertstore folder issued by CA vendor . I need to reuse this same SSL certificate on my acs appliance .ACS appliance certficate setup requires following two certificate to be installed for PEAP clients authentication
1) Server Certificate
2) CA certificate
Server Certificate : For server certifcate , I have my old certificate which is exported from my old acs 3.3 server , when i tried to download my server certficate via ftp server on my acs appliance , its looking for private key & private key file .Private key & file is generated intially on CSR request when this server certificate is requested to CA vendor for my old acs 3.3 . I dont know the private key password . If i need private key & file , then i need to generate new CSR from my acs appliance and i need to submit this CSR output to my CA vendor to generate new SSL server certificate .which is something like new server certificate request .CA certficate : For CA certficate , when i open my existing SSL certificate under detials tab in CRL distribution point , i could see below URL . whn i open this URL it giving certificate revocation list . [1]CRL Distribution Point.
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
I want to upgrade my Cisco ACS Engine appliance 1120 from software version 3.3 to the latest version (5.x). How do I go about this?
View 2 Replies View RelatedI am using a Cisco 2801 Router and currently have Telnet enabled on all interfaces. How do I change that so it is enabled from all inside networks, but not on the outside interface?
View 12 Replies View Related#sh run | inc user
!
username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password
!
#sh run | inc aaa
!
aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common
!
#sh run | begin line vty
!
line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
I want to disable the telnet option/feature on ASA 5510
i tried no telnet alone it wont work as i didnt configured any telnet at all.
I am trying to Disable Telnet and enable SSH in CatOS for 6500 .
View 12 Replies View RelatedHow do I know which hardware I have? I can't find a HW version anywhere on the appliance or in WLSE itself. I am guessing 1105 beacuse I saw a 1105 as part of the path in the repository.
View 2 Replies View Relatedusing a Cisco 5508 controller (code version 7.4.100.0) with an ACS appliance running version 4.1 or 4.2?I've found that the ACS constantly reports a 'Bad request from NAS' (Invalid message authenticator in EAP request). message. This usually indicates a mismatched shared secret but this isn't the case.The controller works fine opposite a Microsoft NPS Radius Server.
View 6 Replies View RelatedDo you know if it is possible in ACE 4710 appliance to configure a SIP TLS ?The SIP probe we have in the configuration guide it is only for clear text. for Lync 2013 we need to establish first a TLS session and then within it, send an SIP request..IS it possible in any version? I tried also to configure a HTTPS probe but it fails as it sends a GET which the Lync SIP server doesn't understand.
View 1 Replies View RelatedIn 2008-2010 timeframe, I used the ace 4710 appliances at one customer and kind of liked them. The deployment was not too SSL intensive and B/W requirements were low, but I configured a few HA pairs and that worked well. The configuration was pretty comparable to other Cisco devices; so easy to learn/pick-up.Fast forward to 2011: stepped into an environment, where customer purchased 3 - ACE 20 modules (before I got here), and had multiple issues with them. I found 4 documented TAC cases, and 1 was still open. I started working from December 2011 on getting Cisco to own-up WRT modules but customer by that time had had enough.
The most serious issue was a random reboot, hang or lockup. I wasn’t here to work with them to verify, but that’s eventually what the deal breaker was. Around the February 2012 timeframe, talking to Cisco SE, he revealed Cisco had an independent lab in Switzerland verify that some hardware component on the device had a terminal defect, in which a bit would flip, and force the device to lock or reboot - subject ot radioactive decay or interference.Cisco and the lab attributed this to improper shielding, coupled with defective material in the electronic component; hence the device was highly susceptible to radiation-type errors. This is the kind of stuff you read in doomsday reports! As a result, Cisco was EOL-ing the ACE-20 module. I am trying to get Cisco to replace the ACE-20 modules with something else, but they haven’t been too cooperative. They have also limited their SE/Salseperson presence where I work (Pacific Northwest); and are not too responsive.
I have gotten a verbal agreement to get a credit on prior purchases for the amount this customer spent on the ACE-20 modules. However, the credit is only a few points off their normal discounting model. And Cisco will not go into loss on new product sales. Using example, $100 product would cost me $55 with standard Cisco discounting. Cisco’s cost might be $45 so I will only get another $10 credit on this new purchase.The 3 Cisco ACE-20’s originally cost customer about $100K, so to dwindle this credit down, we would need to purchase about $1-$2 million of new hardware - that's a lot of new gear! And I don’t have any real way of knowing that Cisco is applying the credit honestly, and they won’t put anything in writing. This entire issue has really dampened customer’s impression of Cisco. They had smartnet on the ACE-20’s for 2+ years, but then dumped that after losing faith in the product. Now I am trying to resurrect smartnet to see if Cisco will give us an alternate product.
And to cap it all off, the original Cisco salesperson (who sold customer the ACE’s), has left and went to work for F5! And yes, he has been calling on customer to try to sell some big-IP's! At least there is some humor in all of this. So... Has anyone else had bad experience with ACE-20 module? How about ACE 4710? How to get a reliable working ACE module from Cisco?
We have an ANM Virtual Appliance, version 5.2, were we login and can go no further. This was working for fine for approximately two and half weeks. We created a backup and re-loaded the system via CLI with the same result. We logged in again via SSH and we have noted the following:
cscoanmsa/admin# sh disk
temp. space 4% used (141244 of 4951688)
disk: 7% used (353916 of 5935604)
Internal filesystems:
warning - /var is 100% used (89219000 of 89258112)
cscoanmsa/admin# sh application status ANM
[code]....
Is there any way to access and clean out the /var directory from the CLI. is this achieved simply via the "delete" command with the full path ?
My TCOM guys say they do not see the ACE as a CDP neighbor on their switches. Is CDP enabled by default? I cannot find any documentation that suggests this is configuration (like on the Cisco CSS - where it can be enabled, but cannot see its' CDP neighbors).
BTW - The ACE 4710 Appliance documentation uses CDP as acronym for Certificate Revocation List Discovery Point (for SSL CRL's).
The upgrade process for ANM virtual appliance 4.2 involves doing a backup and restore as root user. I have looked through the documentation and have even reinstalled the virtual appliance to see if the install script gives away the root password for the OS but without luck.
How to set/find the root password?
We have several 474 and 594 class WAAS appliances in the field. When power is lost to a given location, almost all of the other devices we have at these sites will start themsleves back up upon the restoration of power. Since the 474 and 594 WAAS appliances are basically PC based devices they do not seem to have the ability to start themselves back up when power is restored. What we would like is to have a solution wherein the WAAS device powers up on its own once power is restored much like the routers, switches, servers and PBX devices at the same location.
View 1 Replies View RelatedI have a problem, recently I can not telnet to the ACE 4710, the ACE version is A4(2.0). I can enter by web and console but not for telnet. I try to give more resource to the admin context but it doesnt work.
View 1 Replies View RelatedI've got basic connectivty to our ACE30 module and when I try connecting to the management IP address (attached to the Admin context), I see a very basic GUI which only lists the CSM to ACE config conversion tool. I don't see a GUI as detailed in the document: url...How do I get the ACE Applicance Device Manager GUI working so that I can then configure real servers, serverfarms etc rather than via the GUI?Having read through copious amount of documentation I can't seem to find a refrence that would ne useful here. This should be a fairly straight forward exercise - do I need to install some other software to get the full fledged GUI working?
View 2 Replies View Relatedwhat is that mean-"Redundancy is not supported between an ACE module and an ACE appliance operating as peers" I'm designing network in which I plan to use ACE-4710-0.5F-K9 appliances.
View 1 Replies View RelatedI have a pair of ACE 4710s with 12 contexts sharing the load, running A4(2.1). esterday I upgraded one of them to A4(2.3) now I cannot telnet to the Admin context.Pings ok. I can telnet to other contexts on the box and everything seems to be working ok when i do a " sh telnet" comes back with
No Session Information is available
sh telnet maxsessions
telnet maxsessions 16
i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
[URL]
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
I would just like to double-check a point with the forum on licensing on 4710 Appliance.If with version 4.2 and above 2Gbps Bandwidth licence is required, the output of the sho license status should be?
View 1 Replies View RelatedI am in the process of upgrading from v3.2.5 to v4.2.1, i have been follwing the upgrade/downgrade guide forv4(2.0) for my redunanant pair of ACE 4710.everything ok, following procedure after the standby is reloaded and comes up to standby-warm, Iget the license incompatabilty message on the primary.but I cannot telnet back into the standby, i can ping it ok though.I am loathe to go any further, and do the 'ft Switchover all' and reload the primary incase I cannot telnet back into the primary when it comes back up.
View 2 Replies View Relatedimplementation of the cisco CSS 11501 boxes available as spare on our site into production for an application evry thing worked as expected. i was able to telnet the active/master box and was able to console both master and backup box from the console port.however a week post the activity im faced with this weird problem where im not able to take console or the telnet access of my primary/active box.The boxes are working in BOX-to-BOX redundancy and now im not able to telnet or console my active/master box. The telnet and console window prompts me for username and password and after entering the credentials nothing happens. no prompt or no error message is displayed.
The telnet primary authentication is via tacacs and secondary is via local. however for console im not using any method for primay authentication and local for secondary authentication. however i can successfully console my backup box. below are my obsrvations 1. the left and right status LED on the active CSS box is OFF.- it means my CSS 11501 failed and has no power. 2. upon firing the rcmd command with show line command on backup box i see that the telnet sessions and console session is established with the master box3. the redundancy state of the active box says it is master and has not changed state since my last activity, no application issue reported, all the services are active on the active box and also i can ping the active box ip address from my backup box over which box to box redundancy is established. This confirms the active box is functioning well 4. i initially thought the telnet sessions are not getting cleared, however the show line cmd with the rcmd cmd on the backup box confirms this is not happening. now im stuck as the active box cannot be accessed at all via console or telnet. i was thinking of below steps to be carried out.1. to failover the boxes and make the backup as master2. then try to take the faulty box off the network and troubleshoot (are there any other commands that i should use to troubleshoot)3. if nothing works try rebooting the box and check
NOTE: the software running is version 7.20.30.3 with standard feature set. we are not using cvdm or the CSS GUI. we could access the css initially on CSS gui and that is also not working now.
We are having issues with our Cisco ACE 4710, it suddenly stopped to telnet admin context.We are able to telnet another context from the same appliance, but unable to telnet the admin context. Is possible to pings the gateways from the other contexts, but we are not able to ping the gateway from the admin context.Actual we have 5 context with the minimum allocation is 10%.ACL and policy map allowing telnet and etc are enable and configured on the interface.
View 1 Replies View RelatedWe use a phone system that requires SIP Application Layer Gateway to be disabled on the router. We replaced the older RVO42 routers with the WRVS4400N routers and the VOIP phone works fine with this check mark option disabled.
Does the new RVO42 router allow you to disable this option? I did not find it in the manual so far. I do not want to buy two routers and find that it will not work with the phone system. We need Dual WAN this time so I thought we would try RVO42 model again as long as it is the latest version. Any issues with newer RV042, RVO82 with NEC VOIP phone systems?