Cisco Application :: GSS 4492 SSL Certificate And Private Key Replacement
Aug 29, 2011
During our recent pen test, it was discovered that the GSS appears to be running what could be considered a "weak" cipher:
"SSL Weak Cipher Suite Supported - The web servers tested supports the use of weak SSL ciphers."
I've logon to the GSS but was not able to find the directory where the apache confs were stored (/cisco/merlot/apache)
My question is, can the cert and private key on the GSS be replaced by a new cert and key with stronger encryption?
View 1 Replies
ADVERTISEMENT
May 22, 2012
configured my GSS to setup traps to snmp server ,but the snmp server is not receiving any traps from GSS
snmp-server enable
snmp-server community-string public ro
snmp-server host 10.19.41.11 public traps version 2 udp-port 162
[Code]......
View 1 Replies
View Related
Jul 3, 2011
I have upgraded gss to version 3.2(0) because I need to track a server that uses only https.I configured a https head KA VIP answer type but the answer never goes on-line.I tried using url... as the VIP address but not go online too.The gss is behind a firewall.I suspected of the firewall but from the gss CLI it seems that the firewall is open for the https traffic: [code]
View 1 Replies
View Related
Jun 26, 2011
I am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
View 2 Replies
View Related
Jan 30, 2013
Is it possible to use the ACE as a proxy and send SSL connections to 1 VIP then 2 seperate RSevers based on a URL redirect/rewrite? I need a solution that uses one global IP address and sends the SSL connection to two (and eventually more) seperate virtual machines. I'll try my best to explain it in a below
ACE's currently runn Version A5(2.1)
View 6 Replies
View Related
Jun 2, 2012
We now have a new requirement . We are replacing existing pair of CSS with ACE 4710 appliances. The problem here is that I can see from the configuration that some SSL certificate installed in CSS .Is it possible to transfer the existing SSL certificate from the 11503 to the ACE? Or, do we need to generate a new key pair and CSR on the ACE? Is there any document available to know the steps for the same.
View 2 Replies
View Related
Dec 8, 2011
I am tasked to Configure an ACE 4700 for SLB. This has been done and working. Am also further tasked to create a secure communication between tha ACE and Exchange server. I need the breakdown of steps required to Import certificate from the exchange server, and how to verify that things are working.
View 3 Replies
View Related
Aug 20, 2012
how to install a certificate (.p7b and .crf) on my second ACE in a HA pair.
On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.
How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?
Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.
View 5 Replies
View Related
Nov 25, 2009
I have an environment with SSL termination and client authentication with a client certificate. Now, the backend server application needs to be informed of the client DN information present in the presented client certificate. Is it possible to tell the ACE to send specific client certificate fields to the backen server via insertion of an HTTP header or, to forward the entire client certificate in any way to the backend server ?
View 2 Replies
View Related
Nov 16, 2011
My customer has SSL certificate already installed on microsoft exchnage 2010 servers and now wanted to import that certificate to cisco ACE4710.
How to trace the exact procedure to import the SSL Cert to ACE from microsoft exchange server and how about the KEY, from where I should get the KEY to cross verify for SSL Cert?
View 2 Replies
View Related
Dec 3, 2012
I am performing a deployment, in which i require clarity on the following. Our setup has DC and DR , in each site we have two devices for HA.We have received One SSL Certificate from Public CA, Kindly clarify the following doubts i have on thisIn Doc, i found Cert.pem and key.pem is required to generate the pair ,do i receive both Cert.pem and key.pem from the CA or we can generate key.pem from Cert.pem ?SSL Offloading is planned for the X application, and it is running in both DC and DR ( Considering each having their own Public IP address ) , do i need to have two different public certificates or a single certificate can i use in both DC and DR.Load Balancing IssueIs it possible to configure in ACE to access the service in Business hours and in non Business hours to display HTML page showing this is available only during these hours ?In DC we have Three Web Servers ( only in One physical server the service is active, other two are backup ), and these three servers are under cluster and shares one cluster IP , In ACE we have created the VIP and Pointed to only Cluster IP ( like pass through only ). The issue we face is if active web server is down, even then ACE is sending the traffic to that webserver only instead of sending it to the new Active web server. let us know if any solution is there to overcome this issue ?as per my understanding instead of giving cluster IP as real server IP we can issue the three physical servers. now i dont require load balancing between three servers instead require failover king like if first server is down then it should forward to Second server ?
View 4 Replies
View Related
Sep 6, 2012
I generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies
View Related
Jan 30, 2012
There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
View 3 Replies
View Related
Oct 19, 2012
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
View 5 Replies
View Related
Jan 18, 2011
Customer is using AIM-ATM AIM with a VWIC2-1MFT-T1/E1 card installed, and using the E1s in ATM mode.They have recently migrated to ISRG G2, but; ISR G2 (2911) dosen't support AIM Modules, and there is no relevant module for ATM.So is there anything we can do to accomplish same functionality on ISR G2 ?
View 1 Replies
View Related
Jul 1, 2012
I'm looking to upgrade our main router/firewall with something that has more throughput. This unit has 2 DMZ zones, internal switch and 2xWAN connections which is pretty handy as I'm utilizing all of them.How to resolve the issue of having a firewall and router in one device,What would be the replacement solution if I were to decide for Cisco solution? What is the best practice?
View 3 Replies
View Related
Jan 27, 2013
I would like to ask if what is the replacement for RV016? Is there any on the ISR G2 that can be set as a mulit-WAN router? Meaning can handle for more than two WAN connections.
View 2 Replies
View Related
Jun 19, 2012
For our client, we have two ACS 5.0 deployed in primary and secondary mode.Primary ACS is failed and we are going to replace the hardware.Problem is we dont have backup of primary ACS and have backup of only secondary ACS.Also there is certificate used for authentication of wireless users.In this case how we can proceed for for the restore.
If we promote secondary ACS to primary and join the New ACS as secondary,will the certificate also synchronised? or we need to create CSR and obtain the certificate for new ACS?
View 1 Replies
View Related
Jun 7, 2013
I have a clarification related with ACS 1121. Client needs a solution for ACS feature, instead of investing on ISE Base, is there any model exists as ACS appliance only. I believe ACS 1121 is going to be EOS and it says SNS 3415 is the replacement model .
What I am confused is , It is an ISE as well as ACS and there is separate licensing for ISE (as base and advanced). What should i do , if i need to select SNS 3415 as ACS appliance ? is it built in or should i need to add anything extra ?
View 3 Replies
View Related
Aug 12, 2011
DLINK RMA service is worst I have ever experienced.I sent my defective DLINK DIR-655 router to RMA department about 3 weeks ago, and finally got the replacement today. However, can you believe the replacement from RMA is also defective, not connecting Internet at all? After spending about 1 hour with technical support again to confirm the replacement is still defective, I was told to request another RMA. Should DLINK expect me to spend another $10 shipping fee and wait for another 3 week for another replacement because of a mistake made by DLINK RMA service?
View 7 Replies
View Related
Jan 26, 2013
I know ACS 5 lacks the IP Pools of earlier ACS versions. I'm looking at a 4 to 5 migration and was thinking of just configuring the IP Pools on the router ("ip pool local" etc) and sending back a RADIUS Cisco Attribute pair with the name of the pool. (Seemed like a neat fix, needs no extra kit, etc.)
I could have sworn that attribute pair existed... but I can't find it in ACS5! What's it's name?! Where is it!? Or have I gone mad!? (And, if I have gone mad, how would you go about fixing it?)
View 2 Replies
View Related
May 3, 2013
Any replacement fan for the WS-C3750G-48TS-S switch that runs quieter than the one originally built into this router? I've searched a number of web sites and found plenty of replacement fans available but none of them show noise level specifications.
particular manufacturer/model combination that works in this router that will drop the noise level down while maintaining air flow. This switch is in a short network rack in an small office that also includes people. The current noise level isn't defining like some servers, but is loud enough to be distracting.
View 6 Replies
View Related
Apr 14, 2013
Bought and paid for Network Magic Pro 5.5. Bought new computer and need to install Network Magic Pro 5.5. Installation successfull. Unfortunately I have lost the activation key and the email it was on was deleted.
View 1 Replies
View Related
Apr 8, 2013
The issue im having is that i have recently had no issue with the wireless network. But today my laptops battery would not charge and as a result the computer died. I had to remove it to get it to charge again. Since then i have been unable to connect wirelessly to the network it simply says "windows is unable to connect" I have however been able to get online using an ethernet cable on the same router.ive looked around on varius forms but no information has assisted thus far.
View 17 Replies
View Related
Feb 12, 2012
I have a side gig that I do some work for and they've had a Sonicwall TZ200 device in their branch office and also in their data center that has a site to site VPN connection between the two devices. About a month ago the bandwidth throughput got severly decreased. They went from getting about 28Mbps/27Mbps to now ~3Mbps/12Mbps.
I've spent days troubleshooting with Sonicwall which could be a whole dedicated thread on it's own but I digress. I even had the ISP come out and test the line and when they hooked up their own laptop it got the speeds it should be getting. I've rebuilt the config on the sonicwall from scratch which was a major pain in the ass because I'm not a firewall guy by any means. After firmware updates and pulling my hair out I've decided to dump the tz200, to what I don't know. I need two devices, one for the data center and one for the branch office. I'm pretty sure something in the config is causing this and after being escalated to the highest level at sonicwall and them sending me a replacement unit which I rebuilt the config on and also tried to import the old settings with no luck. I very well could have done something or made a change to cause this but I'm at a loss and willing to try another product.
I get spammed from Barracuda all the time, do they have quality devices? Something with a web interface would be great since I'm not a firewall guru by any means and had set up a bunch of address objects with NATs and all that.
View 19 Replies
View Related
Oct 3, 2012
Right Now we are using Cisco switch model c4006.and we are looking to replacement for the same . Below are our requirements.
1: Around 120 Ports (100 Mbps)
2: Around 30 Ports (1Giga)
3: Layer2/Layer3
View 2 Replies
View Related
Mar 20, 2013
the small fan of a SRP541w seems to have 'melted' it's way out of it's casing. How to know part number for a replacement fan for this router?
View 3 Replies
View Related
Aug 25, 2012
I was planning to buy 7204 VXR for my site's router for the following requirements:
- support for ATM, Serial, ISDN
- support for 3 10/100/1000 ethernet interface
- support for 2 WAN interface
However, I realized that the 7200 series will not be available for sale after September of this year!! Any "reasonable" replacement for 7204 VXR that meets the above requirements?
View 5 Replies
View Related
Apr 8, 2013
What is the benefit of replacing 5512 for 5510.
View 1 Replies
View Related
Apr 9, 2012
I have a Cisco WRVS4400N V2. I need to find a replacement AC adapter and the stands if possble.
View 1 Replies
View Related
May 7, 2013
Our ACS appliance (Cisco 1113) has died and it is not cost effective to get it replaced as it will only be used until the end of this year.Is it possible to get the tacacs software to install on a Windows server? How do I go about sourcing the software as the original documentation is no longer available? Will the fact that I have a defunct appliance be sufficient proof to get a copy of the software? We are currently running v4.1
View 1 Replies
View Related
Jun 23, 2011
I had an E1000 for a couple of years that worked OK. Then it went nuts--sporadically dropped the signal, wouldn't show its web page, etc.--maybe a power surge, who knows? So I tossed it and got a new one on the theory that it would be a plug in replacement .The new unit had a good signal, but also wouldn't show its web page, so I couldn't configure security. I removed Network Magic and everything else I could see pertaining to the old unit. However, the CD for the new unit still gives me: " Your router has already been set up. You need to use an Easy Setup Key that you can use to get other computers connected." Needless to say, I don't have such a thing. Cisco Connect is not installed at this point, so I can't go into it to create one.How can I purge the remains of the old unit so the new one will install properly?
View 6 Replies
View Related
Nov 27, 2011
I just got a Dell Powerconnect 3324 from work and well needless to say it is very loud. Any good fan replacement that will do the job and not be nearly as loud? It currently has two Sunon KD1204PKV1, 40x40x20mm, 12V, 8.9 CFM, two wire fans.
View 6 Replies
View Related
