Cisco :: CSM 4.1 / ACS 5.1 Non-ACS AAA Failure

Jan 10, 2012

I know that CW Common Services 3.3 does not work with pre-defined roles on ACS AAA. So I followed these forums and enabled non-ACS AAA and selected TACACS+. I have a single rule that is matching in my ACS (after looking at the audit trail):
 
Authentication Details
Status:
Passed

[Code]....
 
As you may have noticed even though it is matching an access service that allows Priv15. That doesn't seem to be passing through as you can see on top I am only receiving Priv 1. What can I do to properly pass through the access service profile?

View 2 Replies


ADVERTISEMENT

Cisco :: LMS 3.0 - Authorization Failure Log

Jul 16, 2011

In our company we are using Ciscoworks LMS3.0.( DFM 3.0.1, RME 4.1.1.) In DFM, every day at 8:00 PM we receive alarm authorization failure on Core switch ( source is cisco works server IP).

View 6 Replies View Related

Random DNS Look-up Failure

Jan 27, 2013

Whenever I try to open multiple sites, I will get a DNS lookup failure. Whenever I torrent something, websites give me a DNS lookup failure. Watch Youtube and open anoter site, DNS lookup failure. It seems that when I try to use too much internet I crash something... which doesn't make any sense because this problem has only come up recently. The only thing that I can think of is that I was messing around with the DNS to be able to connect to the American Netflix (I'm Canadian). I was using a site called "ZenOK" I believe, which gives you a server to connect to, and then a week later tells you it's no longer free (which they didn't mention in the signup)... so I removed the DNS number in my internet protocols, but I still get American Netflix.

View 14 Replies View Related

Cisco :: VRRP Authentication Failure

Jan 1, 2013

I have a following question. I configured different authentication passwords in Master and slave VRRP setup.

View 2 Replies View Related

Cisco :: LMS 4.0.1 - Failure With PSIRT-EoX System Job

Jul 12, 2011

we cant create EoX and PSIRT reports For Job-Log please see attached 1007.1.log.Patch lms40x-win-CSCto46927-0 has been installed already.CCO-Credentials + Proxy-settings in LMS must be oK, because we are able to auto download device packages for instance.

View 4 Replies View Related

Cisco :: LMS 3.01 - Inventory Failure On Various Devices

Nov 23, 2011

We have several unknown devices within our inventory.  When running an inventory report the message I get back is "No Credentials available".
 
For inventory checks is it just SNMP that is used or is it the standard credentials that are needed ?
 
I am planning to edit the credentials for the single device manually to see if this makes a difference.  Our integration is with ACS and we have a machine account with admin priveleges.
 
Device Verification for the device states "Device Not reachable" for SNMP and SSH.  There are no drops on any of our firewalls but snmpwalk does work from the command prompt from the LMS server.
 
Are there any further checks I can make for these 2 messages:
 
* "No Credentials available". * "Device Not reachable"

View 2 Replies View Related

Cisco :: RV016 DNS Lookup Failure

Apr 19, 2012

I manage a small business with 10 computers running off my network. They are all connected to the internet through a RV016. We recently created a new website and purchased a new domain through In Motion Hosting. I have a randomly reoccuring issue, usually in the morning, that seems to resolve itself after a couple hours on it's own. I have dealt with tech support from In Motion Hosting and my ISP who have both come to the determination that the problem lies within my gateway.
 
When I attempt to log on to my companies website [URL] my browser is unable to locate the webpage. Also, if I try to access the website for In Motion Hosting [URL] or to access our webmail [URL]I am unable to do so because the DNS lookup failed. I can view any other web page on the internet without a problem. I can not ping or tracert either website successfully, however when I called In Motion Hosting and got the IP addresses for the two I was able to ping and tracert them without a problem.
 
As I said the problem happens randomly and seems to resolve itself within 2-8 hours. However we are unable to access our email during these "blackouts" which is becoming a huge problem.
 
Is there a setting within the RV016 that might be causing this to happen?

View 6 Replies View Related

Cisco VPN :: Driver Failure For 440 VPN On Windows 8

Jan 15, 2013

I have Samsung Tablet Windows 8 32-bit I installed VPN Client Version 5.0.07.0410 successfully installed, but I cant connect through the profile always got Driver failure 440.

View 3 Replies View Related

Cisco WAN :: Tracking ISP Failure In ASA 5510?

Nov 14, 2011

Some times the ISP side interface remains up with a failure of internet. At those situation how we can efficiently track the ISP failure from asa 5510

View 2 Replies View Related

Cisco Application :: ANM 5.2 Authentication Failure

Apr 15, 2013

I'm using the Cisco ANM 5.2 version and I'm trying to import the configurations from ACE modules of Cisco switches. The first step is to import the configuration from Cisco switch and the second one is to import the ACE module in the ANM software. I'm getting an authentication problem to import the configuration from Cisco switch and of course I cannot import the ACE as well. The switches and the ACE are using AAA authentication and I have created a specific username to authenticate and import the configurations in the ANM. If I remove the AAA configurations from the switches and ACE modules it works fine.
 
Is there some problem with the AAA configurations in the switches or ACE module?

View 7 Replies View Related

Cisco :: LMS 4.0.1 Inventory Collection Failure

Feb 20, 2012

After I upgrading all device packages, inventory collection failure to complete. All devices stuck on pending state and at the end of the job all devices are under not attempted and job result description ses " Timed out. Make shure that ICServer is running". I made sure that ICServer is running.
 
LMS runs on windows 2008 R2 server

View 10 Replies View Related

Cisco WAN :: 3750 IOS Upgrade Failure

Feb 20, 2011

I'm trying to upgrade a 3750-24TS from c3750-ipservices-mz.122-25.SEE2 to a more recent image. On the first pass, I got

Error: There is insufficient space in flash: to install the requiredError: image.  Clean up some old images, and try again. 

So I used the delete /recursive flash:image-dir-name to clean out the old files, but I'm still getting the same message after doing this. What's the problem? Now I have a switch with no IOS and need to at least get something on there.
 
Switch#sh verCisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Fri 28-Jul-06 08:46 by yenanhImage text-base: 0x00003000, data-base: 0x010CE290ROM: Bootstrap program is C3750 boot loaderBOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)Switch uptime is 1 hour,(code)

View 16 Replies View Related

Cisco Wireless :: WAP 321 Causes Network Failure?

Mar 25, 2013

I recently bought a Cisco WAP 321 for my company, but when i connect it to the network, the switch on which I connect crashes, and I lose all connectivity to the network, (internet also). i have to unplug the WAP321 and wait for a few minutes to be able to use the network again.
 
I'm currently using a small 8 port switch, There are usually 3 or 4 users connected on it. When I try connecting the WAP321 on another switch, only connected to 1 computer, it seems to be working : I can access the configuration page, and make some modifications.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 802.1x Credentials Failure With ACS 5.2

Jun 20, 2011

I recently tried to deploy an ACS appliance with version 5.2 installed on it for a customer.
 
After setting up the WLC to use the ACS as a radius server, and successfully testing connection from the ACS to the AD, I get an error message " 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate" anytime a client tries to connect to the network.
 
This is surprising because I had already generated a certficate for the ACS from a CA and binded the CA signed certificate with the ACS, I also specified the CA in the client machine's wireless properties and checked the "validate certificate" button.
 
When I tried to connect using the internal identity store, the client was successfully authenticated without any certificate issues.

View 1 Replies View Related

Cisco VPN :: AnyConnect 3.0 Installation Failure

May 22, 2011

My company just upgraded our VPN software to use Cisco AnyConnect 3.0.1047.  We were previously using 2.5.0217.  I successfully upgraded the VPN client on my iMac.  I am trying to do the same on my MacBook Pro but the process is failing.  Both Macs are using OSX 10.6.7.  Both use Chrome but I have reproduced the error using Safari and Firefox on the failing system.
 
On the failing MacBook, the IP address my IT department gave me produced this error:After the 26 second timeout completed, I was brought to this screen:
 
I clicked the "Mac..." link above and a file called "cstub" was downloaded.  I could not execute the file directly as its permissions started at 644.  I changed its permissions through the terminal to 755.  I tried executing the binary but it failed returning error code 250.I tried uninstalling AnyConnect 2.5.0217 to see if that improved things.  No change.

View 3 Replies View Related

Cisco :: SSH Authentication Failure CiscoWorks LMS 4.0

Oct 24, 2012

I am trying to get CiscoWorks LMS 4.0 to connect to my routers in order to back up configurations, but I am getting SSH authentication failures reported in the router logs (and archiving fails).
 
The credentials LMS is using is a username and password with priviledge 15: the account is established in TACACS+. I can log into the devices directly with this user account.However, I cannot TFTP from the routers to the LMS either (I get a permission denied message in the router).
 
LMS did manage to fetch some configs, but 90% of my devices are having this issue.

View 4 Replies View Related

Cisco :: LMS 4 Configuration Collection Failure

Nov 20, 2011

I'm having an issue with LMS 4  where it's failing to collection configuration from devices.
 
The following is the status of your Scheduled Config collection job:
 
Job ID         : 1045
Status         : Job Failed(111)
Description    : System config collection job

[Code]....

I researched through this forum and found a thread where the ConfigMgmtServer server wouldn't run. Looking at the processes it says that this service is running normally.

View 1 Replies View Related

Cisco :: LMS 3.0.1 - Device Update Failure

Aug 14, 2011

we are running LMS 3.0.1.  When I attempt to update the devices for RME I received the following error messages.
 
Number of Packages Selected for Install : 82
 
For Product(s) : Resource Manager Essentials
 
Install Invoked by user : admin
 
The Package(s) Selected for Install :
 
[code]....

View 1 Replies View Related

Cisco Firewall :: NAT RPF Check Failure PIX 8.2 OS

May 2, 2013

i know in Cisco PIX til 8.2 OS, if i have Nat control disabled and ACL permitting connection from Low Secirity ( DMZ ) to High Secuurity (INSIDE) then connectino should be successful, and i dont need any STATIC identity nat of inside IP to be created.

But i have Cisco PIX 525 with  Version 7.2(2) Which is not allowing connection from DMZ to INSIDE , although nat control is disabled. and giving RFP check failure, any thought?

PIT525PIXINET# sh running-config nat-control no nat-cont
 
packet-tracer input dmZ  tcp 192.168.85.4 65000 10.34.21.25 3389
 
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
[Code]...

View 6 Replies View Related

Cisco WAN :: 1841 Boot Failure

May 18, 2011

we have a problem with a Cisco 1841 router while booting. The router is loading the image from the CF card but gets stucked at this point:
 
This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.
 
A summary of U.S. laws governing Cisco cryptographic products may be foundURL

View 1 Replies View Related

Aquos TV Failure To Connect

Feb 15, 2012

having the same problem with my Aquos TV. We have a 2wire router, that is directly connected to a home computer. all other computers are connected via wireless with no problems. I have followed the manual instructions, the TV finds the router with enough bars, input the wep key, but it fails to connect. [code]

View 4 Replies View Related

M4345 / PCI Scan Failure On HP MFP?

Sep 13, 2011

So we had a PCI scan, and we failed on a couple things where the devices are HP printers.For those that don't know, PCI = Payment Card Industry

Quote:

service tcp 34862
Linux nfs-utils Overflow

The rpc.mountd service was detected on this server. This is a remote procedure call (RPC) based service that is known to have an overflow vulnerability which can give root-level access to an attacker. Note that this service may have been activated by default when you installed your operating system.

Quote:

service udp 2049
RPC nfsd Detected

The nfsd program faciliates the Unix Network File System, which is rarely meant to be exposed to the public Internet. Many Unix/Linux systems activate a number of RPC services by default during installation. The nfsd program has also had vulnerabilities which could allow an attacker to gain control of this system.

Quote:

Windows Registry Accessible The Windows Registry is accessible by remote users and can be accessed using a NULL session (no credentials) or using the built-in Guest account. The Registry is a critical collection of information that governs how Windows and installed applications operate. The Registry is a primary target for attackers to view or modify.

These 3 came from an HP LaserJet M4345 MFP.What needs to be disabled? Strangely, the other M4345's didn't get these. I compared configurations, but everything was the same that I could see (except for the SNMP setting).

View 12 Replies View Related

Cisco :: Split Tunnel VPN Name Resolution Failure?

May 20, 2012

I'm having with my VPN Server on my Cisco 2621xm.

I started by creating a VPN - everything worked great. I assigned the DNS Servers, Domain name, WINS Server so when I connect I'm able to resolve local hostnames on the network with no problem, however I couldn't connect to the internet. I then set up a split tunnel access list. Since I've set that up, I'm now able to ping internet based addresses (www.google.ca), but no longer able to resolve internal host names. I can ping the ip addresses, just name resolution no longer works.

View 1 Replies View Related

Cisco Wireless :: AAA Authentication Failure On WLC 4402?

Jun 13, 2012

Error: AAA Authentication Failure for UserName:radiususername User Type: WLAN USER
 
I am using a window radius server. I have added my WLC 4402 as a radius client on my radius server.
 
I followed the instructions on the MS link : [URL]
 
I want to use my windows raduis authentication for WLC management login and Web-Auth for guest WLAN user login.

View 2 Replies View Related

Cisco WAN :: C887 15.1(3)T IPV6 CP Failure In PPPoA

Feb 20, 2011

My ISP is *starting* to roll out native-v6, quiet-like, and I'm trying to get it running in the ADSL-connected home-lab. However, for some reason, PPP link setup fails for v6; v4 is fine, as always. The argument which seems to be sent from IPV6CP as the link-ID seems like it might be overlong from some examples I've seen elsewhere.  I have seen 48-bit-ish examples, and this one is clearly longer.  I've not seen any config extracts that suggest I may have control over this, though.  At least not directly.I'd love to know where to look further, or if this is a known bug, but GOOG searches aren't giving me anything seeming relevant.  It's *possible* that the ISP needs to tweak something on the LNS side, but says he has another customer with a working setup (not necessarily on the c8xx ISR series hardware, though).  I had the same problems on c880data-universalk9-mz.124-22.YB8.bin image as well, and moved to the 15.1(3)T in hopes of better functionality.

Relevant config extracts:

boot system flash c880data-universalk9-mz.151-3.T.bin
! ...
ipv6 unicast-routing ipv6 cef
!...
! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/32    encapsulation aal5mux ppp dialer   dialer pool-member 1 ! ! ...
! interface Dialer1 description PPPoA Dialer to ipHouse ip address negotiated ip mtu 1492 ip flow ingress encapsulation ppp dialer pool 1 dialer-group 1 ipv6 address 2001:4980:1000:1E00::2/64 ipv6 address autoconfig ipv6 enable ppp authentication chap pap callin ppp pap sent-username user@isp [snip]! ip forward-protocol nd

[code].....

View 6 Replies View Related

Cisco Infrastructure :: Two WS-X6148 With Even / Odd Port Failure?

Feb 8, 2012

I have two WS-X6148-45AF linecards here that have been out of use for quite some time. Upon inserting them in one of our 6509-E's I noticed that both had "Minor Error"s on their module diagnostics. 
 
I would have just assumed that the cards were dead and requested replacements, but both cards have the *exact* same diagnostic errors, which only seem to effect every-other port. That's too much of a coincidence for me, so I figured I'd ask on the forums and see if I'm just missing something obvious before I assume the worst. Are these cards both somehow damaged in the exact same way? Or is there some config/compatibility issue that I haven't heard of?
 
relevant diagnostic output from one of the cards (Both outputs the same, no use posting twice) is below: 
 
Router#show diagnostic result module 4
Current bootup diagnostic level: minimal
Module 4: 48-port 10/100 mb RJ45  SerialNo : SAL11391VUY

[Code].....

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Active Directory And ACS 5.3 Failure?

May 21, 2012

I am receiving a RADIUS authentication failure stating user must change password; however, password has been changed in AD and is not requiring change password any longer on the AD side.
 
Is there a cache on the ACS that needs to be cleared? AD connection from ACS to domain is fine.  All other accounts authenticate.
 
It appears that if a user lets their account expire is when this happens.  Account has been reenabled in AD and password has been changed.  Still will not authenticate via ACS.

View 1 Replies View Related

Cisco WAN :: 3825 Failure - Doesn't Seem To Boot

Nov 13, 2011

I have a remote customer who is having issues with their 3825 router - since I can't be on site troubleshooting is difficult but so far all that seems to happen when the device is powered on is the "SYS PWR" light goes solid green, and no other lights come on.  Fans seem to be operating normally.  Console access doesn't appear to be working.

View 2 Replies View Related

Cisco VPN :: 5505 - RDP To Terminal Server Failure

May 2, 2012

I am running ASA 5505 release 8.2(4) using a clientless SSL vpn to connect  my assessors to the server via RDP to a Terminal server.  Everything was working fine until last week when we had a Internet outage. During the outage some of the assessors claimed to have accepted a Cisco add-on to get into the site.  once the internet came backup they could not connect to the terminal servers - what would happen is they would click on the link - say OK to connect the clipboard and the screen would pause for a few seconds then right back to the select options page.
 
they can get to other servers (non-terminal servers) but not to the ones they need.   I can recreate the issue by waiting a REALLY long time before replying to a prompt to install an cisco add-on.  I have users that can connect and others than can not.  Also this only seems to affect Internet Explorer 8 and 9  does not affect Firefox

View 1 Replies View Related

Cisco WAN :: 7200 Link Failure Detection

Nov 28, 2012

Primary optical link between CPE and PE, and backup 3G/ADSL link between CPE and PE.I am considering link failure detection on primary link (after which backup link should take over). Which method is the least CPU intesive:
 
1) BGP protocol between CPE and PE
2) RIP protocol between CPE and PE
3) BFD on static routes on PE
 
Is there difference in terms of CPU load between above mentioned methods or they are more or less the same?Hardver platforms are sup720 BXL and Cisco 7200 G2.

View 4 Replies View Related

Cisco :: WLC 2504 - 802.1X Failure On Win 7 Non-domain Clients

May 28, 2013

I have a WLC 2504(code 7.0.235) installed and two AP 3502 (local mode). RADIUS Server is a IAS runnning on my AD server.
 
I had a domestic AP before Cisco solution, using the same RADIUS server and everything was ok. After migration Windows 7 domain clients and Apple devices connects without issue. However when I try to connect non-domain windows 7 clients into wireless network (802.1X) and got failure. Apple devices out of domain can connect, certificate pop-up appears and connection flows.
 
I check certificates and everything looks ok for me. I remove a windows 7 client from domain and test it too, an got the same error. Certificate are install on windows 7 clients.
 
Could Cisco controller interfering in this authentication process ?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Simulate AD Failure - Cannot Login

Feb 2, 2012

We have an ACS 4.2 installation and we have users configured on the user setup, they authenicate using the windows database (AD). We ran failure tests and simulated AD failure but disabling the firewall rule. So the ACS server is up, AD is down. Tested user login to a switch and get the following error. External DB user invalid. It looks like as the ACS does not get a response from AD it rejects the user login.
 
What we want it to do is in the event of AD failure is to be able to login to the switch with the username configured on the switch. (as if ACS server does not respond)
 
Date Time Message-Type User-Name Group-Name Caller-ID Network  Access Profile Name Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address Filter  Information PEAP/EAP-FAST-Clear-Name EAP  Type EAP  Type Name Reason Access  Device Network  Device Group 02/03/201214:09:13Authen failedtest.testNetwork192.168.1.1(Default)External DB user invalid or bad password....tty310.0.0.1..........SWITCH30Office

View 3 Replies View Related

Cisco VPN :: 5510 Anyconnect SSL VPN Authentication Failure

Dec 26, 2012

I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
 
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
 
Then I have change the profile XML file of my anyconnect in this way: [code]

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved