Cisco Firewall :: ASA 5500 - Command For Creating Read Only User
Jan 13, 2009What is the command for creating a user on an ASA 5500 running 7.2(3) that can only view the config but not make any changes?
View 8 Replies
ADVERTISEMENT
Cisco Firewall :: Create Local User In ASA 5520 To Allow User To Use ASDM In Read-Only Mode?
Oct 10, 2011I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies View RelatedCisco Firewall :: FWSM On 6500 - Read Only User Addition?
Mar 20, 2011I have a customer that has a FWSM on a 6500, I want to create a read only account for them, i believe user privelage of lvl_3 When I log into the firewall it prompts me for a password straight away.
Is there a way that i can create a login that when it prompts me for a password, I can have a password setup to put into that prompt to get a certain level of access, instead of the standard lvl_15 access
Cisco :: 6509 / EEM Command To Read OID Value?
Feb 2, 2012I am trying to change SNMPv2 community string on 6509 remotely, without using expect script. I tried EEM applet (we cannot use TCL scripts), but it does not work. EEM command "action 10 info snmp oid 1.3.6.1.2.1.1.4 get-type exact" is supposed to store the result into an environment variable. It does not. Or at least not in the one that is documented. Is it a bug? We have IOS 12.2(17r)SX5. To get EEM version i ran "sh event manager version" and got "eem: (v240_throttle) 2.21.32". Does it mean i have EEM version 2.21?
View 6 Replies View RelatedCisco Wireless :: Allow User To User Traffic On WLC 5500?
Nov 21, 2012Is it configurable to allow wifi user to user traffic on WLC 5508?
View 4 Replies View RelatedStore Emails Automatically On Network Drive After Been Read By User?
Jul 24, 2012Is it possible to have emails stored automatically on a network drive after email is been read by the user? I know for sure that on a mailserver there is a feature that can be set up to have a copy stored and than send it to the users application.
View 1 Replies View RelatedCisco LAN :: 3750 Configure Read Access Via User-defined Privilege Level
Mar 11, 2013I´m looking for the best configuration to restrict a user to read-only. The restriction should be configured via CLI not TACACS+.
-Hardware: 3750 (probably not interesting for this question)
-Oldest IOS: 12.2(53)SE1
The user should be allowed to: see the running-configurationtrigger all kinds of show-commandsping and traceroute from the device.The user should not be allowed to: upload/delete/rename files on the flash-memoryget into level 15 (not sure if I can avoid this)all other commands despite those from level 1 and those specified above.
Cisco AAA/Identity/Nac :: Creating Internal User Account In ACS 5.2
Dec 12, 2011I have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database .I have near about 600 users all are authenticating through AD .
View 3 Replies View RelatedAAA/Identity/Nac :: Creating More Options In ACS 5.2 User Section
May 27, 2012I Need to create more options on Cisco ACS 5.2 under internal identity store in users. How to do add, default not showing all.i have seen on internet.
View 1 Replies View RelatedCisco :: LMS 4.0.1 - Error Creating User Tracking Custom Report
Aug 9, 2011Using Custom Reports from Reports> Report Designer> User Tracking to create an end host report we get this error message: the syntax is not valid the system cannot find the path specified.
View 9 Replies View RelatedCisco :: LMS 4.0.1 - Error Creating User Tracking End Host Report
Sep 19, 2011I have installed LMS 4.0.1 again. Now LMS is running on a Windows 2008 R2, 64 bit. Using Custom Reports from Reports> Report Designer> User Tracking to create an end host report I get this error message: "The syntax is not valid: the system cannot find the path specified". Anyway, the report is created but I’m not able to edit or delete: it is not listed on Available Custom Reports.
View 6 Replies View RelatedASA 5580 - AD / XP SysPrep And Automatically Creating User Folders
Jan 25, 2012I've only worked with 7/asa5580 in an Active Directory setting. Sysprepping to clone those machines with default profiles with unattends was very easy, but XP is a different story. I'm now faced with moving several buildings with XP machines to a few Server 2008 R2 boxes, which all will all be in one location. There are around 700 machines but this will be a building by building process, maybe 100 at a time over the course of a year or more. Moving these machines to Win 7 is not an option. There are several buildings but they are all in the same town, all connected with fiber. I do not manage the physical network. My plan is to just offer each user thier mapped network home drive and possibly redirected folders. I'm just keeping it basic.
How important is it to sysprep these XP machines after I do clean installs? I've heard it's very important but also know a lot of people on AD that just clone machines without sysprepping. I've heard not sysprepping can screw with WSUS, but in the years up to this point the machines on Novell have been cloned without sysprep and WSUS worked fine.
Also, will Sites give me the advantage of forcing groups/buildings of machines to authenticate to a specific DC? Otherwise I only know of Sites to allow you to control the replication between servers over WAN. What other benefits is there to using Sites for each building?
If I'm running a few DC/FS's, how to handle DNS? Each server that needs DNS installed will have it installed per requirement, but as for configuring the workstations DNS settings, should I dedicate one server to DNS or have two, or something different?
My last question is about folder permission inheritance. My previous experience, I created a folder inheritance system where when the user was created, their home drive pointed to a folder using \%username%, and a folder would be automatically created, give ownership to the user, and inherit permissions to only view that folder and no one elses. It works brilliantly. My problem is that when I use group policy to deploy folder redirections, I couldn't figure out a way to automatically create folders. I ended up pointing the redirection policy back to their own home folder. It ended up working out OK, but whenever the users look in their network drive they could see the redirected folders.
Cisco VPN :: 5500-X Configuration Of ASA For SSL VPN Requiring User To Enter Both RSA
Feb 25, 2013I have been searching but unfortunately not successful in finding appropriate documentation on how to configure the ASA such that a user using AnyConnect SSL VPN client is prompted for their username + AD credentials + RSA SecurID token (all three must be presented/entered by the user) in separate fields before the VPN tunnel is established. On latest version of AnyConnect (3.1) and ASA version 9.x on 5500-X.
View 1 Replies View RelatedCisco Wireless :: 5500 - Associate SSID With Only One User
Apr 2, 2012I have created new ssid and i want to associate only one IP address with this SSID, so that only this user will be allowed to connect to AP. I have controller 5500 series.
View 6 Replies View RelatedCisco AAA/Identity/Nac :: ACS 4.1- Shell Command Works Under User But Not Group
Jul 27, 2011This question might actually belong under tacacs server but it's only happening with the ACE. I've configured tacacs on the 4710 and configured the tacacs server per the documentation. If I enter the shell:<context>*Admin default-domain under the group settings when I login with my tacacs ID my role is set to Network-Monitor. If I set the shell in my specific tacacs ID I'm assigned the correct role as Admin. We're running ACS ver 4.1 and the ACE is A4(1.1)
View 1 Replies View RelatedCisco Firewall :: ASA 5510 - Account Using ASDM Read Only
Aug 25, 2011Is there a way to create an account for the ASA using ASDM that is only read only and cannot make firewall changes?
View 1 Replies View RelatedCisco Firewall :: 5510 - Display User Message When User Connects Using AnyConnect Client?
Apr 20, 2009We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
Cisco Firewall :: ASA 5505 Creating Interface Vlan In Firewall
May 3, 2011I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???
View 4 Replies View RelatedCisco Firewall :: Support Of Jumbo Frames On ASA 5500 Firewall Appliance?
Feb 28, 2010Can any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and not segment it.I have done little checking on the Cisco Website and see it mention of Jumbo frames on the 5580 on 10Gig interface but didn't see mention 5510. 5580s are way over-kill and expensive for what I need is to run a mission critical one IPSec point-to-point with maximum of no more than 100Kbps so 5510 is perfect for me but not sure if it can carry the jumbo frame?
On the routers and switches it's the MTU settings and they are configurable per interface and I am OK and the circuit is T1 which the Telcos said it's OK since it's physical layer so the only unkown is the firewall.
Cisco Firewall :: Creating ACL And Nat Rules On ASA5505
Mar 23, 2012Ive migrated from my lab pix to a lab asa and am trying to open certain ports to my internal network.
in my confg on my pix i had acls to open port 51413 to an inside host along with the static nat rule.
what i am trying to accomplish is same on my asa, however the nat rules seem to be slightly different, and i'm not completely sure how to do it.
My ACL and nat rule is below. I'm pretty certain my acl is correct,but i am not sure as to what to do with my NAT rules to allow a translation for the tcp service.
access-list outside-in extended permit object tcp51413 any object outside nat (inside,outside) source dynamic all-inside-nat interface
Cisco Firewall :: Creating Subinterface In ASA 5520?
Jan 31, 2013I am in a non-admin context mode in ASA 5520 8.0 (5) and i m trying to add a new interface
GigabitEthernet1/2.4 172.19.4.1 255.255.254.0 manualGigabitEthernet1/2.6 172.19.6.1 255.255.255.0 CONFIGGigabitEthernet1/2.180 172.19.180.1 255.255.252.0 manualGigabitEthernet1/2.190 172.19.190.1 255.255.254.0 manualgvadc-fw/tgf# conf tgvadc-fw/tgf(config)# int ggvadc-fw/tgf(config)# int gigabitEthernet 1/2?
configure mode commands/options:1/2.180 1/2.190 1/2.4 1/2.6gvadc-fw/tgf(config)# int gigabitEthernet 1/2.168 ?ERROR: % Unrecognized commandgvadc-fw/tgf(config)#
what do i do?
Cisco Firewall :: ASA 5505 - Creating NAT Rule
Mar 7, 2012Our external security department needs to scan, every three months, a computer behind the firewall. I need to create a simple NAT rule that will allow an ip address or subnet to the computers behind the ASA 5505. At the moment, we have a simple NAT rule which allow all network traffic to exit from inside to outside.
View 19 Replies View RelatedCisco Firewall :: ASA 5500 - Get Firewall License To 500 Users?
Jan 25, 2012I purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)
Cisco Firewall :: ASA 5520 - Creating Host Objects Via CLI
Nov 3, 2011I am trying to create host objects that I'll then add to network-object groups for use in ACL/ACEs.When I try to create a host I am having trouble adding the IP address.I then get an error saying the host name must start and end with letters or numbers and only contain letters or numbers. What do I need to do to create hosts from CLI?
View 2 Replies View RelatedCisco Firewall :: ASA5512 - Creating Routing DMZ Inside
Jan 15, 2013I have a little problem creating a network infrastucture with an "inside", "dmz" and an "outside" network on my ASA5512-x 8.6(1).
I have have clients and servers with the networks 10.0.1.0/24, 10.0.2.0/24 until 10.0.12.0/24 on my inside interface. Then I have two servers 10.0.254.50/24 for SMTP and 10.0.254.70/24 for HTTPS in my dmz network. The outside interface is one static IP to the Internet.
Cisco Firewall :: ASA 5505 - Creating Simple Static IP
Mar 22, 2012I have created a simple static ip address by using this command:
interface Vlan1
nameif inside
security-level 100
[Code].....
But, no matter what, the I can't ping the static address or access the computer 10.2.1.2 from outside of the asa 5505. I have attempted to ping from inside of the asa 5505 or from another computer. I just does not work.
I also have created several rules that allows icmp traffic.
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit 10.2.1.0 255.255.255.0 inside
icmp permit any echo-reply outside
icmp permit any outside
Cisco Firewall :: ASA 5510 Object Groups / Creating New ACL
Jul 20, 2011I have an ASA5510 where I have defined object-groups and then associated them with a specific ACL. Our ISP is pulling their point of presence from where I live and I am force to move to a new ISP. I am in the process of setting up another interface for the ASA5510 to connect to the new ISP.
My questions is can I create a new ACL lets call it new_access_in and use it with the same object groups that I have already defined? I know that I can only have one ACL bound to an interface, and will bind this new ACL to the new interface I am setting up, but I wasn't sure if I could use the same object groups and connect them to a different ACL. I really don't want to have to create new object groups if I don't have to.
Cisco Firewall :: Creating Access Rules On ASA 5520 Platform
Aug 2, 2011Our company has recently upgraded our firewall from a Borderware Steelgate v7.1 platform to a Cisco ASA 5520 platform. Needless to say the interface on the Cisco platform is much more complex and I don't have much experience working with firewalls. Our other IT guy is out of town and this is the first time I have worked on this setup.
I need to create the following access rule
I need to open port 4**0 to be allowed through the firewall from external ip address 10.XXX.XX.XXX only. Then forward port 4**0 to 10.XX.XX.XX port 80 tcp
Cisco Firewall :: 6509 -Creating FWSM Intra-Chassis Redundancy
Oct 27, 2011Currently we have two inter-chassis FWSM redundancy. I would like to configure them for intra-chassis.
Both FWSM's are in slot 7 of 6509 switches and i want to take secondary out from one of the 6509 switch and insert in the slot 3 of primary switch.
I addedd the following commands in my primary switch.
There were commands already present for FWSM in primary switch
firewall multiple-vlan-interfaces
firewall module 7 vlan-group 1
firewall vlan-group 1 2,3,777
to create intra-chassis redundancy i addedd the following command also there.
firewall module 3 vlan-group 1
after adding that, my firewalls worked fine but there was a issue with site loading. People from outside were able to access inside but from inside, we were not able to go outside.
do we need to clear arp from both FWSM's ? is there any other precautionary step, which we need to follow while working on it.
Cisco Firewall :: 5520 High Memory Usage And Error Creating Access Rules
Feb 13, 2013I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error..So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
Cisco Firewall :: ASA 5500 Configuration For VC?
Aug 13, 2012i have to open ports for vedio conferencing in my Firewall configuration ,
View 1 Replies View RelatedCisco Firewall :: ASA 5500 Ssl Vpn Required
Jun 14, 2011I have two ASA 5510 with Security Plus license and Shared SSL VPN licensing enabled.
The problem is that the client get “Session could not be established: session limit of 25 reached” but ther is only 6 ssl vpn user connected with AnyConnect.The software on the firewall’s is 8.2(1)Is there any BUG in this software related to this problem?
Cisco Firewall :: Monitoring SMTP On An ASA 5500?
Mar 5, 2012I have an ASA 5500 Firewall. I need to figure out how to log all events using Port 25 to determine if there are any rogue devices on our network. I was trying to figure out how to do this via the Real-Time Monitoring (filter) but have had no success.
View 1 Replies View Related