i can access app store on my iphone at home and other broadband connections but cant access at work. thinking if it would be the asa thats stopping htis. i have allowed port 3689 but no joy.
View 3 RepliesI have a cisco ASA 5505 . I need to store " show capture 'word' ( where is a variable) output to syslog server for analyzing packet and port .
View 2 Replies View RelatedI have a repating 2901 router failure when people attempt to download Apple Mac OS X Moutnain Lion upgrade from App Store.
The 2901 just hangs following getting a series of ZBFW packet drop failures:
001928: Jul 26 22:37:18.783 UTC: %APPFW-4-HTTP_PROTOCOL_VIOLATION: HTTP protocol violation (0) detected - session 192.168.223.109:49310 184.25.254.67:80 on zone-pair ZP-PRIVATE-OUT class ccp-protocol-http appl-class ccp-http-blockparam
[Code].....
Just brought an ipod and downloaded itunes but my laptop wont connect to the itunes store, it says basically it cant connect and that i need to take a look at my network settings? I have this same problem with steam aswell and got so frustrated i ended up deleting it even though i have games on there.
View 7 Replies View RelatedSituation: I have a File server, name is \fileserver and ip address is: \192.168.1.254The shared drive on the server is split into 2 folders which are: Data and HomeI have 17 laptops which all connect to these folders via a group policy which maps the L: to Data and the H: to Home. On 4 of the laptops, for some reason I can't access the Home folder as I get an access denied message. I am the administrator and have full rights. On the other 13 laptops it works fine. I have found that if I try connecting using the IP address \192.168.1.254Home, it works fine.[CODE]
View 10 Replies View RelatedI'm trying to authorize managment access for HP ProCurve Manager via ACS RADIUS. But I get the failure: 15015 Could not find ID Store Machine is configured under Network Devices and AAA Clients, the sevice selection rule selects the correct access service, Access Service is Network Access, authorization profiles = permit access.
View 2 Replies View Relatedare the connections between the ACS and external identity stores encrypted?I know that when setting up LDAP identity store there is the option to specify SSL conection. Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?
View 3 Replies View RelatedUsing Sha1 for Cisco 7925g and sha256 for data. Two separate CA's, one EnTrust (SHA1) the other Local Wondows CA (SHA256); ISE can only use one at a time to process a particular protocol (ie..EAP-TLS, HTTP, etc...) As a result we have to have a separate PSN just for Wireless and Wired VoIP (which can only hold SHA1 RSA1024).
View 5 Replies View RelatedWe use Cisco LMS Prime 4.1 to archive our Cisco Equipment configurations.
Now we want to store the configurations off site.
My dad has an issue with his Windows 7 home edition laptop, he cant get any updates on AVG, Itunes or access the itunes store, he keeps getting error messages denying access. Hes using the 64bit Itunes lastest version (I uninstalled his very out of date itunes last night and downloaded the new version) but still the store wont open
View 14 Replies View RelatedHave spa module on 6509E experience that error:
!
sh log | b crash
SLOT 3: Aug 18 12:52:10 CST: %CARDMGR-2-ESF_DEV_ERROR: An error has occurred on
Ingress ESF Engine: Control Store Parity Error
SLOT 3: Aug 18 12:52:10 CST: %ESF_CRASHINFO-2-WRITING_CRASHINFO: Writing crashin
fo to disk0:crashinfo.esf_20110818-175210
[Code]....
My Location Free has recently stopped letting me access the App Store, Itunes store and Facebook. Someone suggested I change the channel, but not sure how to do that.
View 1 Replies View RelatedThe following messages are filling up my syslog.
*spamApTask0: Nov 09 15:59:29.071: %LOG-3-Q_IND: capwap_ac_reassembly.c:652 Unable to store capwap fragment from 88:f0:77:b6:fd:00.
*spamApTask3: Nov 09 15:59:27.616: %CAPWAP-3-REASSEM_SPACE: capwap_ac_reassembly.c:652 Unable to store capwap fragment from 88:f0:77:b6:fd:00.
What could be causing it? I am using 1524 APs in a Mesh environment with a WLC 5508 (7.0.116.0) which is connected to a H3C switched network.
The MAC addresses above are from my MAPs and I don't think I am getting it from the RAPs.
Is P S 3 the best way to connect netflix to TV and can you store movies in the P S 3 Hard- Drive
View 1 Replies View Relatedhow can i store urls used by the client side in the server using java
View 1 Replies View RelatedIs it possible to have emails stored automatically on a network drive after email is been read by the user? I know for sure that on a mailserver there is a feature that can be set up to have a copy stored and than send it to the users application.
View 1 Replies View RelatedMy WRT54GS worked perfectly till 3days .. everything works perfectly it just that i cannot get connection to itunes store neither over wifi or on my pc .. when i disconnected my router and connect my pc directly to the modem .
View 1 Replies View RelatedI can't download an app from Google Play Store. I can download from my 4G network but not the wifi - Belkin F5D8236-4 V3. Google troubleshooting says the firewall is blocking the 'ports required for Google Play to download (TCP and UDP 5228) on that network.' However, with the firewall 'disabled,' the download is still not working.
View 4 Replies View RelatedI use a BEFVP41 VPN router. I have changed several settings. How can I backup these settings and store these settings in a save place.
View 3 Replies View RelatedI have a new techni colour wifi router TG582n which has a usb cobnnection in the side. I also have a new Samsung 400 gig external hard drive can these be linked to make a wifi hard disc store.
View 2 Replies View RelatedI have a new Cisco Secure ACS 5.2 on a VM. We want to use it to for administrative access to our Cisco equipment with TACACS+. I am trying to map user permissions to different groups of devices based on active directory group membership, however it is not working.
I am using an LDAP (configured for secure authentication) external identity store. On the directory organization tab, I have confirmed the accuracy of the subject and group search base and the test configuration button shows that it's finding > 100 users and >100 groups.
On the directory groups page I have entered the groups according to the required format. cn=groupname1,ou=groups,dc=abc,dc=com
I have a rule based result selection under group mapping. I have two rules in the format below.
Conditon
LDAP:Externalgroups groupname1
Result
Identitygroup1
I have the default group set to a identity group named other. My problem is, no matter what user attempts to authenticate, the Default rule is applied, and the user is put into the other identity group.This occurs when I log on as a groupname1 user, groupname2 user, or as user that is not a member of either of those groups. LDAP authentication works and the user is able to logon to the device.
We are using ACS 5.2 and we are trying to create a Microsoft Active Directory (AD) Identity Store. We have a user to be used in the Active Directory creation General page and we would like to know how the test communication / ACS to AD communication takes place.
Our user is a predefined user in AD and has admin rights, but the password expires every 60 days. Will this affect the communication between AD and ACS 5.2 at everytime the entered user's password expires?
I'm currently looking for a solution in order to restrict the modification of the host internal identity store (add or delete MAC host) per group. The default administrator roles does not include "per group restriction". Under the ACS I defined one group per department? My objective it to allow each department to access their ACS MAC database to add or delete MAC addresses as required.
How to restrict internal identity store per group?Do I need to create new roles? and how?I was not able to get an answer from the ACS ADMIN manual.
We have a ACS 4.3.2 installed with users authenticating against an Active Directory database. The AD database not only authenticate the users but also assigns the group that is used to select IP address pool.Now the requirements require to use token authentication with SafeNet. This authentication uses the same username but the password is composed of the original password + OTP.The problem is that the SafeNet server doesn't return the group membership.I've read about the Identity Store Sequence in ACS 5.x and I think I could use it in the following sequence:! configure an Authentication Sequence using the SafeNet token server (this works with ACS 4.x)I configure an Attribute Retrieval Sequence against the AD database. This would use the username only, no password and would retrieve the group membership.
View 1 Replies View RelatedI have installed ACS 5.4 and we are looking to authenticate our Anyconnect users with ACS via Active Directory. I think I have the correct commands in our ASA ( we had ACS 4 and authenticated our anyconnect users ).
I also have configured ACS to use Active Directory and installed the server side cert in ACS. I'm just uncertain how to program ACS to use the security group that I have setup in Active Directory.
I am trying to setup PEAP authentication for wireless users but I got stuck at place where I have single ssid and users are store in different identity stores like some will be using their active directory and some are locally created users on ACS. I created separate service for wireless authentication and under that I am unable to create rule to differentiate them with identity stores. any idea how to achieve this.
I tried creating identity selection based on role but it does not work as for protocol like radius.peap,ms-chap ACS does not look for another identity store once user not find in an identity stores.
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
View 9 Replies View Relatedi have a cisco 837.I need hardening the access and firewall rules. I dont understand ip inspect.
View 1 Replies View RelatedI have an ASA 5520 in my company which does all our NAT and Firewall access control. Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created. This is a test before the web app is released live. Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through. Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?
View 2 Replies View RelatedI have a server behind an rv042 that i would like to block access to on one port from outside in. I have configured the rule as follows:
priority = 1. policy name<name>. enable<checked>. action = deny. service <service to block>. source interface = wan1. sources = any. destination = <public ip address of server>. day <nothing>.
This does not block the intended port from outside. I also changed the destination to be the private ip address and i changed the source interface to LAN and to *. What is the correct syntax to do this?. Port forwarding is enabled. I noticed that there is one entry in the forwarding table for the public ip but it is going to a dead private ip address. Would this have an effect?
i am using Cisco ASA5510 Firewall in my Network in the distrubition Layer .Private Range of Network Address use in the Network and PAT at the FW for address translation.presently encountering an issue the users behind the FW in my network unable to RDP at port 2000 presented at the Client Network.Able to Telnet on port2000 but not RDP . any changes needed at the FW end to get the RDP Access.
View 12 Replies View Related