I have configured 3355 NAC appliances in HA pair everything is running fine.But not able to Login through GUI (Virtual IP) which is used during the configuration of HA pair.
View 1 RepliesI have an MSE 3355 running 7.4.100.0, Cisco Prime Infrastructure 1.3.0.20 and 6 wism2 running 7.4.100.0. MSE was correctly added to Prime and assigned to maps and controllers. Context Aware Service is Enabled and Up and I have a permanent license installed with a limit of 3000 elements. The appliance is not able to perform client or rogue tracking. This is what I see under Services->Mobility Services Engines->Context Aware Service->General:
Version7.4.0.38 Operational StatusUpNumber of Tracked Wireless Clients0Number of Tracked Tags0Number of Tracked Rogue APs0Number of Tracked Rogue Clients0Number of Tracked Interferers0Number of Tracked Wired Clients0Total Elements Tracked0Tracked Elements (Wireless Clients, Rogue APs, Rogue Clients, Interferers and Wired Clients) Limit3000Tracked Tags Limit 3000
My company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies View RelatedI have a pair of 5520s running 8.2(3) in failover active/standby, routed mode. I have an issue with SSH as it's stopped worked after a short time, less than 8hrs during the network being installed, telnet is working fine as is https/asdm. I have re-created the crypto key and the ssh access is allowed. When I try to connect I just get a flashing cursor, telnet to the ip and port 22 also works.
View 1 Replies View RelatedI have two ASA 5505's with Security Plus licenses on both.I am trying to force them to becoming an HA pair using active/standby.When I enable failover I get this message:
Mate's license (Licensed Cores ) is not compatible with my license (Licensed Cores ). Failover will be disabled.Do I need to apply new licenses to the ASA's?
Device licence details (same on both):Cisco Adaptive Security Appliance Software Version 8.2(1) [code] This platform has an ASA 5505 Security Plus license.
I have recently configured a pair of ACE 4710 appliances in a FT group. The ACE's are deployed in one-arm mode, using Source NAT, with all routing to and from being done by a pair of PIX firewalls.
My configuration does not include the use of an "alias" IP address on the data VLAN interface within each of my contexts.
My understanding is that the "alias" IP address is similar to a HSRP address and if the ACE is deployed in Routed mode the default gateway for the servers can be configured with the "alias" address so as this is always available even if a fail over occurs.
if this is a correct interpretation and of use of the "alias" IP address and if so whether it is required when using a one-arm mode topology?
I want to implement Active/Standby cluster with a pair of 5550 ASAs and I have a licensing question. Here is the "sh activation-key detail" output from both devices...
ASA1:
sh activation-key detail:
Serial Number: XXXXX
No active temporary key.
Running Activation Key: XXXXX XXXXX XXXXX XXXXX XXXXX
[code]....
This platform has an ASA 5550 VPN Premium license.The flash activation key is the SAME as the running key.So it looks obvious that I'll have to upgrade the first ASA to support 25 SSL VPN Peers in order to build HA cluster, right?Now I want to know do I need the "ASA5505-SSL25-K9" license or something else.
I am unable to get my 4402 and 2504 to pair in mobility, I made short video to explain my issues.also do not worry there is no propritary information in this video, I am working on a lab that does not mirror any production networks.
View 6 Replies View RelatedI need to create a vpn connection between two ASA firewalls and when trying to create this AI get an error message below, The config I was to use is -
object net-local
Subnet 10.51.212.1 255.255.255.0
object network net-remote
subnet 10.10.2.65 255.255.255.0
ERROR: network IP address/mask <10.10.2.65/255.255.255.0> doesn't pair
I have installed the Phone Remote software [URL] on the torch and playbook but am not able to pair them together.The FAQ's and directions have been followed painstakingly but have not any success. My router is knowledge is basic but read through the manual and have been searching the net for answers. I have uPNP enabled and no firewall.
View 2 Replies View RelatedHow I enabled the Virtual Keyboard on the main portal page on our ASDM v6.0(2) ASA v8.0(2). I remember seeing the option once upon a time and now i can't seem to find it.
View 2 Replies View RelatedI have one dedicated IP issued to my home, along with another dynamic one if I need it(but I don't use it). I have a webserver, mail server, and name server up and running on a single machine exposed to the internet with my static IP. I have a domain name registered to my IP address. My webserver and name server work great, but I am having difficulty with the mail server. In order to have mail work correctly, I have been told that I need to get reverse DNS setup for my domain (something I had neglected to do). My nameserver responds to reverse lookups correctly when issued locally, but it looks like queries from the internet never reach it (I think my ISP catches requests upstream). I contacted them and they put a PTR record in for my IP pointing to ns1.mydomain.com. This all works fine, but the thought occurred to me that if in my hosts file I put my MX record in as mail.mydomain.com., any mail clients that do a reverse lookup of my IP won't get mail.
View 6 Replies View RelatedI've installed version 4.8.02.0010 of the VPN client onto a Dell Latitude D820 laptop. When I attempt to connect, I get this message. There are no firewalls running (I disabled the Windows XP firewall) and I'm running under Service Pack 2 with all of the latest security patches from Microsoft.
I even tried un-installing the client and using an older version (4.8.00.0440) and it reports a similar error in the Log file.
I'd prefer to NOT have to wipe the laptop and reinstall the O/S if I don't have to. This is the only laptop that I've experienced this problem with but it's also the first Dell Latitude D820 that I've attempted to install the client on.
Is there a problem with the Dell Latitudes and the VPN Client? Is there another way around this other than a wipe and re-install?
ASA error message: 16/ERROR: Unable to start VA, setup shared queue, or VA gave up on shared queue.Win 7 x64 client says: "The VPN client driver encountered an error. Please restart your computer or device, then try again."Client Event Log (AnyConnect): "The VPN client has sent the following close message to the gateway: Unable to start VA, setup shared queue, or VA gave up on shared queue."ASA 5510 running latest 8.41(1) and ASDM 6.4(1). Client is latest 3.0.1047.
View 2 Replies View RelatedWe have a pair of N7K distribution switches connected to a pair of N7K Aggregation switches.We run vPC on both pairs of n7k's.
-n7k-d1 has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC1)
-n7k-d2 also has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC2)
My problem is that Spanning-Tree is blocking PC2 and all traffic from n7k-d2 is traversing the Peer-Link before reaching the Aggregation layer. Is this the best design for connecting two pairs of n7k's with vPC or if a better design would be to connect all 4 links into the same Port-Channel and vPC?
one of my SNMP server 10.242.103.42 sits in MZ zone,and ACE 4710 is connected to core switch,coreswitch is connected to firewall asa.
Now iam trying to ping from MZ zone SNMP server to loadbalancer ip 10.242.105.1,iam unable to ping my LB interface to discover SLB on my SNMP server.
We use RVL 200 to establish VPN connections. Now we have the problem that no VPN connection is established.
The same problem with Windows 7, but also with Vista Buiness, using administrator account, IE8, trusted sites, ActiveX enabled ...Message: Virtual Passage Setup:Error: Virtual Passage not installed. Please install as administrator.
I'm using NAC 4.8, and I'd like to login using NAC Web Agent on Ipad. When I'm trying to do that, I'm receiving a message on Ipad that I need to install Java Plug-In, but there is no JavaPlug-in available for Ipad. Any additional configuration that I have to do on NAC Manager to be able to access the network using NAC Web Login on Ipad ?
View 3 Replies View Relatedi have in my network firewall ASA 5510 but the problem i cannot login to my firewall thru telnet or ssh even ASDM or bowser this is my configuration :
ASA Version 8.2(5)
!
hostname Amco-ASA
[Code].....
I did an ISE 1.1.1 installation on a VMWare with ESX 5.0. After installation I am not able to login with my credentials(username admin, password XXXX) I can ping my ISE server after initial installation but I can not ping my ISE server after full installation.I did the installation several times and even did it on a VM with differrent VMversion.
View 3 Replies View RelatedI've got a router on which I run a backup/media/print server, a couple of computers and a voip box. My router has only four ethernet lan sockets which are thus all occupied by the above, but I need to attach at least one further device b
Secondly, could a splitter such as >> this one << do the job? I'm guessing this basically split a single 4-pair ethernet connection into two 2-pair ethernet connections.
My college uses cyberoam for all network security. On windows i can successfully log into my account without any problem. But when I do the same on ubuntu(tried on various versions but failed!), the client returns "You are not allowed to login from this machine." I did the same thing as the instructions from the website said, but failed.
View 4 Replies View Related'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.Then the enable password.
View 1 Replies View RelatedEverytime I boot up my Winows 7 desktop the new E900 requires a security key to login.
Can't seem to get the settings right to automatically login like my laptop does. Routers can be humbling.
i recently upgraded our Ciscoworks LMS from 4.0 to 4.1. after i installed the upgrade the admin login doesnt work, neither does any other account. i have tried resetting the password but it doesnt work.
View 3 Replies View RelatedI configured a new SG-200-08 with a static IP. I tried to save the configuration as the startup configuration. After 10 minutes, I restarted the switch. It didn't boot with the new configuration, and returned to the default .254 and default pw. Now I cannnot assign a new pw or get past the change the pw page. When I try to save a new pw, the switch reboots and prompts me to change from the default pw. I tried resetting the switch by depressing the reset button for a long time, but results are the same. LED indicators are green with a flashing green indicating the .254 address and a solid green on the port where the switch is connected to the computer. How can I reset the switch or get passed the change your pw page?
View 3 Replies View Relatedif we are unable to login into switch how can we identify at which port of switch loop is there ?
View 3 Replies View RelatedUsing AnyConnect Secure Mobility Client, logging into ASA5540. After I put my credentials in, I get the banner message (from group policies). After I accept that, I get another pop message stating:It looks like a pre-set message. Where can I disable and/or edit this message?
View 4 Replies View RelatedIs there any way to do layer 3 security like a web login to an LDAP server on the wireless portion of the SA 520W?I'm asking because we have this set up on many of our Cisco Wireless Controllers and I would like to do it on the SA520's as well. I'm not sure if it's supported though.
View 2 Replies View RelatedWe are unable to login at Cisco 6509 switch, due to username and password not working. We have tried to recover the password as per Cisco document, but that is also not working. This switch is our Primary Switch in our network.
View 8 Replies View RelatedI have not worked with ASDM in a while. I have a 5510, with asdm-645.bin in the flash. The device runs version 8.4(2). I can download ASDM from the http interface of the firewall from the management interface. But I can not log in. I have used blank username and password, no username and enable password, blank username with enable password and a few other permutations. I then tried to connect to the asdm interface from inside also. But I can not connect. Needless to say, I have enabled http, and updated the http access-list. The only logging I have enabled is buffered. Is there any configuration that I am missing? Shall I cut and past the config?
View 4 Replies View RelatedI have a WLC 3750 and use the web authentication method with the internal login-page. Now I would like to add a link to a PDF document which is supposed to be available before logging in. In other words: Clients connect to the W-LAN and get access to the login-page. They can download the PDF document (which has by the way a size of ca 10MB) from the login-page and after that they login to get access to the internet.
As far as I understood the manuals I won't be able to use the internal login-page because the size of a file is not allowed to be bigger than 1MB.So I thought about using the external authentication by using the webserver of my website. Unfortaunely the IP-Adress of my website doesn't work. Behind this IP-adress there's more than one website hosted. So I can't use my webserver either ...
Is there any other possibilty to add this PDF (size 10MB) on the login-page? Maybe I can add my website to a kind of a "pass through list" which is accessible even without authentication?
I am having two dc switches with FWSM modules installed. DC switch1 FWSM (Ver 3.2(12) is wokring as active and Secondary DC switch2 FWSM (ver 3.2.(12) is in standby mode.
From yesterday I am trying to login primary FWSM, It is accepting my username and credentials but prompting again for username please refer below
DXB-DC1>session slot 5 p 1The default escape character is Ctrl-^, then x.You can also type 'exit' at the remote prompt to end the sessionTrying 127.0.0.51 Open. [code]