i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.It is possibile to generate an email or similar automated process to notify administrators on these audits?
Â
(version in use 4.7.2)
We have a PIX 515E running ver 6.3 and we want to implemente some sort of logging to keep track of who/when logs in to the PIX and if they make any config changes or to the file system. All of this is for forensic purposes in the future. I have already looked at some PIX docs but I don´t seem to find what I am lokking for.
View 1 Replies View RelatedA simple question - I have ASA 5520s and was wondering what license is required to create multiple (more than default 2) security contexts.
The ASA already have ASA 5520 VPN Plus license.
Â
Software Version 8.4(1)
I'm using NAC 4.8, and I'd like to login using NAC Web Agent on Ipad. When I'm trying to do that, I'm receiving a message on Ipad that I need to install Java Plug-In, but there is no JavaPlug-in available for Ipad. Any additional configuration that I have to do on NAC Manager to be able to access the network using NAC Web Login on Ipad ?
View 3 Replies View RelatedWe have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
Â
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
We have some Windows 7 clients that are running the 4.8 agent. NAC will process the user and move them to the trusted vlan. However, the agent stays open and appears to keep running/processing something. THe user can minimize the agent and work normally, and a reboot appears to fix the issue.
View 5 Replies View RelatedI have a Cisco 7200 acting as the DHCP relay agent on my network. From a security standpoint, I want to disable the bootp server, with 'no ip bootp server'. What bearing, if any, does 'no ip bootp server' have on DHCP activity?
View 8 Replies View Relatedcan i change my nat type from type 3 to type 1
View 19 Replies View RelatedI have a blackberry bold 9700 thats unlocked , i bought it is miami and im back in trinidad . I connected the phone to my wifi at home but when i went in browser tha promt message saying ata connection refused to the wireless network and your blackberry cannot connect a data session to the WAP gateway.
View 1 Replies View RelatedI have some LSA type 5, I want to change it from type 5 to type 3 before send to another Area, How can i do it?
View 1 Replies View Relatedme what are the best Free tools to do a Network Audit (Thoughput, speed linksswitchs usage, analyse network topology.. etc)
View 7 Replies View RelatedIn our network we use cisco WS-C6509-E (R7000) Backbobe switch. We want to route syslog to log server.But I couldn't do it. How can solve this problem?
View 7 Replies View RelatedI need to understand why change audit report reports an unused username Name of the user who performed the change. This is the name entered when the user logged in. It can be the name under which the LMS application is running, or the name using which the change was performed on the device. #The User Name field may not always reflect the user name. The User Name is reflected only when: A config change was performed using LMS. #A config change was performed outside of LMS, but the network has username-based AAA security model, wherein authentication is performed by an AAA server, which could be TACACS/RADIUS or local.
View 2 Replies View RelatedACS and i would like to know how to enable the "Configuration Audit" for someone login to my network devices using their ACS login and i can monitor what they did on it.
 Â
ACS Version : 5.2.0.26
We are trying to finally get rid of a couple old 3060 concentrators and would like to see how many active connections are still on. Is there any reporting that can be seen from the concentrators?Â
View 3 Replies View RelatedSometimes our network lag and i thing there is a computer making this problem. i'd like to audit all input output of all port of a Catalyst 1900. all i manage to do is to enter to the console menu via Telnet.. once here, i try monitoring but i'm afraid to do a bad thing :
    Catalyst 1900 - Main Menu
Â
    [C] Console Settings
    [S] System
    [N] Network Management
    [P] Port Configuration
[Code]...
When performing an audit from NCS Prime 1.3 on our 5508 controllers (500 lic)Â we are getting mismatch messages from many of our 3602i AP's that say the following...
Â
(Type)Configuration Name    Audit Status             Attribute          Prime Infrastructure Value    Controller Value
 (AP APname, Interface) 802.11a/n    Mismatch    Spectrum Intelligence     true                                      false
 Â
These AP's are not configured as Spectrum Intelligence on the controllers, rather as local. It seems that NCS believes that they are supposed to be SI. We have refreshed the config from controller many times but this does not change. The 5508's run v.7.2.111.3 Is there a change I can make on NCS or otherwise to make this mismatch go away? Is this a bug? It is not causing any problems (that we can see) but as most would rather not have these mismatches.
I'm using ACS 5.4p2 within distributed systems: one primary and one secondary instance.For now, primary instance is acting as Log Collector server and I can see any AAA audit logs.
When the primary instance fails I can authenticate successfully using the secondary instance.However, when primary instance comes back, I'm not able to see any audit logs operated by secondary.
I have noticed that under the Device Change Audit list under the configuration dashboard. LMS lists the wrong user for the last change. For example. User ABC performed a change on a switch yesterday but switch shows user XYZ has performed the change.
Â
e.g.
Â
SwitchA
Â
! Last configuration change at 16:27:06 AEST Mon Aug 15 2011 by ABC
Â
User XYZ then performs changes on switchB, switchC. These show up correctly. but the change on switchA shows user XYZ instead of ABC.
Â
User XYZ has never logged into the switchA in question.
My cisco works LMS3.2 is not showing recent configuration of my Cisco devices. also it dont show any change report on last 24 hours or even if i select x number of day, looks like its not saving any changes made on devices.
Â
today i logged in and cisco ASA was showing this in status as well Configuration Last Archived Time  May 03 2012 11:27:46 EDT on checking i could see it is same date when cisco ASA was added in cisco works. do i need to click some where for auto update configuration changes and latest confoguration in cisco works setting?
I want to configure IOS SSL VPN on C1941 Router. let me know if any additional License is required for that.
View 1 Replies View RelatedI have a cisco 2811 router set up as a nat/firewall gateway for my network. I've configured it for CBAC on using ip inspect and an access list.What I want is to use audit-trail to record network traffic (which means sending syslog messages to a server) concerning established sessions from my own network to locations in the outside. If i configure this using ip inspect audit-trail and no ip inspect alert-off, the configuration looks like this: [code] which works just fine, but there is the matter of icmp packets.
Â
Since i use polling software that needs to check some machines in the outside part of the network, it is only natural that several icmp sessions are established through the Inspection Rule per minute. The problem is that since these sessions are recorded along with everything else, my syslogs are flooded with these (since i am using logging trap informational) to the point that more messages are generated about icmp than all other traffic combined, especially in non-working hours.What I am asking is a way for the audit-trail to be selecively disabled for icmp, so that the outgoing (echo) &incoming (echo reply) sessions can be established without generating syslog messages.
I need 3925 router and i want to install SM-ES3G-16-P etherswitch module with PoE into it. So my question is do I need PoE power supply or not? Will PoE ports on this module work with basic AC power supply?
View 2 Replies View RelatedI am upgrading 6500 switch from old ios to new one and the new one requires 512/512 memory to be free below is the show ver and sh sup-bootflash,
Â
sw-cta2-i8-off>sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-VM), Version 12.2Â Â Â Â Â Â Â Â Â Â Â Â Â
[Code].....
I am trying to load the anyconnect VPN client package v3 for windows and Mac on ASA 5510. The ASA has 256MB for RAM and Flash. After I uploaded pkg files and selected the 2 files and applied from ASDM, ASDM spots responding...
Â
I tried to tftp the running config from ASA to my laptop to analyse but got "No memory available" message...
Â
So it seems like the "unzip" process of the pkg files used up memory... what is really the requirement of the mini Memory/RAM on ASA for hosting anyconnect Clients for 2 OS platform? Requirement on Cisco web site is kind of vague.
I am looking the power requirement for 6506E in data sheet and it shows that is support 3000, 4000, 6000 & 8700W. I have currentely 4000W power source for my new 6506E switch. will it work with below modules in new 6506e ?
View 2 Replies View RelatedI want to know if its nessary to install Certificate authority on your radius server. If we have a CA server already in the domain can we use that for this purpose or we have to install certificate authority on our DC.Â
View 1 Replies View RelatedI would like to know if any additional power would be needed for a 3845 (currently with one (1) NME-XD-48ES-2S-P) to which another 24-port switch module is added. Thus, I would have two (2) switch modules on the 3845 for a total of 72 ports.
Â
I have been unable to find specific power requirements detailing the requirements with 1 ethernet module, 2, etc.
Last month I was reviewing following Cisco document, in which Cisco mentioned that ""To avoid possible memory fragmentation in the forwarding information base (FIB), Cisco recommends that the switch processor (SP) DRAM to a minimum of 1 GB ""
Â
[URL]Â
Â
Since this document has been revised in Oct 2011 and, I can't no more find the above memory recommendations.
Â
I want know if any one using WS-SUP720-3B with IOS SXI6 and Cisco ACE30 has gone for upgrading the SP DRAM from 512MB(default) to 1GB ?
We have a old Cisco ASA5540 firewall running on firmware version 7.0 and also a Firewall Service Module (FSWM) running on firmware version 2.3.
Â
My question is if I would like to upgrade the Cisco ASA5540 firmware version to 7.1 above and the FWSM firewall version to 3.1 above, any requirement on the memory size or hardware to perform the firmware upgrade activity, do I require to do some memory or hardware module upgrade activty first before the firmware upgrade ?
Â
Any restriction, shortcoming and pre-requites to do before the firmware upgrade activity ?
Unforunately I have not been able to find any IOS version requirement for a brand-new 1000BASE-LX10 SFP (MGBLH1) in the internet.
The IOS version in use on this stack is:Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
[Code]...Â
I have searched for this error and beside a third-party module (this is a Cisco SFP) the reason could be that newer IOS version is required. Before I'll request an IOS update to the stack with our internal team, IOS version required for this module to run properly and maybe a link to an overview to lookup such requirements in the future.
I have cisco 3750 with ipservices license and I am running with c3750e-universal-mz.122-50.SE2. And I would like to upgrade the IOS " k9" IOS. ie c3750e-universalk9-mz.122-50.SE2. Is there any license required for that ?Also any difference in the IOS upgrade procedure.
View 1 Replies View RelatedI have a dozen or so SG300 switches and a few months after configuring and deploying them, I have noticed that as I'm logging back into them, I'm being told that I'm required to change my password as it has expired. The problem I have with this is that we pick a super complex password and stick with it because we have bots that telnet to the switches and pull configs and make config changes. I do NOT wish to have this enforcement turned on for these switches and I think it should be an option but neither the Admin Guide, the command line, nor the GUI seem to have any mention of this "feature". how to disable this feature?
View 3 Replies View Related