I've got a Cisco 851 running IOS12.3. I'm trying to install a SSL Certificate but after following all the instructions and installing a CA certificate I'm not getting the full chain of authority in a browser just the devices certificate itself. I've repeated the installation process using individual CA certificates all up and down the chain but still the same results.
View 1 RepliesIs it possible to generate CSR using SH1 instead of md5 on Cisco 1841 for SSL VPN, because the provider that I try to use doesn't accept md5. Also tried to import there private key and got an error "Error: invalid PEM boundary"
View 4 Replies View RelatedI have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.
View 2 Replies View RelatedWe have the acs server which has the ssl certficate(certifcate authority) running in acs 3.2 windows version for eap-tls enduser authentication.
We want the same to be migrated to acs 4.2(appliance) application. I have tried in different ways to push the certificate but i couldn't.
I have tried Thru System Configuration --> ACS Certificate Setup --> Install ACS certificate --> Download certficate file In that i have mentioned the FTP server IP address, credentials, path and file name
But if i submit the request its giving the directory not found or credentials wrong.
In FTP logs its showing like this
Apr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acsApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 User logged inApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: Login successfulApr 15, 2011 19:41:55 Session 4, Peer
[Code].....
I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN. I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.
View 1 Replies View RelatedWe have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
i have a problem with some sites! i cant access to them ! some sites are hotmail, this one, and many other! the msg that i see every time is : There is a problem with this website's security certificate. The security certificate presented by this website has expired or is not yet valid.
[code]...
I have bought and installed a 2048bit certificate from Thawte on a ACE20-MOD-K9 module. The appliance can't use it and gives the following error: "This certificate cannot be verified up to a trusted certfication authority."I have contacted Thawte about this and they suggest to install an intermediate certificate from Thawte on the module, but I can't find such a certicicate for Cisco on their site. Also I'm not sure how to go about implementing such an intermediate certificate on the ACE.
View 1 Replies View RelatedMy issue occurs on ALL of my home computers (MacBook and iMac using wi-fi) and ALL of my browsers (Safari, Firefox, Chrome).The problem:- Security Certificates: They pop up daily for Facebook mostly, but also Twitter. I will click Continue, which takes me to...- 404 Error/Page Not Found Error: After the Certificate error mentioned above, this happens. Mostly to YouTube. It will stay like this for a few hours. I've cleared cache, rebooted, etc. etc. Nothing works.- Images turn into little blue boxes with a question mark in them. **When this happens, it's an indication that a Certificate box will pop up out of the blue.- Even on Google.com, it will say: Invalid URLThe requested URL "/", is invalid.Reference #9.df260e6b.1336506889.420cf4fSo what can I do? It happens on both my Macbook Pro and iMac - both connected wirelessly to a Linksys router/cable modem. The router is Wireless-N Broadband Router WRT160Nv3 with Firmware Version: v3.0.02.
View 1 Replies View RelatedThere is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
I read in the Cisco IOS ASA documentation (8.x) that some group-policy attribues are only available for soft-VPN clients while some are available for both soft-VPN clients and L2L VPN clients. Cisco didn't clearly specify which attributes were available for which clients.
To aid me in troubleshooting my L2L VPN setup could someone indicate if the order of events (listed below) is correct for ASA 5520 with IOS 8.x and if the attributes selected are available for L2L VPN clients?Also, are there "show" commands to reveal more details about tunnel-groups, group-policy, etc. when used with VPNs?
I installed m0n0wall in a virtualized environment, i have 10 PCs connected to a router ( 192.168.1.0/24) which connect them to the internet through PPPoE, the problem is that this router does not have a QoS so what i want to do is the following :-
let all the PCs get their IP from the Router and the default gateway will be m0n0wall
the moon wall will have 2 interface (Lan 192.168.1.20) and (Wan 192.168.1.21 and default gateway 192.168.1.1)
now when any PC want to access the internet it should go through m0n0wall and then m0n0wall will forward the connection to the default gateway through the wan interface which is the PPPoE running on the router (192.168.1.1)
I live in a house with four other people so I need a lot of free ethernet ports.I currently have three routers daisy-chained together and I want to add a fourth, but I can't seem to.When I plug it up, pages refuse to load on computers connected to it. I read something about disabling DHCP, but I have two other routers chained to my primary and didn't need to do that. This one's branching off the main one though, instead of being at the end of the chain.I'm trying to hook up either the Linksys 4-port wired router or the 8-port one (I have both). I tried disabling DHCP on it and setting the IP thing to 192.168.2.1 instead of 192.168.1.1 and it worked for a few minutes, then nothing.I also tried that with the TRENDnet one and the same thing happened (had to reset that one to factory defaults).Is it possible to have two routers coming off another or does it need to be a proper chain? Why did I not have to disable DHCP on the others and they still work fine?
View 4 Replies View RelatedHow to configure daisy chain on 3 routers ?
View 1 Replies View RelatedI have the following problem:
I ordered a certificate from Geotrust. Geotrust signed my certificate with an intermediate certificate. The problem that ASA needs the Geotrust global ceritificate to be installed to accept my device certificate (intermediate certificate needs to be authenticated as well). When I install my device certificate on the firewall I got this error:
"ERROR: Failed to parse or verify imported ceritificate"
I do not know the way how to add two authentication certificate on ASA. I need similar solution like this: [URL]
So the question how to arrange the installed certificates into chain on Cisco ASA.
My firewall frimware/type is: Cisco Adaptive Security Appliance Software Version 8.3(2)
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
I'm having an issue with intermediate certificates from GoDaddy when connecting from some browsers of mobile devices:Browser in Android 2.3.3;Safari in iOS 4.2.1;Chrome 18 in Android 4.0.In a PC there's no problem, only from the above mobile devices. The intermediate certificate isn't downloaded from the ACE 4710 resulting in a "SSL Certificate Not Trusted" error.Since GoDaddy has no instructions to resolve the issue from a Cisco ACE.
View 6 Replies View RelatedI need to extend my wireless N network to increase the wireless reception power to a VIZIO Smart HDTV. I currently have a Linksys WRT310N router that is just barley being seen by the TV, Sometimes yes and sometimes not.I have just ordered a Linksys EA3500 Smart Wi-Fi Router. I want to set the EA3500 as the 1st (primary) router and CAT6 cable connect the WRT310N 50 ft closer to the HDTV.
View 1 Replies View Relatedi am trying to daisy chain 2 pro-curve 1810g 8 port switches.i got the cable i need to connect them but i just want to know what kind of settings i have to change on the switches to have it run as best as it can.
View 17 Replies View RelatedIs it possible to daisy chain from a 3560 to 2960-S switch using a SFP interconnect cable (daisy chain cable)
View 1 Replies View RelatedI have got 3 wifi routers i want to daisy chain. Router 1 is main modem router, which is connected to 2 pcs and 2 wif routers (wired separately), both of these wifi routers have there own ip address and dchp turned off, so they work fine and broadcast wifi nicely. now what i want to do is connect another wifi router to one of these routers (not the main one) but what setting do i need? i tried to connect the 3rd wifi router with the same setting as per the other two ie diff ip and dchp off, but when i plugged it into the port of the second router it would not show as connected or get an internet connection. Its probably quite simple to sort out, but with me being a dimwit i am tering my air out. If i could not use a wifi router for this 3rd connection, is there any other way of putting an extra 4 ports on to my second stage router.
View 4 Replies View RelatedI have a new Cisco 2960 S series switch with a basic configuration that needs to be uplinked or daisy chained to a Cisco 3750 switch. I am not getting any connectivity to the network with either a straight through or crossover cable. the port remains in amber but a 'show interface' indicates that the interface is up. I can manage the switch with a PC patched into any port on the switch with a static IP address. Must be something very simple that I am missing. Outlined below is the configuration.
Refresh_SW1#sh ver
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3,
RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[Code].....
I have sent up a wireless network in a large building using WAG120N Modem Router and four E1000 wireless routers set as access points. The E1000's have the DHCP switched off to enable roaming so the WAG120N takes care of all that.
View 1 Replies View RelatedFor my work I am looking to create wireless capabilities to remote locations. To do this we are using a standard modem/router that is connected to an Engenius (802.11b/g) wireless outdoor radio connected to a dish antenna. We are able to go to locations (3+km) and then with a corresponding receiving antenna (using LoS), receive the Internet and connect both to computers at the transmitting point as well as to the WWW. The problem exists is that we want to employ a series of routers at the receiving end that would be able to carry the transmission to a different location (relatively close), due to the fact that some of the locations do not have line of sight to the antennas. We are using Encore routers, model # ENHWI-N3. When we connect the radio's Ethernet into the routers WAN reciever, we can connect to the Internet with a computer. The problem exists is we want to pass that connection over to a second router (R2). This connection is done when the routers are on access points set to a WDS function with R1 having R2's mac address and vice versa. Both routers are set to channel 1. Even when the routers are seperated by distances >50m a computer plugged into R2 can see a computer plugged into R1. Files can be transferred between the 2 computers wirelessly at speed around 3 mbps. However computer 2 on R2 can not connect to the WWW. This router features a spot that lights up if it has Internet access and R1's is lit up but R2's is not. How do we transfer the Internet and not just a LAN from R1 to R2 so it can be accessed further away from the point of the radio and antenna equipment. This setup has also been used where R2 is hardwired to R3. At R3 we change the channel to 11, and then connect through that with mac addresses wirelessly to 4th router. If comp is in R4 and far away it can still access and file share from comp at R1.*edit the ip address for the routers exist all on 192.168.1.xxx If the 3rd number is different between routers would this make a difference?
View 1 Replies View RelatedIs it possible to daisy chain 3 switches and not have ip conflict? I am running a public access network for a library. For certain library software I need for all workstations to see each other. I have 25 workstations in total and two separate management consoles. I have all workstations on two switches but one of the management consoles is on the third switch because when joined with the others it has an ip conflict. I need this console for the digital sender that is connected as well as to act as a server for go print software.
View 3 Replies View RelatedI'm studying for CCNA Sec exam and looking for any security labs for GNS3 or Packet Tracer.
View 3 Replies View RelatedMy company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies View RelatedASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
View 3 Replies View RelatedI've been reading over the documentation, but only see instructions for using a self-signed certificate for SSL. Or even trusted certificates between LMSes. But I can't seem to find anything on LMS 4.0 using a Certificate Authority. And I have a security requirement to do so.
Is this possible in LMS 4.0?
It appears we had a vendor setup an SSL certificate for our vpn. I see it under the ASDM on configuration -> device management -> Certificate management -> identity Certificates
there is the certificate there and I also see it pointing to the outside under configuration -> device management -> advanced -> ssl settings and under outside the primary enrolled cert is the ssl cert.
only thing i can see which may be incorrect is if i look at the cert details under indentity certificates and select issued to the url says http not https..
I'm currently dealing with a problem related to the integration between the a Cisco ASA 5510 and an AD Microsoft CA on a windows2008R2. I'm basically trying to enroll the ASA in the CA and get a certificate for the ASA to use for SSL VPNs. I'm using SCEP enrollment and I've set up NDEP on the Win2008 CA.
Everything seems to be working just fine and I get the certificate but If I assign it to the interface, first the client receives a warning and then a blank page is shown (everything works just fine with the ASA self-signed certificate). The problem looks like to be related to the purpose of the keys (key usage field) which is not Server authentication. The certificate is automatically generated using the IP Sec (offline) template.
I have a Linksys WRT610N wireless system with WPA-PSK security and this works fine with several computers but now one computer detects the wireless security as WEP and can thus not connect to the router. I have tried to manually connect to the router with correct security WPA-Personal (TKIP) and correct password but then the computer says "settings saved on this computer for the network do not match the requirements of the network".How can I get the computer to detect the correct security? The computer is running Windows 7 home premium.
View 7 Replies View RelatedIs it true that the FCC is investigating the Pogo game site because of poor security? Is Java the cause of this problem?I'm very leery of getting on the Pogo site because I've been told that my computer could get a virus and crash.
View 1 Replies View Related