Cisco Security :: A120 ACS - 2nd NIC Card For RSA Securid Appliance
May 20, 2012
I have RSA Securid appliance 3.0 "A120" V 7.1 Sp4 and Cisco Secure Access Control System (ACS) Appliance V4.1.1 (build 23)..I make communication between the Cisco Secure ACS and the RSA Securid appliance using RADIUS Protocol .I only configure 1st IP for RSA appliance and Add this ip In cisco ACS and i go through implementation guide that is attached in this discussion all things is fine in authentication.
now i enabled second IP for RSA but i did not know how to configure the Cisco ACS to know Second IP for RSA?
We have cisco ACS 4.2 installed on windows 2003 with secondary ACS on another machine. Database replication is okay.We installed primary SecurID RSA authentication manager on Primary ACS and is working okay as well.
Now we installed secondary SecurID RSA authentication manager on secondary ACS.
I have copied the required dll file (aceclnt.dll) to system32 folder from secondary SecurID RSA. SecurID RSA team gave me sdconf.rec file to be uploaded on ACS, but after creating new external DB (RSA Token), I do not see the option to upload the sdconf.rec file.
So without uploading sdconf.rec file, we shut down primary ACS service and tried to connect vpn, the request goes to secondary ACS, but it always tries to communicate with primary SecurID RSA authentication manager and getting attached screen on primary RSA authentication manager.
What is the exact procedure to be carried out toconfigure cisco ACS and SecurID RSA in high availibity option ?
I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
Is there a security appliance available that provides anti-malware protection, firewall,r content filtering, etc, AND has no subscription or maintainance fee (or optional fees)?
how to migrate the db from acs windows 3.3 to acs appliance 4.2.15.We are replacing win 3.3 to appliance 4.2.15 as a part of end of life. So we have the eap-tls/peap authentication.It has the huge records. So suggest me the steps to migrate the db from win 3.3 to appl 4.2.15.Do we need to upgrade to win 3.3 to win 4.0 to win 4.2 & then to migrate to appl 4.2 ?
I m getting mention error when try to open subjected web link.
Deny TCP (no connection) from Outside:180.87.10.44/2443 (180.87.10.44/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
Where, a.b.c.d = our private ip address (Natted) w.x.y.z = Public Ip address.
I am looking for recommendations on a device to put at the forefront of our network, mainly for web content filtering. Our network is currently setup as this:We have two Internet providers. One for each network that are physically separate except a a Cisco 3560 which is used for failover. In the event one ISP goes down, one network can use the others ISP, however, it has no access to the other network beyond that switch.Currently, each network has a web content filter (SmartFilter) server which is going end of life in a year. We would like to replace each server with a single box at the front of the network for filtering. Other bonuses would be things such as bandwidth control, virus protection, etc.Perhaps the most important thing is to make sure our ISP bandwidth download speed does not get hampered by the device we choose to put at the front. We have 50mb download on one and 30mb on the other. If the device throttles the download at 10mb then it's useless to us.
I am trying to reimage a Cisco MARS 25 appliance for the pnadmin password recovery procedure. I am trying to boot the system with Recovery DVD (Version 5.3.2) shipped with the appliance. I connected a VGA monitor and USB keyboard to the appliance and when I do a reboot, I can see the Installation options. Please Choose A MARS Model To Install...
1. Distributed Mars - Local Controller But I am not able to select the Option 1 for the reimaging of Local Controller since my keyboard is not responding for the selections. During the LILO boot process, I can see some error message that 'Keyboard Not Present'. I tried to connect the keyboard to different USB ports and the PS/2 port using a USB to PS/2 adapter. Still keyboard is not functioning.I am able to select the BIOS options while connecting the USB keyboard to appliance. But it is not functioning when booting from Recovery DVD. Also the keyboard is functioning if I boot the appliance directly with previous image. Unfortunately I dont have any PS/2 keyboard available for connecting and admin password for Login.Is there any workaround/solution for supporting the USB keyboard during the Recovery Procedure ?I tried the serial connection with hyperterminal but some junk charaters appear even after setting the recomended Baud rate, parity, flow control etc.The Ethernet console seems not working with the default IP address 192.168.0.101 for eth1.
2. Distributed Mars - Global Controller 3. Mars Operating System Recovery 4. Quit
I was configure IPSEC vpn on ASA5540 and i have problem with port blocked. I am unable to block server ports to remote users.See below configuration. I need to configure vpn filter list but don't know how to configure vpn filter list.
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10 NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
For some strange reason my wireless card can only connect to the router if I do not use any security or if I use wep-open. If I try to use a wpa-psk it will not connectIn the past I was able to use wpa with no problem. I am also able to view other wireless routers around me and can see the different securities they use, but if I change my router to wpa then my wireless adapter can and will not notice the change and I can not connect to my wireless router which is same brand
Can't see this in the documentation, as only Solaris to soft appliance is mentioned, so does anyone know if you can migrate data from LMS 4.0.1 on Windows 2008 to the soft appliance on LMS 4.1?
After upgrading our Cisco MSE to 7.4, the appliance does not stay connected to the network. Once the appliance is restarted, layer 3 echoes occur for about 2 minutes and then stop. The only way to get it to respond again, is to restart the appliance. Again, after a few minutes, it stops responding. I've checked the switch, and there is no port security set up on it. I've checked ACL's, and other potential culprits to no avail. The MSE interface is set up, and the device is configured.
I'm currently trying to install the Cisco LMS 4.2 Appliance on a VMware vSphere 4.0 environment.I'm following the [URL]. I downloaded the Cisco_Prime_LAN_Management_Solution_4_2.iso and I started the server.I get this screen and I choose option 1:
I try to upgrade LMS 4.2 to LMS 4.2.1 on a soft appliance and i got this error. To upgrade from LMS 4.2 to LMS 4.2.1:
lms/admin# conf t lms/admin(config)# repository myrepo lms/admin(config-Repository)# url disk://opt lms/admin(config-Repository)# end lms/admin# application upgrade Cisco_Prime_LAN_Management_Solution_4_2_1upgrade.tar.gz myrepo Save the ADE-OS running configuration?(yes/no) [yes]? yes Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Upgrade... % Local file not found lms/admin#
All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days. Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?
A while back we were looking into upgrading our SUN/Oracle server to better service our CiscoWorks. Our vendor (partnered Cisco Vendor) told us that Cisco was developing an appliance like WCS and CNR that runs Redhat for CiscoWorks.Does any one have any info on this or could this be a rumor?
We do not run Windows devices on any of our network enterprise and this would be so cool!
Oracle is getting to be a clone of Windows..in our opinion
If this is true, I will happy to sit and wait for it.
We now run LMS 4.0 on a SUN/Oracle T2000 and it seems to be bottlenecking.
I upgraded wcs to version 7.0.172 and migrated it to new server and ip address. The upgrade was done by install wcs 7.0.172 on new server and restoring a backup. I also upgraded the location appliance from 6.0.101.0 to 6.0.202.0. The wcs can see the location appliance without a problem. The problem occurs when i try to backup the location appliance. The wcs appears to run the backup and completes with a success but i cannot find the backup file in the ftp directory. wcs backup to ftp folder is fine.is a there a way of doing a manual backup the location appliance what logs can i check to see whether the backup is taking place or not?
While running the install wizard of soft appliance LMS 4.1 it asks for hostname and also the domain during the install. Is the hostname suppose to be fully qualified domain name exp: foo.blah.com or just hostname without fqdn exp: foo? Reason why I ask is when I ran the following command below in the shell it doesn't look like it is setup correctly. Also if I did the install without my hostname in dns first will this mess up my install?
My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?
We have an installation of Cisco Prime LMS 4.1 soft appliance on VMware and i would like to ask if it is possible to backup the database on an external drive other than the 'local' LMS hard disk.
Newly shipped cisco ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
My ACS BOM details CSACS-1121-K9 ACS 1121 Appliance With 5.1 SW And Base license
This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain. I got success test connection. But when I click Save Changes. I got error .
01. I have one customer unit C1121 ACS system shipped with version 5.1. The customer buy the base license and large deployment license along with the purchase.
02. Fact is i have manually upgrade the system to version 5.3.0.40, and applying a trial license for it for administering the appliance.
a. If i now using the purchased base license and large deployment PAK to activate the system, would it still valid for me to continue using Version 5.3.0.40?
Is it possible to add another NIC to the Cisco 3315 NAC appliance. It ships with Four ethernet interfaces, but would like to add at least 1 extra interface i.e. PCI card if possible.
3)applAcs_4.2.1.15.8.zip (ACS SE 4.2.1.15.8 cumulative patch)
take it forward to upgrade by step by step procedure. ( is that same like TFTP to transfer these packeges to appliance or different method? ) (we are using Windows XP system)
currently have LMS 3.2 on a Windows server. I'd like to upgrade to 4.1 on a virtual appliance. I don't care about migrating data and would probably like to just start fresh. My question is If I were to download the 4.1 evaluation virtual appliance and also purchase the 3.2 to 4.1 upgrade license would I be able to apply that license to the evaluation?
I have a new installation of LMS 4.2 on the Soft Appliance and seem ot be only able to configure backups to the local disk? There is no option to select any of the configured repositories like there is in ACS. I can backup to /local disk, after change to filesystem as below:
chgrp casusers -R /local disk chmod 0775 /local disk
But the issue is, how to I get this off the box in an automated fashion so it can be part of our corporate backup schedule?
