Cisco Security :: Migrating Existing SSL Certificate From Win 3.2 To 4.2 ACS
Apr 15, 2011
We have the acs server which has the ssl certficate(certifcate authority) running in acs 3.2 windows version for eap-tls enduser authentication.
We want the same to be migrated to acs 4.2(appliance) application. I have tried in different ways to push the certificate but i couldn't.
I have tried Thru System Configuration --> ACS Certificate Setup --> Install ACS certificate --> Download certficate file In that i have mentioned the FTP server IP address, credentials, path and file name
But if i submit the request its giving the directory not found or credentials wrong.
In FTP logs its showing like this
Apr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acsApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 User logged inApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: Login successfulApr 15, 2011 19:41:55 Session 4, Peer
[Code].....
View 2 Replies
ADVERTISEMENT
Apr 17, 2011
how to migrate the db from acs windows 3.3 to acs appliance 4.2.15.We are replacing win 3.3 to appliance 4.2.15 as a part of end of life. So we have the eap-tls/peap authentication.It has the huge records. So suggest me the steps to migrate the db from win 3.3 to appl 4.2.15.Do we need to upgrade to win 3.3 to win 4.0 to win 4.2 & then to migrate to appl 4.2 ?
View 4 Replies
View Related
Jun 2, 2012
We now have a new requirement . We are replacing existing pair of CSS with ACE 4710 appliances. The problem here is that I can see from the configuration that some SSL certificate installed in CSS .Is it possible to transfer the existing SSL certificate from the 11503 to the ACE? Or, do we need to generate a new key pair and CSR on the ACE? Is there any document available to know the steps for the same.
View 2 Replies
View Related
Jun 13, 2007
Is there any way to auto migrate my 3030 VPN configuration to an ASA platform?
View 3 Replies
View Related
Mar 18, 2013
We are currently running a ACS 1113 with version 4.2 software. We are going to replace the 1113 ACS with two 1121 ACS.
View 1 Replies
View Related
Mar 10, 2005
I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings. I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password.
View 7 Replies
View Related
Apr 10, 2011
If I am to add the Self-generated certificate of my new CAS to my existing CAM's trusted certificate authorities list, will it just be added or will it replace the existing trusted certificate?
View 4 Replies
View Related
Sep 21, 2012
I've got a Cisco 851 running IOS12.3. I'm trying to install a SSL Certificate but after following all the instructions and installing a CA certificate I'm not getting the full chain of authority in a browser just the devices certificate itself. I've repeated the installation process using individual CA certificates all up and down the chain but still the same results.
View 1 Replies
View Related
Feb 12, 2009
Is it possible to generate CSR using SH1 instead of md5 on Cisco 1841 for SSL VPN, because the provider that I try to use doesn't accept md5. Also tried to import there private key and got an error "Error: invalid PEM boundary"
View 4 Replies
View Related
Jun 20, 2011
I have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.
View 2 Replies
View Related
May 23, 2011
I have an existing VPN tunnel from my branch office to corporate.I want to allow my employees to establish a VPN connection to our local branch office where we have a local server, and not go through the corporate office.Can I set up a direct VPN connection to my router/ firewall at the branch office, even when there is a VPN tunnel already connected between my office and corporate?
View 1 Replies
View Related
Mar 28, 2012
I have an existing wireless working network with WIN 7 - 2 laptops, two desktop PC's. Can I add a security code/password without setting up a new network?
View 1 Replies
View Related
Sep 29, 2009
I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN. I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.
View 1 Replies
View Related
Feb 9, 2011
We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
View 1 Replies
View Related
Jul 11, 2012
i have a problem with some sites! i cant access to them ! some sites are hotmail, this one, and many other! the msg that i see every time is : There is a problem with this website's security certificate. The security certificate presented by this website has expired or is not yet valid.
[code]...
View 4 Replies
View Related
Dec 16, 2011
I have bought and installed a 2048bit certificate from Thawte on a ACE20-MOD-K9 module. The appliance can't use it and gives the following error: "This certificate cannot be verified up to a trusted certfication authority."I have contacted Thawte about this and they suggest to install an intermediate certificate from Thawte on the module, but I can't find such a certicicate for Cisco on their site. Also I'm not sure how to go about implementing such an intermediate certificate on the ACE.
View 1 Replies
View Related
May 15, 2012
My issue occurs on ALL of my home computers (MacBook and iMac using wi-fi) and ALL of my browsers (Safari, Firefox, Chrome).The problem:- Security Certificates: They pop up daily for Facebook mostly, but also Twitter. I will click Continue, which takes me to...- 404 Error/Page Not Found Error: After the Certificate error mentioned above, this happens. Mostly to YouTube. It will stay like this for a few hours. I've cleared cache, rebooted, etc. etc. Nothing works.- Images turn into little blue boxes with a question mark in them. **When this happens, it's an indication that a Certificate box will pop up out of the blue.- Even on Google.com, it will say: Invalid URLThe requested URL "/", is invalid.Reference #9.df260e6b.1336506889.420cf4fSo what can I do? It happens on both my Macbook Pro and iMac - both connected wirelessly to a Linksys router/cable modem. The router is Wireless-N Broadband Router WRT160Nv3 with Firmware Version: v3.0.02.
View 1 Replies
View Related
Jan 30, 2012
There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
View 3 Replies
View Related
Oct 19, 2012
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
View 5 Replies
View Related
Jan 22, 2011
We are pulled the plug on our PIX 501 as its not letting us use all 100Mbit that our cable provider is now piping to us. I read the conversion guide but it made no mention of the 501's. Only the 515's or newer.The ASA5505 is putting up a little bit of a fight (This what I get for failing my CCNA??)After refusing to configure the LAN ip address to something other than what it was shipped with, I broke down and connected to the management console and forced an IP address on the LAN side. Now I reset my default config and everyone can get on the internet.Until the ISP cuts you off because you forgot to set your static IP. Oh, and by the way, they dont support Cisco gear.
When I attempt to assign the IP to the outside interface, it accepts without a hitch, but everything grinds to a halt. I cannot have this, as I have off-site users that operate with dedicated ports using Remote Desktop. I've attempted to set the IP via both ASDM and management console. I've tried setting a static route, but that doesnt give me any love either. Im running ASA Version 8.2(1) and ASDM Version 6.2(1)Once I get the static IP set and working properly, I can tackle moving the port configs.
View 10 Replies
View Related
May 29, 2012
we are running acs 4.2.0.124.16 on cisco appliance 1113.We need to uprade it to 4.2.1.15 which is the latest release.and need to know the dependencies whether any license required?
View 6 Replies
View Related
Feb 18, 2013
I need to migrate DFM alarm settings data from LMS 3.1 to LMS 4.2.3 and I want to use this method, [URL] , to extract the data from 3.1 and then inport it into 4.2.3.
I successfully performed it for IP settings, it was easy since the data format was the same.
But the format differs quite alot for Interface and Port data, here is an example:
export from LMS 3.1
IF-hostname/17 [Gi0/0.524] [10.55.254.3]; INTERFACE:;IF-hostname/17; MANAGED_STATE:;EXPLICITLY_UNMANAGED
export from LMS 4.2.3
INTERFACE:IF-hostname/17 MANAGED_STATE:MANAGED GigabitEthernet0/0.524
It looks like I have convert interface names, sort and delete stuff to make it look the same.
View 1 Replies
View Related
May 8, 2013
[URL] it mentions that migrating from NCS 1.1.2 to CPI 1.2 isn't possible.
How can I get around this?
View 3 Replies
View Related
Jan 28, 2011
I have recently migrated from a PIX 515e to an ASA 5510. In the main this was successful. However, I have a number of L2L VPN's (all connecting to Cisco PIX 501 or 505). The majority of these VPN's are working fine. However, I have a couple of VPN's that are causing me a problem. It seems like the tunnel is established for anything between 10 minutes and 4 hours before going 'down'. I cannot initiate the tunnel again from the hub end (ASA 5510) of the VPN.However, if the remote end reboots the PIX, the tunnel is re-established.The ASA is running 8.3(1) and the remote PIX's will be running various versions of code but will all be 6.3(x). The strange thing here is that the majority of the sites are working and the config for each tunnel is identical other than the access-lists for interesting traffic and peer address.
View 7 Replies
View Related
May 7, 2013
for testing purposues i wanted to exchange a running ASA 5510 with a ASA 5505. I included the running configs from both the ASA 5510 and the new configured ASA 5505.
On the running ASA 5510 there is:
one interface for WEB
static IP xx.xxx.xxx.178
route 0.0.0.0 xx.xxx.xxx.177
[Code].....
View 1 Replies
View Related
Jan 4, 2012
I currently have the following set up (excuse my quick drawing):
--------------Vendors VPN Router----
| ------Cisco 3000 VPN------ |
| | | |
Private Network-------ASA5510---------Pub Switch------Cisco Router 2x T1
I've been tasked with migrating to the new ISP, which provides us with Cisco ME-3400E switch and /26 public subnet. I currently have 15 static NATs and 14 L-2-L VPN tunnels configured in ASA. Is there a way to configure additional Outside int on ASA and use it to migrate the existing VPN tunnels and static NATs? I'm trying to avoid downtime and hope to do it step by step. I'm thinking about adding additional Public switch, so I can also migrate vendor's router and VPN concentrator, which need to be in parallel to ASA. Assuming that this is possible I'd would like to do the following:
1.Configure and connect additional Outside Interface on ASA - public IP address and ACLs
2.Connect it to additional "Public switch", which would be configured with public IP address and connected to new ISP's Cisco ME-3400E.
3.Migrate my VPN tunnels and static NATs.
4.Migrate vendors equipment/VPN concentrator
5.Update my global NAT pool
6.Shut down old ISP
View 13 Replies
View Related
Feb 12, 2013
I have NCS 1.0 with 100 devices support license installed. Now knowing it has reached end of sale, and also for the fact that Prime does cover devices like routers, i went ahead to the upgrade path via PUT (Product Upgrade Tool). Finally I received an email (OBA) advising my order is ready. This email included two items in the shipment,
L-N-PI12-100-M=
NCS 1.0 to Prime Infrastructure 1.2 Minor Upg 100 Device
L-PILMS42-100-M
Prime Infrastructure LMS 4.2 - 100 Device Upgrade Lic
When i click to the link in the same email to download the license, it only shows me one file which is L-PILMS42-100-M I tried using this file and installing on the NCS1.0 but it gives me error that this file is not a license file. The license name suggests me that it is not the license to be installed on the NCS. The file should be L-N-PI12-100-M=
View 5 Replies
View Related
Jun 11, 2012
I am replacing an old 4400 series WLC running version 4.0.179.11 to a new 5508 WLC running version 7.2.110.0.
We currently have 70 x 1131 Access points on the 4400 WLC.
With this upgrade, do i need to upgrade the old 4400 to version 6.0 so the AP's get an up to date IOS or can i directly migrate all AP's over to the new 5508 without any version incompatabilities on the AP's?
I am abit worried that the AP's are running a very old IOS on the 4400 v.4.0.179.11 to go straight to the new 5508 v.7.2.110.0.
View 3 Replies
View Related
Mar 11, 2013
I have a situation here where after migrating from PIX 6.3 to ASA 8.4, VPN connection from window server 2003 and 2008 fail to connect. Strangely, win7 or win 8 works perfectly well.
It failed due to
reason=DEL_REASON-IKE_NEG_FAILED
The diff we can see is win 7 is 32 bits and the server client version is 64bits.
View 1 Replies
View Related
Aug 28, 2011
I am migrating my PIX configuration to ASA 8.4(2) with my old nat configuration.I don't want the traffic match ACL inside_outbound_nat_acl from inside interface with NAT [code]
when I configured "any" in "nat (inside,any)", I cannot type the "route-lookup" command but when I change like "nat (inside,outside)" then I can type the "route-lookup" command.so what's mean of "any" in this command?
View 10 Replies
View Related
Aug 7, 2011
I am migrating from Cisco 6509 IOS (12.2) to Nexus 7000 NX-OS (5.1(1)).I am looking for a equivalente NX-OS command for permit ipinip on IOS.
View 2 Replies
View Related
Apr 18, 2011
I have a 7.0.164.0 WCS that I am trying to upgrade to 7.0.172.0 In the system infrastructure we have three 4400-50 controllers with a total of about 90 access points (1231's, 1131's, 1142's, and 3500's) The server is a VM with 2GB of ram and about 4GB of free hard drive space (the WCS software is installed on the D: partition). The WCS installer goes through the initial setup and gets to the point of "Migrating Data" and basically stalls. I started the upgrade Friday at 11:30AM and finally killed it at about 9:00AM on Monday (almost 3 full days).
I then uninstalled the partial 7.0.172.0 installation, and also uninstalled the 7.0.164.0 installation. I then did a clean install of 7.0.164.0 and imported my backup. After i verified that everything was working correctly I then tried the 7.0.172.0 upgrade again. Currently its almost at 24 hours of sitting at "Migrating Data"
View 10 Replies
View Related
Feb 5, 2013
We are currently upgrading from WISM-1's to individual 5508 WLC's. Is it possible to export the config from controller on the WISM to the 5508?
View 5 Replies
View Related
