Cisco Security :: Migrating Existing Database From ACS Win 3.3 To ACS Appliance 4.2.15?

Apr 17, 2011

how to migrate the db from acs windows 3.3 to acs appliance 4.2.15.We are replacing win 3.3 to appliance 4.2.15 as a part of end of life. So we have the eap-tls/peap authentication.It has the huge records. So suggest me the steps to migrate the db from win 3.3 to appl 4.2.15.Do we need to upgrade to win 3.3 to win 4.0 to win 4.2 & then to migrate to appl 4.2 ?

View 4 Replies


ADVERTISEMENT

Cisco Security :: Migrating From ACS 1113 Appliance To ACS 1121

Mar 18, 2013

We are currently running a ACS 1113 with version 4.2 software.  We are going to replace the 1113 ACS with two 1121 ACS. 

View 1 Replies View Related

Cisco Security :: Migrating Existing SSL Certificate From Win 3.2 To 4.2 ACS

Apr 15, 2011

We have the acs server which has the ssl certficate(certifcate authority) running in acs 3.2 windows version for eap-tls enduser authentication.
  
We want the same to be migrated to acs 4.2(appliance) application. I have tried in different ways to push the certificate but i couldn't.
  
I have tried Thru System Configuration --> ACS Certificate Setup --> Install ACS certificate --> Download certficate file In that i have mentioned the FTP server IP address, credentials, path and file name
 
But if i submit the request its giving the directory not found or credentials wrong.
 
In FTP logs its showing like this
 
Apr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acsApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 User logged inApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: Login successfulApr 15, 2011 19:41:55 Session 4, Peer

[Code].....

View 2 Replies View Related

AAA/Identity/Nac :: Windows ACS 4.2.0 Backup Database On 1120 Appliance 4.2.1.15?

Apr 26, 2011

I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto  4.2.0.124 ,step by step by upgrade process
 
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
 
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable  on 90 days evalution package of 4.2.0.124 of windows platform .
 
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
 
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)

View 8 Replies View Related

Security / Firewalls :: Sonicwall Network Security Appliance - Receiving A Content Blocked Message?

Dec 24, 2011

I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.

This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.

View 3 Replies View Related

Cisco Security :: Migrating From 3030 To ASA Platform?

Jun 13, 2007

Is there any way to auto migrate my 3030 VPN configuration to an ASA platform?

View 3 Replies View Related

Cisco Security :: ACS 4.2 Database Replication

Apr 6, 2010

I am not able to replicate Database between two ACS SE 4.2. I am getting the following error:

Inbound database replication from ACS 'ACS_BEX_001' denied - shared secret mismatch.

The configuration apparently is ok. I am attaching the configuration from both ACS.

View 2 Replies View Related

Cisco Security :: 1113 ACS Se Appliance Upgrade To 5.2

Mar 6, 2011

How to upgrade from ACS Se 1113 (running 4.2.0.124) to a new 1121 appliance running version 5.2. We also run RA for AD integration ?

View 5 Replies View Related

Security Appliance With No Subscription (maintenance Fee)

Mar 10, 2011

Is there a security appliance available that provides anti-malware protection, firewall,r content filtering, etc, AND has no subscription or maintainance fee (or optional fees)?

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Adaptive Security Appliance

Mar 20, 2011

I m getting mention error when try to open subjected web link.
 
Deny TCP (no connection) from Outside:180.87.10.44/2443 (180.87.10.44/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
 
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
 
Where, a.b.c.d = our private ip address (Natted) w.x.y.z  = Public Ip address.

View 1 Replies View Related

Cisco Security :: A120 ACS - 2nd NIC Card For RSA Securid Appliance

May 20, 2012

I have RSA Securid appliance 3.0 "A120"  V 7.1 Sp4  and Cisco Secure Access Control System (ACS) Appliance V4.1.1 (build 23)..I make  communication between the Cisco Secure ACS and the RSA Securid appliance using RADIUS Protocol .I only configure 1st IP for RSA appliance and Add this ip In cisco ACS  and i go through implementation guide that is attached in this discussion  all things is fine in authentication.
 
now i enabled second IP for RSA but i did not know how to configure the Cisco ACS to know Second IP for RSA?

View 1 Replies View Related

3560 - Filter / Security Appliance Recommendations?

Oct 16, 2012

I am looking for recommendations on a device to put at the forefront of our network, mainly for web content filtering. Our network is currently setup as this:We have two Internet providers. One for each network that are physically separate except a a Cisco 3560 which is used for failover. In the event one ISP goes down, one network can use the others ISP, however, it has no access to the other network beyond that switch.Currently, each network has a web content filter (SmartFilter) server which is going end of life in a year. We would like to replace each server with a single box at the front of the network for filtering. Other bonuses would be things such as bandwidth control, virus protection, etc.Perhaps the most important thing is to make sure our ISP bandwidth download speed does not get hampered by the device we choose to put at the front. We have 50mb download on one and 30mb on the other. If the device throttles the download at 10mb then it's useless to us.

View 9 Replies View Related

Cisco Security :: Reimage MARS 25 Appliance For Admin Password Recovery Procedure

Apr 25, 2011

I am trying to reimage a Cisco MARS 25 appliance for the pnadmin password recovery procedure. I am trying to boot the system with Recovery DVD (Version 5.3.2) shipped with the appliance. I connected a VGA monitor and USB keyboard to the appliance and when I do a reboot, I can see the Installation options. Please Choose A MARS Model To Install...

1. Distributed Mars - Local Controller But I am not able to select the Option 1 for the reimaging of Local Controller since my keyboard is not responding for the selections. During the LILO boot process, I can see some error message that 'Keyboard Not Present'. I tried to connect the keyboard to different USB ports and the PS/2 port using a USB to PS/2 adapter. Still keyboard is not functioning.I am able to select the BIOS options while connecting the USB keyboard to appliance. But it is not functioning when booting from Recovery DVD. Also the keyboard is functioning if I boot the appliance directly with previous image. Unfortunately I dont have any PS/2 keyboard available for connecting and admin password for Login.Is there any workaround/solution for supporting the USB keyboard during the Recovery Procedure ?I tried the serial connection with hyperterminal but some junk charaters appear even after setting the recomended Baud rate, parity, flow control etc.The Ethernet console seems not working with the default IP address 192.168.0.101 for eth1. 

2. Distributed Mars - Global Controller
3. Mars Operating System Recovery
4. Quit

View 5 Replies View Related

Cisco VPN :: Adaptive Security Appliance Asa 5540 Unable To Block Server Ports

Aug 10, 2011

I was configure IPSEC vpn on ASA5540 and i have problem with port blocked.  I am unable to block server ports to remote users.See below configuration.  I need to configure vpn filter list but don't know how to configure vpn filter list.

View 5 Replies View Related

Cisco Security :: 501 PIX - How To Delete Existing Configuration

Mar 10, 2005

I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings.  I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password. 

View 7 Replies View Related

Cisco Security :: Add Additional CAS To Existing NAC OOB Deployment 4.7.3

Apr 10, 2011

If I am to add the Self-generated certificate of my new CAS to my existing CAM's trusted certificate authorities list, will it just be added or will it replace the existing trusted certificate?

View 4 Replies View Related

Cisco Application :: ACE4710 Appliance To ANM Virtual Appliance NATed

Oct 12, 2011

We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
 
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
 
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
 
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin  Context IP:           172.16.0.10
 
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.

View 2 Replies View Related

Security / Firewalls :: VPN To A Remote Office With An Existing VPN Tunnel?

May 23, 2011

I have an existing VPN tunnel from my branch office to corporate.I want to allow my employees to establish a VPN connection to our local branch office where we have a local server, and not go through the corporate office.Can I set up a direct VPN connection to my router/ firewall at the branch office, even when there is a VPN tunnel already connected between my office and corporate?

View 1 Replies View Related

Adding Security Code To Existing Network Windows 7?

Mar 28, 2012

I have an existing wireless working network with WIN 7 - 2 laptops, two desktop PC's. Can I add a security code/password without setting up a new network?

View 1 Replies View Related

Cisco WAN :: Migrating From A PIX 501 To ASA5505

Jan 22, 2011

We are pulled the plug on our PIX 501 as its not letting us use all 100Mbit that our cable provider is now piping to us. I read the conversion guide but it made no mention of the 501's. Only the 515's or newer.The ASA5505 is putting up a little bit of a fight (This what I get for failing my CCNA??)After refusing to configure the LAN ip address to something other than what it was shipped with, I broke down and connected to the management console and forced an IP address on the LAN side. Now I reset my default config and everyone can get on the internet.Until the ISP cuts you off because you forgot to set your static IP. Oh, and by the way, they dont support Cisco gear.
 
When I attempt to assign the IP to the outside interface, it accepts without a hitch, but everything grinds to a halt. I cannot have this, as I have off-site users that operate with dedicated ports using Remote Desktop.  I've attempted to set the IP via both ASDM and management console. I've tried setting a static route, but that doesnt give me any love either. Im running ASA Version 8.2(1) and ASDM Version 6.2(1)Once I get the static IP set and working properly, I can tackle moving the port configs.

View 10 Replies View Related

Cisco AAA/Identity/Nac :: Migrating From ACS 4.2.0 To 4.2.1?

May 29, 2012

we are running acs 4.2.0.124.16 on cisco appliance 1113.We need to uprade it to 4.2.1.15 which is the latest release.and need to know the dependencies whether any license required?

View 6 Replies View Related

Cisco :: Migrating DFM Data From LMS 3.1 To 4.2.3

Feb 18, 2013

I need to migrate DFM alarm settings data from LMS 3.1 to LMS 4.2.3 and I want to use this method, [URL] , to extract the data from 3.1 and then inport it into 4.2.3.
 
I successfully performed it for IP settings, it was easy since the data format was the same.
 
But the format differs quite alot for Interface and Port data, here is an example:
 
export from LMS 3.1
IF-hostname/17 [Gi0/0.524] [10.55.254.3]; INTERFACE:;IF-hostname/17; MANAGED_STATE:;EXPLICITLY_UNMANAGED
export from LMS 4.2.3
INTERFACE:IF-hostname/17 MANAGED_STATE:MANAGED GigabitEthernet0/0.524
 
It looks like I have convert interface names, sort and delete stuff to make it look the same.

View 1 Replies View Related

Cisco :: Migrating From NCS 1.1.2 To Prime 1.2?

May 8, 2013

[URL] it mentions that migrating from NCS 1.1.2 to CPI 1.2 isn't possible.
 
How can I get around this?

View 3 Replies View Related

Cisco VPN :: Migrating From PIX 515e To ASA 5510

Jan 28, 2011

I have recently migrated from a PIX 515e to an ASA 5510. In the main this was successful. However, I have a number of L2L VPN's (all connecting to Cisco PIX 501 or 505). The majority of these VPN's are working fine. However, I have a couple of VPN's that are causing me a problem. It seems like the tunnel is established for anything between 10 minutes and 4 hours before going 'down'. I cannot initiate the tunnel again from the hub end (ASA 5510) of the VPN.However, if the remote end reboots the PIX, the tunnel is re-established.The ASA is running 8.3(1) and the remote PIX's will be running various versions of code but will all be 6.3(x). The strange thing here is that the majority of the sites are working and the config for each tunnel is identical other than the access-lists for interesting traffic and peer address.

View 7 Replies View Related

Cisco WAN :: Migrating ASA 5510 To ASA 5505?

May 7, 2013

for testing purposues i wanted to exchange a running ASA 5510 with a ASA 5505. I included the running configs from both the ASA 5510 and the new configured ASA 5505.
  
On the running ASA 5510 there is:
 
one interface for WEB
static IP xx.xxx.xxx.178
route  0.0.0.0 xx.xxx.xxx.177

[Code].....

View 1 Replies View Related

Cisco Firewall :: Migrating To New ISP - ASA 5510

Jan 4, 2012

I currently have the following set up (excuse my quick drawing):
 
--------------Vendors VPN Router----                                                           
|    ------Cisco 3000 VPN------        |                                                                        
|    |                                   |        |
Private Network-------ASA5510---------Pub Switch------Cisco Router 2x T1

I've been tasked with migrating to the new ISP, which provides us with Cisco ME-3400E switch and /26 public subnet. I currently have 15 static NATs and 14 L-2-L VPN tunnels configured in ASA. Is there a way to configure additional Outside int on ASA and use it to migrate the existing VPN tunnels and static NATs? I'm trying to avoid downtime and hope to do it step by step. I'm thinking about adding additional Public switch, so I can also migrate vendor's router and VPN concentrator, which need to be in parallel to ASA. Assuming that this is possible I'd would like to do the following:

1.Configure and connect additional Outside Interface on ASA - public IP address and ACLs

2.Connect it to additional "Public switch", which would be configured with public IP address and connected to new ISP's Cisco ME-3400E.

3.Migrate my VPN tunnels and static NATs.

4.Migrate vendors equipment/VPN concentrator

5.Update my global NAT pool

6.Shut down old ISP

View 13 Replies View Related

Cisco :: Migrating From NCS 1.0 To Prime Infrastructure 1.2

Feb 12, 2013

I have NCS 1.0 with 100 devices support license installed. Now knowing it has reached end of sale, and also for the fact that Prime does cover devices like routers, i went ahead to the upgrade path via PUT (Product Upgrade Tool). Finally I received an email (OBA) advising my order is ready. This email included two items in the shipment,

L-N-PI12-100-M=
NCS 1.0 to Prime Infrastructure 1.2 Minor Upg 100 Device
L-PILMS42-100-M
Prime Infrastructure LMS 4.2 - 100 Device Upgrade Lic
  
When i click to the link in the same email to download the license, it only shows me one file which is L-PILMS42-100-M  I tried using this file and installing on the NCS1.0 but it gives me error that this file is not a license file. The license name suggests me that it is not the license to be installed on the NCS. The file should be L-N-PI12-100-M=

View 5 Replies View Related

Cisco :: Migrating APs From WLC 4400 V.4.0.179.11 To WLC 5508 V.7.2.110.0

Jun 11, 2012

I am replacing an old 4400 series WLC running version 4.0.179.11 to a new 5508 WLC running version 7.2.110.0.
 
We currently have 70 x 1131 Access points on the 4400 WLC.
 
With this upgrade, do i need to upgrade the old 4400 to version 6.0 so the AP's get an up to date IOS or can i directly migrate all AP's over to the new 5508 without any version incompatabilities on the AP's?
 
I am abit worried that the AP's are running a very old IOS on the 4400 v.4.0.179.11 to go straight to the new 5508 v.7.2.110.0.

View 3 Replies View Related

Cisco VPN :: Client Not Working After Migrating From PIX 6.3 To ASA 8.4?

Mar 11, 2013

I have a situation here where after migrating from PIX 6.3 to ASA 8.4, VPN connection from window server 2003 and 2008 fail to connect. Strangely, win7 or win 8 works perfectly well.
 
It failed due to

reason=DEL_REASON-IKE_NEG_FAILED 
 
The diff we can see is win 7 is 32 bits and the server client version is 64bits.

View 1 Replies View Related

Cisco Firewall :: Migrating PIX Configuration To ASA 8.4(2)

Aug 28, 2011

I am migrating my PIX configuration to ASA 8.4(2) with my old nat configuration.I don't want the traffic match ACL inside_outbound_nat_acl from inside interface with NAT [code]
 
when I configured "any" in "nat (inside,any)", I cannot type the "route-lookup" command but when I change like "nat (inside,outside)" then I can type the "route-lookup" command.so what's mean of "any" in this command?

View 10 Replies View Related

Cisco Switching/Routing :: 6509 / Migrating From IOS To NX-OS

Aug 7, 2011

I am migrating from Cisco 6509 IOS (12.2) to Nexus 7000 NX-OS (5.1(1)).I am looking for a equivalente NX-OS command for permit ipinip on IOS.

View 2 Replies View Related

Cisco :: WCS 7.0.172.0 Upgrade Stall Migrating Data

Apr 18, 2011

I have a 7.0.164.0 WCS that I am trying to upgrade to 7.0.172.0 In the system infrastructure we have three 4400-50 controllers with a total of about 90 access points (1231's, 1131's, 1142's, and 3500's) The server is a VM with 2GB of ram and about 4GB of free hard drive space (the WCS software is installed on the D: partition). The WCS installer goes through the initial setup and gets to the point of "Migrating Data" and basically stalls. I started the upgrade Friday at 11:30AM and finally killed it at about 9:00AM on Monday (almost 3 full days).
 
I then uninstalled the partial 7.0.172.0 installation, and also uninstalled the 7.0.164.0 installation. I then did a clean install of 7.0.164.0 and imported my backup. After i verified that everything was working correctly I then tried the 7.0.172.0 upgrade again. Currently its almost at 24 hours of sitting at "Migrating Data"

View 10 Replies View Related

Cisco Wireless :: Migrating From WISM-1 To 5508?

Feb 5, 2013

We are currently upgrading from WISM-1's to individual 5508 WLC's. Is it possible to export the config from controller on the WISM to the 5508?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved