Cisco Security :: Migrating Existing Database From ACS Win 3.3 To ACS Appliance 4.2.15?
Apr 17, 2011
how to migrate the db from acs windows 3.3 to acs appliance 4.2.15.We are replacing win 3.3 to appliance 4.2.15 as a part of end of life. So we have the eap-tls/peap authentication.It has the huge records. So suggest me the steps to migrate the db from win 3.3 to appl 4.2.15.Do we need to upgrade to win 3.3 to win 4.0 to win 4.2 & then to migrate to appl 4.2 ?
View 4 Replies
ADVERTISEMENT
Mar 18, 2013
We are currently running a ACS 1113 with version 4.2 software. We are going to replace the 1113 ACS with two 1121 ACS.
View 1 Replies
View Related
Apr 15, 2011
We have the acs server which has the ssl certficate(certifcate authority) running in acs 3.2 windows version for eap-tls enduser authentication.
We want the same to be migrated to acs 4.2(appliance) application. I have tried in different ways to push the certificate but i couldn't.
I have tried Thru System Configuration --> ACS Certificate Setup --> Install ACS certificate --> Download certficate file In that i have mentioned the FTP server IP address, credentials, path and file name
But if i submit the request its giving the directory not found or credentials wrong.
In FTP logs its showing like this
Apr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acsApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 User logged inApr 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: Login successfulApr 15, 2011 19:41:55 Session 4, Peer
[Code].....
View 2 Replies
View Related
Apr 26, 2011
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)
View 8 Replies
View Related
Dec 24, 2011
I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
View 3 Replies
View Related
Jun 13, 2007
Is there any way to auto migrate my 3030 VPN configuration to an ASA platform?
View 3 Replies
View Related
Apr 6, 2010
I am not able to replicate Database between two ACS SE 4.2. I am getting the following error:
Inbound database replication from ACS 'ACS_BEX_001' denied - shared secret mismatch.
The configuration apparently is ok. I am attaching the configuration from both ACS.
View 2 Replies
View Related
Mar 6, 2011
How to upgrade from ACS Se 1113 (running 4.2.0.124) to a new 1121 appliance running version 5.2. We also run RA for AD integration ?
View 5 Replies
View Related
Mar 10, 2011
Is there a security appliance available that provides anti-malware protection, firewall,r content filtering, etc, AND has no subscription or maintainance fee (or optional fees)?
View 1 Replies
View Related
Mar 20, 2011
I m getting mention error when try to open subjected web link.
Deny TCP (no connection) from Outside:180.87.10.44/2443 (180.87.10.44/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
Where, a.b.c.d = our private ip address (Natted) w.x.y.z = Public Ip address.
View 1 Replies
View Related
May 20, 2012
I have RSA Securid appliance 3.0 "A120" V 7.1 Sp4 and Cisco Secure Access Control System (ACS) Appliance V4.1.1 (build 23)..I make communication between the Cisco Secure ACS and the RSA Securid appliance using RADIUS Protocol .I only configure 1st IP for RSA appliance and Add this ip In cisco ACS and i go through implementation guide that is attached in this discussion all things is fine in authentication.
now i enabled second IP for RSA but i did not know how to configure the Cisco ACS to know Second IP for RSA?
View 1 Replies
View Related
Oct 16, 2012
I am looking for recommendations on a device to put at the forefront of our network, mainly for web content filtering. Our network is currently setup as this:We have two Internet providers. One for each network that are physically separate except a a Cisco 3560 which is used for failover. In the event one ISP goes down, one network can use the others ISP, however, it has no access to the other network beyond that switch.Currently, each network has a web content filter (SmartFilter) server which is going end of life in a year. We would like to replace each server with a single box at the front of the network for filtering. Other bonuses would be things such as bandwidth control, virus protection, etc.Perhaps the most important thing is to make sure our ISP bandwidth download speed does not get hampered by the device we choose to put at the front. We have 50mb download on one and 30mb on the other. If the device throttles the download at 10mb then it's useless to us.
View 9 Replies
View Related
Apr 25, 2011
I am trying to reimage a Cisco MARS 25 appliance for the pnadmin password recovery procedure. I am trying to boot the system with Recovery DVD (Version 5.3.2) shipped with the appliance. I connected a VGA monitor and USB keyboard to the appliance and when I do a reboot, I can see the Installation options. Please Choose A MARS Model To Install...
1. Distributed Mars - Local Controller But I am not able to select the Option 1 for the reimaging of Local Controller since my keyboard is not responding for the selections. During the LILO boot process, I can see some error message that 'Keyboard Not Present'. I tried to connect the keyboard to different USB ports and the PS/2 port using a USB to PS/2 adapter. Still keyboard is not functioning.I am able to select the BIOS options while connecting the USB keyboard to appliance. But it is not functioning when booting from Recovery DVD. Also the keyboard is functioning if I boot the appliance directly with previous image. Unfortunately I dont have any PS/2 keyboard available for connecting and admin password for Login.Is there any workaround/solution for supporting the USB keyboard during the Recovery Procedure ?I tried the serial connection with hyperterminal but some junk charaters appear even after setting the recomended Baud rate, parity, flow control etc.The Ethernet console seems not working with the default IP address 192.168.0.101 for eth1.
2. Distributed Mars - Global Controller
3. Mars Operating System Recovery
4. Quit
View 5 Replies
View Related
Aug 10, 2011
I was configure IPSEC vpn on ASA5540 and i have problem with port blocked. I am unable to block server ports to remote users.See below configuration. I need to configure vpn filter list but don't know how to configure vpn filter list.
View 5 Replies
View Related
Mar 10, 2005
I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings. I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password.
View 7 Replies
View Related
Apr 10, 2011
If I am to add the Self-generated certificate of my new CAS to my existing CAM's trusted certificate authorities list, will it just be added or will it replace the existing trusted certificate?
View 4 Replies
View Related
Oct 12, 2011
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
View 2 Replies
View Related
May 23, 2011
I have an existing VPN tunnel from my branch office to corporate.I want to allow my employees to establish a VPN connection to our local branch office where we have a local server, and not go through the corporate office.Can I set up a direct VPN connection to my router/ firewall at the branch office, even when there is a VPN tunnel already connected between my office and corporate?
View 1 Replies
View Related
Mar 28, 2012
I have an existing wireless working network with WIN 7 - 2 laptops, two desktop PC's. Can I add a security code/password without setting up a new network?
View 1 Replies
View Related
Jan 22, 2011
We are pulled the plug on our PIX 501 as its not letting us use all 100Mbit that our cable provider is now piping to us. I read the conversion guide but it made no mention of the 501's. Only the 515's or newer.The ASA5505 is putting up a little bit of a fight (This what I get for failing my CCNA??)After refusing to configure the LAN ip address to something other than what it was shipped with, I broke down and connected to the management console and forced an IP address on the LAN side. Now I reset my default config and everyone can get on the internet.Until the ISP cuts you off because you forgot to set your static IP. Oh, and by the way, they dont support Cisco gear.
When I attempt to assign the IP to the outside interface, it accepts without a hitch, but everything grinds to a halt. I cannot have this, as I have off-site users that operate with dedicated ports using Remote Desktop. I've attempted to set the IP via both ASDM and management console. I've tried setting a static route, but that doesnt give me any love either. Im running ASA Version 8.2(1) and ASDM Version 6.2(1)Once I get the static IP set and working properly, I can tackle moving the port configs.
View 10 Replies
View Related
May 29, 2012
we are running acs 4.2.0.124.16 on cisco appliance 1113.We need to uprade it to 4.2.1.15 which is the latest release.and need to know the dependencies whether any license required?
View 6 Replies
View Related
Feb 18, 2013
I need to migrate DFM alarm settings data from LMS 3.1 to LMS 4.2.3 and I want to use this method, [URL] , to extract the data from 3.1 and then inport it into 4.2.3.
I successfully performed it for IP settings, it was easy since the data format was the same.
But the format differs quite alot for Interface and Port data, here is an example:
export from LMS 3.1
IF-hostname/17 [Gi0/0.524] [10.55.254.3]; INTERFACE:;IF-hostname/17; MANAGED_STATE:;EXPLICITLY_UNMANAGED
export from LMS 4.2.3
INTERFACE:IF-hostname/17 MANAGED_STATE:MANAGED GigabitEthernet0/0.524
It looks like I have convert interface names, sort and delete stuff to make it look the same.
View 1 Replies
View Related
May 8, 2013
[URL] it mentions that migrating from NCS 1.1.2 to CPI 1.2 isn't possible.
How can I get around this?
View 3 Replies
View Related
Jan 28, 2011
I have recently migrated from a PIX 515e to an ASA 5510. In the main this was successful. However, I have a number of L2L VPN's (all connecting to Cisco PIX 501 or 505). The majority of these VPN's are working fine. However, I have a couple of VPN's that are causing me a problem. It seems like the tunnel is established for anything between 10 minutes and 4 hours before going 'down'. I cannot initiate the tunnel again from the hub end (ASA 5510) of the VPN.However, if the remote end reboots the PIX, the tunnel is re-established.The ASA is running 8.3(1) and the remote PIX's will be running various versions of code but will all be 6.3(x). The strange thing here is that the majority of the sites are working and the config for each tunnel is identical other than the access-lists for interesting traffic and peer address.
View 7 Replies
View Related
May 7, 2013
for testing purposues i wanted to exchange a running ASA 5510 with a ASA 5505. I included the running configs from both the ASA 5510 and the new configured ASA 5505.
On the running ASA 5510 there is:
one interface for WEB
static IP xx.xxx.xxx.178
route 0.0.0.0 xx.xxx.xxx.177
[Code].....
View 1 Replies
View Related
Jan 4, 2012
I currently have the following set up (excuse my quick drawing):
--------------Vendors VPN Router----
| ------Cisco 3000 VPN------ |
| | | |
Private Network-------ASA5510---------Pub Switch------Cisco Router 2x T1
I've been tasked with migrating to the new ISP, which provides us with Cisco ME-3400E switch and /26 public subnet. I currently have 15 static NATs and 14 L-2-L VPN tunnels configured in ASA. Is there a way to configure additional Outside int on ASA and use it to migrate the existing VPN tunnels and static NATs? I'm trying to avoid downtime and hope to do it step by step. I'm thinking about adding additional Public switch, so I can also migrate vendor's router and VPN concentrator, which need to be in parallel to ASA. Assuming that this is possible I'd would like to do the following:
1.Configure and connect additional Outside Interface on ASA - public IP address and ACLs
2.Connect it to additional "Public switch", which would be configured with public IP address and connected to new ISP's Cisco ME-3400E.
3.Migrate my VPN tunnels and static NATs.
4.Migrate vendors equipment/VPN concentrator
5.Update my global NAT pool
6.Shut down old ISP
View 13 Replies
View Related
Feb 12, 2013
I have NCS 1.0 with 100 devices support license installed. Now knowing it has reached end of sale, and also for the fact that Prime does cover devices like routers, i went ahead to the upgrade path via PUT (Product Upgrade Tool). Finally I received an email (OBA) advising my order is ready. This email included two items in the shipment,
L-N-PI12-100-M=
NCS 1.0 to Prime Infrastructure 1.2 Minor Upg 100 Device
L-PILMS42-100-M
Prime Infrastructure LMS 4.2 - 100 Device Upgrade Lic
When i click to the link in the same email to download the license, it only shows me one file which is L-PILMS42-100-M I tried using this file and installing on the NCS1.0 but it gives me error that this file is not a license file. The license name suggests me that it is not the license to be installed on the NCS. The file should be L-N-PI12-100-M=
View 5 Replies
View Related
Jun 11, 2012
I am replacing an old 4400 series WLC running version 4.0.179.11 to a new 5508 WLC running version 7.2.110.0.
We currently have 70 x 1131 Access points on the 4400 WLC.
With this upgrade, do i need to upgrade the old 4400 to version 6.0 so the AP's get an up to date IOS or can i directly migrate all AP's over to the new 5508 without any version incompatabilities on the AP's?
I am abit worried that the AP's are running a very old IOS on the 4400 v.4.0.179.11 to go straight to the new 5508 v.7.2.110.0.
View 3 Replies
View Related
Mar 11, 2013
I have a situation here where after migrating from PIX 6.3 to ASA 8.4, VPN connection from window server 2003 and 2008 fail to connect. Strangely, win7 or win 8 works perfectly well.
It failed due to
reason=DEL_REASON-IKE_NEG_FAILED
The diff we can see is win 7 is 32 bits and the server client version is 64bits.
View 1 Replies
View Related
Aug 28, 2011
I am migrating my PIX configuration to ASA 8.4(2) with my old nat configuration.I don't want the traffic match ACL inside_outbound_nat_acl from inside interface with NAT [code]
when I configured "any" in "nat (inside,any)", I cannot type the "route-lookup" command but when I change like "nat (inside,outside)" then I can type the "route-lookup" command.so what's mean of "any" in this command?
View 10 Replies
View Related
Aug 7, 2011
I am migrating from Cisco 6509 IOS (12.2) to Nexus 7000 NX-OS (5.1(1)).I am looking for a equivalente NX-OS command for permit ipinip on IOS.
View 2 Replies
View Related
Apr 18, 2011
I have a 7.0.164.0 WCS that I am trying to upgrade to 7.0.172.0 In the system infrastructure we have three 4400-50 controllers with a total of about 90 access points (1231's, 1131's, 1142's, and 3500's) The server is a VM with 2GB of ram and about 4GB of free hard drive space (the WCS software is installed on the D: partition). The WCS installer goes through the initial setup and gets to the point of "Migrating Data" and basically stalls. I started the upgrade Friday at 11:30AM and finally killed it at about 9:00AM on Monday (almost 3 full days).
I then uninstalled the partial 7.0.172.0 installation, and also uninstalled the 7.0.164.0 installation. I then did a clean install of 7.0.164.0 and imported my backup. After i verified that everything was working correctly I then tried the 7.0.172.0 upgrade again. Currently its almost at 24 hours of sitting at "Migrating Data"
View 10 Replies
View Related
Feb 5, 2013
We are currently upgrading from WISM-1's to individual 5508 WLC's. Is it possible to export the config from controller on the WISM to the 5508?
View 5 Replies
View Related