Cisco Security :: NAC 4.8 Agent Stays Open After Moving To Trusted VLAN
Feb 6, 2011
We have some Windows 7 clients that are running the 4.8 agent. NAC will process the user and move them to the trusted vlan. However, the agent stays open and appears to keep running/processing something. THe user can minimize the agent and work normally, and a reboot appears to fix the issue.
View 5 Replies
ADVERTISEMENT
Dec 16, 2011
I have bought and installed a 2048bit certificate from Thawte on a ACE20-MOD-K9 module. The appliance can't use it and gives the following error: "This certificate cannot be verified up to a trusted certfication authority."I have contacted Thawte about this and they suggest to install an intermediate certificate from Thawte on the module, but I can't find such a certicicate for Cisco on their site. Also I'm not sure how to go about implementing such an intermediate certificate on the ACE.
View 1 Replies
View Related
Jun 13, 2011
I'm using NAC 4.8, and I'd like to login using NAC Web Agent on Ipad. When I'm trying to do that, I'm receiving a message on Ipad that I need to install Java Plug-In, but there is no JavaPlug-in available for Ipad. Any additional configuration that I have to do on NAC Manager to be able to access the network using NAC Web Login on Ipad ?
View 3 Replies
View Related
Feb 7, 2011
i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.It is possibile to generate an email or similar automated process to notify administrators on these audits?
(version in use 4.7.2)
View 2 Replies
View Related
Feb 9, 2011
We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
View 1 Replies
View Related
Feb 15, 2012
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
: Saved
:
ASA Version 8.2(5)
!
hostname textasa
domain-name testcorp.com
enable password 579oWRzSY5syo9yt encrypted
passwd 579oWRzSY5syo9yt encrypted
[code]....
View 5 Replies
View Related
Mar 18, 2003
I have a Cisco 7200 acting as the DHCP relay agent on my network. From a security standpoint, I want to disable the bootp server, with 'no ip bootp server'. What bearing, if any, does 'no ip bootp server' have on DHCP activity?
View 8 Replies
View Related
Jan 29, 2012
I get a empty blue window when I try to open "port to VLAN"
We have upgraded the software but it doesn't work.
View 1 Replies
View Related
Oct 4, 2011
We have c3750s running NAC 4.8. Occassionally, a workstation will flap between the untrusted and trusted vlans. We updated the NIC drivers on the workstation, we verified SNMP was functioning correctly on the switch, and we allowed the phones to act as the pass-through between the workstation and the switch. What could cause the workstation IP Address to not redirect to a TRUSTED VLAN from the NAC_UNTRUST VLAN? All updates have been downloaded to the workstation.
View 1 Replies
View Related
Mar 1, 2011
My IE 8 willnot open pages secured with ssl128 encryption. i can not open my account at[URL].. A box appears with "OK" message at the centre and "!" sign at the left side. it carries the following web address-[URL]
View 2 Replies
View Related
Jun 6, 2011
I'm installing ACS4.2 in our lab domain and want to leverage the corporate domain for authentication. The one way trust is in place, but there is a facet that I'm not clear on in regards to the installation requirement.
I'd like to install ACS on a lab domain member server, but I'm not sure that will work. The installation docs seem to imply that a member server must be in the same domain as the authentication server, but its not very clear. if I want to use the one way trust to the Corporate Domain, am I required to install ACS on the domain controller of the Lab Domain?
View 3 Replies
View Related
Nov 14, 2011
I'm going nuts with this ASA5505. This is a secondary firewall used only in emergencies when the primary Checkpoint failes.
The basics, it has two trusted interfaces, E0/1 and E0/2-6. E0/1, inside2 has 192.168.01/29 and inside is 192.168.200.1/24. I'd like any traffic to be allowed from inside and inside2 to outside and any traffic from the inside interfaces should be routed. No restrictions should apply between the two interfaces.
inside works just fine but no traffic is going out of inside2, not to outside or to inside.
View 8 Replies
View Related
Sep 14, 2012
I am in need of a Static IP alternative (My ISP chooses not to offer the service). I do not need the Static IP to access my own devices. I need to access other networks as a "trusted" user.
View 10 Replies
View Related
Oct 19, 2011
Any know how to close these open ports on my Cisco 7606 router? Any know what these TCP ports are used for?
:
49 - Not sure what this one is other than what IANA reports about TCP port 49
4510
4509
2222
:
I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
View 3 Replies
View Related
Jan 27, 2012
How to bypass a MaAfee firewall implemented on network to open restricted sites.
View 3 Replies
View Related
Apr 14, 2011
I have an old Win XP (SP3) desktop that just recently has a problems with attachments to emails. It simply won't allow me to open or save them.
I have tried both hotmail and btinternet.com (yahoo) emails. When I click on an attachment and choose either 'open' or 'save' the small grey box appears that usually shows the file action and download time info. However no info appears in the grey box and it just sits there (for hours). I have tried the same email attachment on another PC and it works fine so the problem is specific to this PC.
The file size is not a factor, as it fails to open attachments of only 100kb, nor is the file type (pdf). I can download large pdf files from a website with no trouble. the problem is just email attachments.
I tried switching off the Windows firewall, but this made no difference. The a/v is AVG9.0.
View 1 Replies
View Related
Feb 29, 2012
Does Catalyst Cisco 3750 supports NAC Fail Open Feature? Symantec Network Access control has been deployed in our network to protect the end user systems and access control.we initiate to enhance failover/fail open solutions on the switches to minimize the minimum downtime for disaster recovery in case of major disasters in the Data centres.Kindly request to let us know if NAC fail Open works on Cisco Catalyst 3750 Switches or not?
View 0 Replies
View Related
Jan 16, 2012
I have D-Link's DSL-2730U modem/router. I've enabled the router's firewall and disabled TR-069 (putting in some dummy ACS URL and login credentials as well). However port scans show 30005 as open. I believe this is used by the TR-069 client. How do I definitively filter this port?
View 9 Replies
View Related
Mar 18, 2013
Recently had an external security scan done on my DIR 655 and scan results are stating I have an accessible TFTP Server running. i've been through all the settings, and even upgraded to the latest firmware. Yet security scans are telling me I've got a TFTP Server running. Why would one be showing on the external interface, and how can I stop it?
View 7 Replies
View Related
Dec 8, 2011
In one of my 2911's I have a VWIC3-4MFT-T1/E1 that terminates two pri circuit.s0/0/0:23 and s0/0/1:23 are in a trunk group. I've noticed that if the PRI flaps/bounces and comes back up, controller 0/0/1 and serial 0/0/1 stay down.Controller 0/0/0 and serial 0/0/0 always come back up. I have to restart the gateway everytime for 0/0/1 to come up. Thoughts? Interface config is below.
View 8 Replies
View Related
Nov 1, 2011
3502i's LED light turn white? Ifso, what does it mean? The info on the LED lights does not mention white. The serial port and the data port are non responsive, but the unit stays powered over PoE.
View 22 Replies
View Related
Jun 25, 2011
I'm facing a problem with two vlans. Each vlan has internet access by NAT.
In each vlan there is at least one server, who should be accessible from the other vlan and vice versa.
The function "same-security-traffic permit inter-interface" doesn't work, because NAT control is in place - so an expert.
Some experts told me it's not possible to route back out the same interface, and also not route back out the seperate subinterfaces as well.
View 12 Replies
View Related
Mar 17, 2011
I´m trying to configure a subinterface named Inside with vlan 1 but the interface stops work with this vlan.My switch is a Cisco and use the lan with vlan 1 too.If I change de vlan for other i.e vlan13 works fine. And all others vlans works fine too.Is there a problem to use the vlan 1?
My configuration is:
Cisco ASA:
interface gig0/3
no ip address
no security
no nameif
Interface gig0/3.1
vlan 1
nameif Inside
Securirity-level 100
ip address 10.x.y.x 255.255.224.0
The giga port of the swtich is configure to trunk model.
View 2 Replies
View Related
Jan 19, 2011
Cisco Catalyst 2960 series,i want do a SNMP request over OID. When the output should be like this: Portnumber and VlanID. Is there a OID for this output?
View 1 Replies
View Related
Feb 12, 2004
i want to know if the new Catalyst 3750 Support Private Vlan ?
or any other small Switches
View 3 Replies
View Related
Aug 27, 2011
I am ignorant with networking. The most I know is /ipconfig.I am stationed in Japan and have a fiber modem going into my DIR-655. For about two years everything has been fine...no problems ever.About a month ago, I started getting timeouts and page not found errors when surfing the web, but my online games (EVE, WoW, etc) and our Xbox360/PS3 work fine. The only thing I could think was to unplug and plug back the DIR-655. Sometimes that works for a day or a week, but ultimately it always comes back. Is there a setting on the router I can change to avoid this, or a software command I can issue from the computer to clear something?
View 5 Replies
View Related
Jul 17, 2012
So I went to update the firmware on my SA520 last night and aparently something failed, the device restarted and now it doesn't respond to anything. The Diag light stays light and the factory reset button does nothing no matter how long I hold it in. Is there another way to reset the device?
View 2 Replies
View Related
Apr 5, 2012
I have an MPLS router that connects to the core network.This router distributes (per route maps) routes from OSPF into BGP and from BGP into OSPF.The OSPF Process conencts a 6509 to the 7206 MPLS router. There are some routes in the OSPF process that I have filtered out of the 6509. They do not show up inthe 6509 at all and this is the only way they can be getting into the 7206.Checking the 6509 database, this route is gone, but it stays in the 7206 until I clear the route manually. The result is the route still gets distributed into MPLS. [code]
One thing to note, there are two possible OSPF paths the route gets into OSPF, one of them, the route is filtered with distribute-list on the 6509, which means it is still in the database, so it is still in the 7206 database, and still get distributed into BGP on the 7206, correct?
View 3 Replies
View Related
Jan 24, 2012
I might fancy having my desktop stay in a sleep state, waking whenever I need to access it for a file or something, so I tried to use WOL. The nic and bios support it, however when I enable it...
The machine only stays off off for 5-10 seconds at a time. I think this is because instead of waking from only a magic packet, it is waking from ANY packet.
View 1 Replies
View Related
Jan 19, 2012
Where I tried to conect to my home wifi or the school's wifi and it just says "identifying" on the network connections and on the list of wifi networks around in the notification area it says "No internet acces" and can't connect to the internet. I stoped trying to look for a solution but I don't have internet at home
[code]....
View 5 Replies
View Related
Jan 18, 2012
Issue: Working on the internet, my computer (LAN) disconnects, Laptop (WAN) disconnects, but the router does not disconnect. The light that shows connection to net flashes like crazy (showing ADHD *** activity), the network lights just stay stable (showing no activity).After 5-10 minutes the problem sometimes fixes itself, or, more likely, I unplug the router, wait 2 minutes, plug it back in. Sometimes it works right away, sometimes it takes a second unplug.My computer is wired to the router which connects to a modem. The modem is not mine, its installed by my ISP.
Failed attempts to fix:Replace router. Bought brand new Netgear (will put numbers in here later) to replace the Dir-825.Same issues.In fear of malware, spyware, etc (I run a tight ship on my computer, I love it dearly and I'm mildly paranoid), I formatted the SSD, reinstalled Windows 7 64bit. Same issues.My ISP has to authorize every connection, so I've used the router to use my Mac Address and I can connect with the cable directly in the back of the computer, or to the router
View 12 Replies
View Related
Jun 16, 2011
I've a Cisco 5550 which hangs on powering up and stays at " Booting System, please wait..." forever and it has a flashing green Status LED.
The steps I've taken so far are:
1. Consoled with a different computer and tried to send the break signals (didn't work)
2. Open up the unit tried to remove the RAM's and reseated them again.
3. Taken out the CMOS battery on the board and replaced it with the new one (no luck still)
What is the next step, or shall I assume that the unit is dead.
View 1 Replies
View Related
May 20, 2010
For many years we've had the following vlan and port security config on our 3560s: [code] This has worked great on 12.2(37)SE1, 12.2(40)SE and 12.2(46)SE. However since 12.2(50)SE, and I've tried all the versions since then, we have a problem with 7900 phones and ATA186s taking upwards of 20 minutes before they can get a valid IP number.The problem on the newer IOSes seems to be related to the inactivity aging.On the older IOS versions the mac address of the voice device appears on the voice vlan straight away.
On the newer IOS versions the mac address of the voice device appears on the DATA vlan and seems to be stuck there until the inactivity aging removes it. It then gets re-learned, sometimes on the voice vlan, and sometimes on the data vlan. If you're unlucky and it gets re-learned on the data vlan you've got to wait until the inactivity time ages the address out again. Repeat until the mac address eventually gets learned on the voice vlan. I don't want to be stuck on 12.2(46)SE forever.
View 11 Replies
View Related