Cisco VPN :: 5500 Authentication Based On Mac Addresses

Feb 10, 2011

I currently have a asa 5500. is there a way to authenticate based on mac address throught the vpn client. We are haveing problems with useres using there home computers to connect. Yes they are smart enought to install the client and copy the profile.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: Internet Access Restriction Based On IP Addresses ASA 5500

Oct 20, 2010

One of my Clients just aquired a CISCO ASA firewall, and they would like to restrict internet access, that is they want to block internet for Junior employees while managemnet remains connected, Looking at the situation, The ASA serves as the gateway,I tried an Access list like below for one pc to test if it works but instead everyone just went off, may be i misfired somehwere.
 
Access-list 110 deny tcp any host 192.168.20.100 eq wwwAccess-list 110 deny tcp any host 192.168.20.100 eq 443Access-list 110 permit tcp any any eq wwwAccess-list 110 permit tcp any any eq 443access-group 110 in interface inside

View 11 Replies View Related

Cisco Security :: To Restrict Remote Access VPN To ASA 5500 Based On Source

Oct 20, 2012

Is it possible to  restrict the Remote  Access VPN to  ASA based on the Source  Public IP , if so  how ? here I am not talking about the  VPN-Filter under group-policy . I Want to restrict the access from specified source  IP  (Public IP)

View 1 Replies View Related

Cisco Switching/Routing :: Prioritization Of Voice Traffic On An Uplink On Nexus 5500 Based On DSCP EF?

Jan 20, 2013

I have a Nexus 5500 which is the core of our network and we have access layer switches uplinked to it. I know by default the qos markings will be trusted.

1. On a trunk uplink from an access layer switch to the Nexus, I have "mls qos trust dscp". Will the DSCP marking be preserved when it reaches the Nexus?

2. How do I do prioritization of voice traffic on an uplink on Nexus based on DSCP EF?

View 3 Replies View Related

Cisco VPN :: MAC-Based Authentication In ASA 8.2 AnyConnect VPN

Sep 19, 2010

I have been configuring anyconnect VPN. The requirement from customer is to configure MAC address based authentication for anyconnect clients. I have gone through various cisco documents. I couldnot find this option explained. Is MAC address based authentication possible in anyconnect vpn without having AAA server in place?There is an option to select end point attribute as MAC address, while creating Dynamic access policies. But at the host scan configuration of Cisco secure desktop, there are no options for performing MAC retrieval.
 
My ASA is running on version 8.2(1) and ASDM version 6.3(1) and a memory of 512 MB RAM. Any way for MAC based authentication in cisco anyconnect VPN.

View 3 Replies View Related

Cisco Wireless :: 5500 LDAP And Local AAA Authentication On WLC

May 5, 2013

Is it possible to use both LDAP (to Active Directory) authentication for a WLAN defined on a 5500 series controller, and use the local user account database (AAA) for the guest vlan?

View 1 Replies View Related

Cisco Wireless :: 5500 - Authentication Central At HO And Branches?

Mar 10, 2013

In my network:- at HO: 2 x WLC 5500 and 20AP, ACS, AD- at branches: 5 AP at each branchI configure the H-Reap. Now, I have some question about Cisco wireless:1. Only 1 Wan link between HO and branches, How I should configure when the WAN link down, all AP at branches still works, users still connect?

2.Based my network architecture, I should authentication central at HO or authentication at HO and branches? AP at branches supports local authentication or not? If we want to authenticate on AD at branches, how can I configure?3. I also want IT at branches have managed AP at their branches. When branch has visitor, IT at branch create temporary key and provide to visitor. at branch, how can I do that?

View 5 Replies View Related

Cisco Wireless :: Overwrite Image Web-authentication-bundle WLC 5500?

Jun 9, 2013

how to replace an image in webauth-bundle on WLC 5500?When I run "show custom-web webauth-bundle", I do see the files:

aup.html
login.html
yourlogo.jpg
 
But, the size of yourlogo.jpg is too big and need to replace with a smaller one.I have tried (with the appropiate IP and filename):

transfer download mode tftp
transfer download datatype image
transfer download serverip tftp-server-ip-addres
transfer download filename {filename.jpg | filename.gif | filename.png}
 
but, it does not work.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Certificate Based Authentication And Windows 7

Jan 9, 2012

We use a combination of Cisco ACS and Cisco catalyst 3560 switches for network authentication and authorization. Clients (Windows XP) have a certificate installed which will grand access to the network and put them in the correct VLAN. So far, so good. Some users are testing with Windows 7 in the same set-up as above and run into strange behaviour. The problem is that after a random timer the machine gets de-authenticated and nothing besides a reboot works to get the computer authenticated again (from a Windows point of view). It looks like this only happens to users who are using a certificate to authenticate, Windows 7 MAC bypass users have no such problems. If it occurs, the following logging appears in ACS: [code] We are using ACS 4.2(0) Build 124 and 3560-48PS switches with IOS 12.2(55).

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Authentication Based On AD Credentials

Nov 13, 2011

What i want to do is simple. Being able for any member of Administrators group to authenticate on our ASA5510 based on the AD credentials.
 
What is correct CISCO procedure for that?

View 1 Replies View Related

Cisco Wireless :: WLC 2504 Authentication Based On AD / LDAP

May 17, 2012

What are the possibilities for configuring a WLC to authenticate WLAN users based on their Active Directory user account?
 
Is this possible by setting up local EAP on the WLC?
 
I’ am looking for a solution where there are no changes to the Domain Controller involved and also no setting op IAS/RADIUS.
 
WLC:2504

View 8 Replies View Related

Cisco Wireless :: 2504 -configure MAC Authentication With Certificate Based

Jan 8, 2013

I have cisco 2504 WLAN controller with 7.4 IOS. My query is can I configure the MAC authentication with certificate based. And without using any external servers like Radius, ACS and LDAP.
 
May I know, If there is a option on WLC…

View 4 Replies View Related

Cisco Wireless :: 5500 / Controller Versus Cloud-based (Controller)

Mar 31, 2013

We are trying to navigate the waters in choosing between a in-house, controller-based, wireless network solution or a cloud-based solution. We have been presented with the usual suspects in cloud-based (Aerohive, Meracki, etc) and with Cisco (5500) and Aruba on the other side. We are a multi-campus organization with approx. 200 APs.Any hard reasons why go with a controller-based vs. cloud-based solution? If we must keep the conversation limited to Cisco, why go Meracki over Cisco's WLC solutions or vise versa?

View 1 Replies View Related

Cisco :: 2504 LDAP Setting Up To Accept Authentication Based On Device

Aug 19, 2012

How can I setup the WLC to accept authentication based on the device itself and not a user?

View 7 Replies View Related

Cisco AAA/Identity/Nac :: WLC 7.4 / ISE Authentication Via Active Directory Based On SSID And AD Group?

Apr 15, 2013

I am deploying ISE with WLC 7.4. I have two SSID(s) running in my network 1. Corporate & 2. Services. I have a domain setup lets say "AD.com" with 4 groups 1. Corporate, 2. Services, 3. Employees, 4. Contractors.Here is an example of the scenario that I want:
 
AD.com Group : Corporate's User : 1. C_USER1
2. C_USER2
3. C_USER3
4. C_USER4
5. C_USER5

[code]....
 
Now what I want to do is have 802.1x authentication on my Corporate SSID that will check in AD.com, ONLY AND in ONLY corporate group for authentication. That is only C_USER1 to C_USER5 are allowed to connect to it. Users from any other AD group shouldnt be authenticated on this SSID.The same for the services group & SSID.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 RADIUS Authentication Based On IMEI And MSISDN Attributes

Apr 19, 2011

I've been working on trying to get RADUIS authentication working for devices connecting to our corporate mobile APN.  Out APN provider sends us Username & Password attributes which I can authenticate fine using ACS 5.2 but I'm having a problem using other attributes sent in the Access-Request.  We have mobile SIM cards with an MSISDN value match with a physical device with an IMEI value.  The SIM cards cannot be used in other devices, only their matched device.  The provider passes us the MSISDN attribute under RADIUS-IETF 31 and the IMEI under a VSA of 3GPP-IMEI
 
What is the best way of being able to authenticate a user and match the MSISDN and IMEI associated to that user?

View 1 Replies View Related

AAA/Identity/Nac :: ACS 5.3 RADIUS Authentication Based On IMESI & MSISDN Attributes

Jan 9, 2012

I'm trying to find out the options for authenticating remote users via IMEI and MISDN values via ACS 5.3/I'm unfamiliar with the Radius attribute options here and what kind of request/response we can utilise.  Also previously I could define IP pools on ACS 4 but can't seem to do that now.  Is there a way have ACS 5.3 to provide a DHCP server address for the connection ?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ASA-5510 / IPSec Client Authentication Based On AD Group Membership?

Aug 26, 2009

Looking to fine tune Cisco IPSec client RA-VPN authentication on our ASA-5510.  Currently using NT Domain authentication.  It's been working fine for quite a while but is too broad a brush.  It authenticates anyone who is in the domain.  We need to only authenticate folks who are in a specific AD remote access security group.  I'm testing LDAP but am getting the same results.  I can get it to authenticate based on overall domain membership but can't seem to figure out how to check group membership. 
 
We've updated to ASA 8.2(1) and ASDM 6.2(1).  It seems to have more LDAP functionality but I'm not an LDAP expert.  I've posted an image of the LDAP server dialog from the ASDM.  I originally tried putting the Group DN in the Base DN field but kept getting a "can't find user" error when testing.  I also tried adding the group info in the "LDAP parameters for group search" field at the bottom.  But it doesn't seem to be looking there.  Note that the current value is the Group Base DN only.  I also tried putting "memberOf=" in front of that.  Still no luck.  The values shown in the image work for simple domain membership.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Configure IEEE 802.1x Port-based Authentication On Switches / Preferable 2960 Series

Aug 14, 2011

I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone. I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

View 1 Replies View Related

Cisco Routers :: RV042 When Updating / Adding Mac Addresses / Table Is Always Sorted By IP Addresses

Oct 8, 2012

In  setup for old RV042 (V1),  when updating / adding Mac addresses, the table  is always sorted by IP addresses. But in the new oneRV042 (V3) I have, even with latest firmware 4.2.1.02  the list  is random, thereby increasing the chance of user entering DUPLICATE IP addr  with diff Mac addr.  That will result in conflict.If the firmware sorts the DHCP entries by ip addresses, user would be  able to catch duplicate ip errors even if the system does not flag the  errors.  All Cisco smart engineers can you all get the dhcp entries SORT by  ip addresses.

View 2 Replies View Related

Add A Dos Based Computer To A Windows Based Network?

Jan 18, 2012

How do I...add a dos based computer to a network running windows 2003

View 1 Replies View Related

Cisco :: WLC 5500 - Log In Using ACS 5.1

Jan 23, 2012

How to successfully manage to configure ACS 5.1 to accept log in request from a 5500 WLC?

I've managed to get it configured following the follow link [URL], but when I try to log in to the WLC using my ACS credentials I just get the log in screen again.  I've checked the ACS logs and it says my username has passed the authentication process and it matches all the rules I've set.  The only thing I've noticed is my "Privilege Level" is only 1 but I'm not sure if thats correct for a HTTP log in. 

View 21 Replies View Related

Cisco :: WLC 5500 With Multiple APs?

Jun 5, 2011

We have a WLC 5500 apliance, but i have a problem, the APs have a administrative IP in a diferent segment, only conected to WLC the AP have same segment of the management interface, the 5500 don´t have APmanager interface.How configurate the WLC to conected and administrate all AP with different segment IP
 
Product Version.................................. 6.0.182.0
 chasis:        AIR-CT5508-K9

View 3 Replies View Related

Cisco :: 5500 - Any Limitation With WLC / NGS When Comes To NAT

Jun 27, 2011

Due to lack of address space, I have to go to NAT for our wireless guest users.Are there any limitation with WLC/NGS when comes to NAT?I have four 5500 WLCs, should I put them in 1 mobility group, at 2 different locations?

View 1 Replies View Related

Cisco VPN :: Failover Be Done On ASA 5500

May 3, 2011

We have a customer requirement of providing secure connectivity from Remote Office to HQSame time to provide certain level of layer 3 redundancy via secondary link should the primary link fail We are looking at ASA5500 series firewall for both Remote office and HQ.Can this be done?

View 3 Replies View Related

Cisco :: WLC 4400 To 5500 Migration?

May 30, 2012

We have a single 4404 that was setup long before I arrived with Guest networks that timeout and other such tweaks.  Is there a document somewhere that shows a way to migrate the old settings to a new 5508 that we are purchasing?  By the time the 5508 arrives I will have a very small window to setup the unit before a new wing goes live.  I need the new unit as we have reached our limit of licensed AP's on the old 4404.  It seems like everyone keeps talking about an easy way but no one says how to do it.
 
I have never setup one of these units before from scratch so I don't know how long it will take.

View 6 Replies View Related

Cisco VPN :: VPN Client Traffic Through ASA 5500?

Feb 10, 2011

I have been trying to conect a Cisco VPN client through an ASA and it makes the connection but doesn't allow any traffic through. The ASA does have a site to site VPN attached to the outside interface.I suppose the first question is it possible to allow VPN client to connect through an ASA 5500 from the inside network when there are Site to Site VPN's already attached to the outside interfaces?If possible then what have I missed. I have tried adding NAT exempt for the traffic between the internal networks and "an IPSEC pass thru Inspect Map".

View 4 Replies View Related

Cisco :: Can't Access WLC 5500 - Incomplete MAC

Mar 18, 2013

I have a 3750X set up with a number of VLANs and have connected a WLC5500 to this. I've assigned the port on the switch to the correct VLAN, given the WLC a management address on that VLAN and it has the correct gateway. I can ping to this gateway from other devices, but not from the WLC and can't ping or browse to the management address of the WLC (I can browse to it when plugged directly into the SP).
 
When checking the switch arp table, it shows the IP entry of the WLC as INCOMPLETE yet show cdp nei detail shows the device on the correct IP and all the device details. I have changed the port on the switch, the port on the WLC, the cable and the GBIC, cleared the arp and rebooted all devices and it hasn't made any difference. On the switch, I tried assigning the burned-in MAC to that IP statically but it didn't work - does each port have an individual MAC?

View 3 Replies View Related

Cisco VPN :: Licensing On ASA 5500 Series?

Nov 15, 2011

We have the ASA firewalls in our environment - two 5510's and one 5520.Our 5510's are currently used in our production environment and the 5520 is our firewall for pre-production and support personnel. My question is about the AnyConnect VPN licenses we have. Currently we have 100 seats for AnyConnect on our production ASA's, but we'd like to see if we can move half of these to the 5520 ASA?

View 1 Replies View Related

Cisco VPN :: Asa 5500 Query Reg Vpn Creation

Feb 8, 2011

i have a query regarding the no. of isakmp policy priority creating..when i create a new policy in ASA 5500 firewall, i get the below error...i assume it will support only 20 nos, where as we can use between 1-65535.. can anyone from cisco confirm it...running version is 8.x & VPN Plus license.Policy limit reached. No more than 20 isakmp policies can be configured.”

View 2 Replies View Related

Cisco Firewall :: ASA 5500 Configuration For VC?

Aug 13, 2012

i have to open ports for vedio conferencing in my Firewall configuration ,

View 1 Replies View Related

Cisco :: WLC 5500 Management And Monitoring?

May 11, 2011

we are looking forward to monitoring the cpu, environment variables and the memory of a wireless lan controller via snmp. but we are not able to find in the mibs the right oid to manage this.can the exact oid be given in order to monitor these three elements on a cisco WLC 5500 series.

View 1 Replies View Related

Cisco Infrastructure :: ASA 5500 - Changes To Wr Net Setup In ASA 8.43

Jun 3, 2012

We have been deploying ASA 5500 series devices for longer than I've been around. We have always used a script from a tftp server that would use the "wr net" command to send the running-config to the tftp server for daily backups. The script was setup to automatically name these "hostname-mm/dd/yyyy" for each device. We cannot seem to get this working on devices running ASA 8.43. In fact I can't even get the "wr net" command to work from the ASA at all even though I have the tftp server defined correctly (note this is going over the "outside" interface so I always get the warning regarding using the interface with the lowest security level). I'm sure there is something out there that I have overlooked, however I have not been able to come across this. Have there been any changes in the setup, or functionality of the wr net command or the tftp configuration with ASA 8.43?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved