i've configured 4 connection profiles (IT,HR,Admon,VIP) on the asa everything works well, but our boss wants to know if it's possible to assign the right connection profile without using group drop-down list, what he wants is to use a unique connection profile (non-default) and via radius attributes using ACS 5.X to assing the right profile.
View 6 RepliesWorking as a consultant I find it annoying I cannot see a drop-down list in the AnyConnect client as you can with the traditional IPSEC VPN client with multiple profiles. How to modify the default profile to list multiple entries?
View 5 Replies View RelatedCisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 7.0(2)
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
#show webvpn anyconnect
1.disk0:/anyconnect-win-3.1.00495-k9.pkg 1 dyn-regex=/Windows NT/
CISCO STC win2k+
3,1,00495
Hostscan Version 3.1.00495
Profile in atthach-file. After this profile is uploaded to client Optimal Gateway Selection doesn't work propertly: When 'vpn1.mydomain.com/mygroup' (it best TTL server) is unreachable, then OGS try to be connected to other servers, but without group-url, for example 'vpn2.mydomain.com' (instead of 'vpn2.mydomain.com/mygroup')
I'm looking into starting a file sharing server (think this is what its called) which will allow people to login into one of my PC's over the internet and download my files. My goal is to allow family members and friends to access my files and only specific files on this PC. The files could be family videos as well as pictures. Some video files will be in excess of 10gb along with typical jpegs and what not. I'll probably be running windows server 2008 on it. I'm also considering allowing people on some other forums that I'm a member on (cars, hobbies, ect) and allowing people to host vids on my server. My current IP provider is Comcast and I'm on a Dynamic IP so wondering how easy this is or if its recommended I get a static IP.
I' am looking for some articles that you'd recommend on this. I'd also like to have password protection / or login criteria so car members aren't able to view all my family videos, but can only log into some folder labeled (cars) and not my folder labeled family. Or another option would be that people have to login before they are able to even see what folders are accessible.For instance car members could only see car folders Family members could see anything stored on the PC?
I'm in router setting in 1921, I have 40 remote VPN group profile attributes, but I can only connect simultaneously at 30, I wonder if there is a maximum limit of groups configured on a router 1900 IOS
View 0 Replies View Relatedverify if the ASA 5520 CSC module way of applying security policy (http, smtp, pop3, etc.) is per network/subnet or group of users? Based on my understanding through reading, web and email protection profile/config is global. It will be the same to every network user that is redirected via service-policy config on the ASA.
Scenario: I have two VLAN, guest and employee. Of course guest and employee have different web filter profile. Can i configure it such that guest web-filter profile is not just strict while employee's access is limited only to productive internet sites.
I'm currently using a LMS 4.2.x System and an ACS 5.3 System.
I solved the problem to authenticate the LMS WebGUI login to the ACS Server. But, I can't not find any document, which descripes how I can assing the group roles via ACS.
I'm trying to configure ACS 5.2 to assign the VLAN to a user dynamically based on the AD group that the user belongs to. I've gone into:
Users and Identity Stores -> External Identity Stores -> Active Directory -> Directory Groups tab
and selected the group name from the AD. If I understand correctly, I should now see this group under:
Policy Elements -> Authorization and Permissions -> Network Access -> Authorization Profiles -> Common Tasks -> VLAN ID/Name
However, it does not. Am I missing something?
Basically I want to query Radius for AD group membership and apply a set of Bookmarks based on that group. I would use LDAP, but we have two domains and I need both to be available for login, so I am using ACS 5.3 as a proxy. I saw that using attribute 4242 for DAP for group membership, but what is the Group syntax?
View 1 Replies View Relatedhaving LMS 4.0.1 is it possible to authenticate user on a group base and assign different privilege to different groups?. The user's group are available in the LDAP server.Do I have to use a TACACS/RADIUS server between the Ciscoworks LMS and the LDAP repository?
View 1 Replies View RelatedIs there any way (in ACS 5.1) to assign personal access list to each user instead of assigning it to Authorization profile and Authorization profile to user?
View 5 Replies View RelatedI am trying to harden my Nexus box and I am not able to ACL assigment command. Following are the commands I am trying to add.
interface cmp-mgmt module 5
Ip access-group NETWORK_MANAGEMENT_ACCESS in
Can i use acl object group with wccp redirect list?My platforms are 6500 and isr 2921
View 1 Replies View RelatedI have a problem with one of our IPSec site-to-site vpns.
-we use ASA5540 and the remote site uses a software based FW (steelgate borderware). -there are some old ACLs on our FW that have the remote site's IP address as an incoming node having TCP.... access to some servers on our LAN (why they didn't use static/dynamic NAT for clients of both end to have TCP connection???)
-when I try to set up the vpn the name entry of the remote site (which is optional) changes with IP address of the peer in vpn profile and it confuses the vpn, so the IKE phase1 won't establish. the name entry is because of those ACLs that have been entered in the past.
Q- How to stop ASA creating names via ASDM when adding ACLs?
Imagine the other site's network people are the most inflexible IT guys to do any changes in terms of using static or dynamic nat for their clients to have access to ours, so I can replace their FW IP address in ACL with other NAT addresses.
editing the name of a vpn connection profile and its policy, i have created the profile throught ipsec VPN wizard, the profile got automatically the name: DefaultRAGroup and also its grouppolicy got the name: DefaultRAGroup, in the edit window i cant change the Name?how can i rename them?
View 1 Replies View Relatedhow we can clear the username in the Anyconnect Connection Profile on a users laptop? Currently it defaults to the last username used but our security group would like that cleared so that the field comes up blank every time. This feature was available in the old Cisco 3030's but I can't find it in the ASA.
View 3 Replies View RelatedWe assign in our IPSec VPN the tunnel-address from our centralized dhcp server pools.In the profile we have two server's ip configured.In test (whireshark) we noticed that the discover always go to the first configured ip.
I do not understand and could not finf hints how the function is.
- backup server with a timeout when no answer comes from primary ?
- should ASA do simultaneous discover to all configured ip's ?
=>Problem is, that although the first server not answered in a timely manner, we noticed no discover to the second.
Here the partial CLI - Config:
++
tunnel-group AZInt07 type remote-access
tunnel-group AZInt07 general-attributes
authentication-server-group ActivPack
default-group-policy AZInt
dhcp-server 10.x.x.y
dhcp-server 10.x.y.y
[code].....
I have a pair of ASA 5550s running Anyconnect Essentials, with multiple connection profiles configured. I would like the login page to the portal to default to our main corporate profile (so the users get NAM and all the policy goodness), but presently it is defaulting to the last profile I created. Is there any way to modify the default connection profile in the drop down list so it always defaults to my preferred profile? It seems like I saw this sometime in the past.
View 2 Replies View RelatedI have a big problem with my Cisco 1841 and the WIC-1AM-V2 in Slot 0.I got the task, to test if it is possible, to build up a connection (Dial on Demand Routing) to a remote modem, which is connected to a console port of another Cisco 1841, with the integrated modem card over POTS from the CLI of the router. My router will only dial out to the remote modems and only if its needed.I am connected to the router with the integrated modem card over a console cable on the console port. The remote modem is also connected to the console port of the remote Cisco 1841.
I found out, with my Dialer Profile configuration, it is possible to build up a connection. I configured a dialer list, that specifies that all ip traffic is permitted an interesting for my dialer interface. So a telnet or ping brings up my dialer, which brings up my Async interface. With the "show line" command, I can see that the TTY line, connected with the Async0/0/0 Interface is in use for 5 minutes, because of the "exec-timeout 5 0", which is configured on the remote router. Now the problem is, in this 5 minutes, I can not use a remote telnet on this line with my loopback interface, because the line is already in use and I get a "connection refused". The first telnet I use runs in a timeout, because the remote host is not responding. When I dial out directly from the modem card and not from the CLI with the AT-commands, I get also the connection and with a return i get the login prompt. I will post my actual config, so that you can see maybe a mistake I did or which command I must use, to get a working connection. [code]
I've recently just moved house and we got Virgin Media 50mgs broadband installed with their wireless super hub which is also a Netgear product.However I first noticed up in my room I have weak signal on my wireless devices I have my Dell laptop, xbox 360 and desktop pc with wifi card.I researched this and went out and bought a Netgear wireless extender:
[code]...
Now this does work it gives me excellent signal but it keeps dropping the connection which is extremely frustrating when playing the xbox or on an online game on the pc.I contacted Netgear and all they suggested was updating the firmware
I have a Cisco RV120W router with 1.0.4.10 firmware. The router drop the internet connections, freeze/timeout in admin interface randomly. How can I determine that this is the router's fault, or if it's the switch / internet access is causing it?
View 4 Replies View RelatedI´m working with the WLC 8500 and 7 AP 1550; we already setup this equipments since last year, working without a problem, because there was not much traffic (This WLAN is working on a university). a few months ago we began to experiment a few drop connections from one AP, but 2 days ago, all AP are having drop connection all the time, with latency of more than one thousand miliseconds.
We checked the setup again, and all seens fine, the only thing that we are not sure is about the "load profile" from the 2.4Ghz frecuency, is changing continiously from passed to failed.
All the AP are working as root (no mesh network), all of them are in local mode, they are working at 2.4Ghz, all AP are using the same VLAN (just one).
I have a customer using the RDP plugin via WebVPN on an ASA 5510 (running 8.2.2).They are complaining that after ten minutes or so, the RDP connection drops. Sometimes they can connect again straight away, other times they even have to re-login the ASA WebVPN again.I can't find any logging which explains what is going on.
View 5 Replies View RelatedMy internet connection seems to drop offline randomely while surfing the net. It basically results in yahoo or google freezing for 20-60 seconds before unfreezing and running flawlessly again. I seen a previous post that requested the individual hit start, run, cmd, and enter tracert google.com.
Windows 7 Professional
Service Pack 1
Intel Core 2 Duo CPU E8400 @ 3.00GHz
[Code].....
I am looking for a wireless router with the following features for less than $80.
Gigabit Ethernet
802.11n 300Mbps
Open source firmware support (optional)
I found a few of these on newegg but all of them have reviews which claim that these routers drop the wireless signal every so often and need to be reset. I have a router that has the exact same problem but it is very old now and so I understand. But a new router with this problem is not acceptable.
[URL]
A lot of times our users will have a bad connection from where they are connecting in from. Their Internet connection will drop and the VPN Client disconnects but on our Cisco ASA5520, the connection will still be connected and when their Internet connections comes back, they are not able to connect as the session is still up on the 5520. Is there a way to make the connection clear quicker? I have IKE Keepalives on the RA Profile (Confidence 300 seconds, Retry Interval 2 seconds) but it seems to keep the session longer than that. Is there anything I can do to make the connection clear quicker?
View 2 Replies View RelatedI see a lots of problem associated with wirless connectivity with WRVS4400N, with following config
Firmware version - Firmware Version: V1.1.13
Wireless connectivity - G/N Mixed
Auth - WPA2 AES
Everything else default and AUTO,
Problem:The end devices suddenly drop connection. Wired connection works just fine. The DROPPED device can not be reconnected. On MAC I get AUTH time out. I see the SSID being broadcasted from my HTC wireless analyster so radio may not be the problem. I changed to set the speed to G only or N only but not avail. ONLY way to recover from this is rebooting the router.
Ok, I have a huge problem with my wireless connection. It will constantly lose connection to the internet from my PC, IPod, Laptop etc. What will happen is a yellow warning triangle appears which tells me I've lost internet access. I have had the modem checked and replaced by the ISP with no success so it's likely that it's not a problem on their end. I've changed the wireless channel to move it away from my neighbours with no success.
Here is a copy of my ipconfig /all when the connection dropped out:
C:UsersKevin>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Kevin-PC
[Code]......
I’ve bought a router, and a wireless antenna for my laptop, since I have a high-speed internet outlet in the living room, but I use my laptop in the kitchen (I don’t have any other pc). So I’ve configured my Linksys WRT120N router in the living room, unplugged the ethernet cable from my laptop, plugged the wireless antenna in the kitchen, and everything was working fine with the wireless network. After about one month I was not able anymore to enter my network with the security key, there was actually no prompt for the security key, just a message “Cannot connect to the network”. I then had to reconfigure the router, going to the router IP address (I used the default settings, a blank for username, and “admin” as a password, as per instructions), use another network name, security key and password, and was able to start again a wireless network with the wireless antenna as before. This problem represented other 3 times (in the last 3 months), and was working fine, but now I cannot reconfigure the router anymore, since the IP address doesn’t accept BLANK/ADMIN anymore, and if I go ahead and reconfigure the router a message says I have to use the default settings in the IP address…
View 2 Replies View RelatedWhen i download alot (around 400-700 kb/s) or upload ( around 100kb/s) the router stops responding, for every connection. LAN WAN WLAN, all stop responding... active connections though remain connected but visiting new sites/pages is not possible...
plugging out the power for 10 seconds and booting it up again..
I have what I feel is sort of a strange issue. When I have systems on my home network get their IP from DHCP, they can get to the internet just fine. But it seems that when I assign a static address, they have local network access only, and will not get a connection to the internet. My windows 2008 server is the big problem with this one.
View 10 Replies View RelatedOk so I have a Netgear dg834gb v2 and I have a disconnecting problem on a wireless connection for my laptop. When I am using my laptop, my connection will drop at random moments mostly when I'm playing League of Legends. If I'm not playing it rarely disconnects. It drops for about 10 seconds and comes back up usually, but sometimes I have to reset the router. It only recently started happening and I have no idea why. Maybe it can't handle when I'm playing?
View 14 Replies View RelatedI purchased a WRT110 router about a 18 months ago. I am currently experiencing an issue where the wireless connection to the router will become randomly erratic. My internet connection will slow down or drop entirely. Sometimes my laptop will disconnect from the router entirely. I don't think it's the wireless card in my laptop since I have seen the issue on my desktop using a wireless N USB adapter, my Nintendo Wii, and my wife's Macbook, all within the last week.
I am positive it is the router. I set up a coninuous ping command to the router accross my laptop's wireless using "ping -t 192.168.2.1" in a command prompt. Most of the time, the round trip is 1 to 3 ms or <1 ms. When I am experiencing the connection issues, the ping time will rise significantly, sometimes going as high as 2000 - 3000 ms. About 25% of time, the ping will just time out. When this starts happening, the only way I have been able to restore proper connectivity is to manually reboot the router. The issue eventually re-appears. Sometimes in a few days, sometimes in as little as five minutes. I've gone so far as to restore the router to factory defaults and reconfigure it, but that has not made a difference.