Cisco VPN :: ASA 5520 - SSL VPN - Allow User Bookmarks
Jul 30, 2009We have 2 ASA5520's running SSL VPN, we would like to allow users to create their own bookmarks but so have been unable to find out how
View 1 Replies
ADVERTISEMENT
Cisco Firewall :: Create Local User In ASA 5520 To Allow User To Use ASDM In Read-Only Mode?
Oct 10, 2011I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies View RelatedCisco VPN :: ASA 8.21 Client-less Web VPN Bookmarks / Open In New Tab?
Apr 22, 2010ASA 8.21Within a clientless WebVPN homepage, is there a way to open a listed link/bookmark in a new tab? When I try to do it with the browser (right click.. Open in New Tab) it simply opens the site in the current tab.
View 2 Replies View RelatedHow To Restore Saved Bookmarks
Aug 9, 2012I just reinstalled windows and am trying to restore my previous settings. I was wondering how to do that, specifically with the bookmarks.I originally saved my bookmarks with an export, and I have the saved file.I cannot seem to get my bookmarks back. I have tried all of the options.I am using the internet browser, google chrome.
View 2 Replies View RelatedCisco Firewall :: ASA 8.4 / ASDM 641 - Missing SSL VPN Bookmarks
Mar 14, 2011Came across problems with missing Bookmarks on an SSL RA VPN (ASA 8.4, ASDM 641)?I have an SSL group policy which is configured to use a Bookmark list. When a user signs into the SSL VPN, they can see other settings that have been manually configured such as Smart Tunnels but no bookmarks appear. I know the user is receiving the correct group policy (I created a banner which the user gets successfully when they sign in) but I'm at a bit of a loss.
View 3 Replies View RelatedCisco Firewall :: ASA 5510 / Use Of Bookmarks Of Resources Which Are Located Behind A S-to-S VPN?
Apr 16, 2013I was wondering if i can create (a) bookmark(s) of resources which are located behind a particular Site-to-Site VPN?We are using a Cisco ASA 5510 (9.0.2) with SSL VPN configured. The tunnel is up but when i try the bookmark, i get the error "server unavailable".
View 2 Replies View RelatedCisco VPN :: ASA 5520 - User Login History
Mar 2, 2011We are using the ASA 5520 as Firewall and VPN gateway for remote access by employees and vendors. Is there a way to view a history of VPN user logins? We used to have (or we still have but no longer using it) th CVPN 3005. This device keeps log files of all activities. I miss having this capability in the ASA 5520.
View 4 Replies View RelatedCisco WAN :: 5520 User VPN Through Secondary Internet
Dec 18, 2011We have an ASA 5520 in production with a brand new internet feed we've just finished installing. We connect to our corporate office via a VPLS. In our corporate office we have a Cisco 1841 (I think that was the year it's made! ) with an ADSL feed with a static IP address plugged in directly.
We have a user VPN that we integrate with our user directory on the router, which connects via the ADSL. The users get an IP addres at the tail end of the 172.31.14.0/24 range, which is the same as one of our corporate subnets (we just reserver a few address, we don't have many VPN users).
Both the ASA and the router connect to each other (via the VPLS) on the internal subnet 10.255.255.0/24.
-The ASA is 10.255.255.1
-The router is 10.255.255.100
Currently the default route for the corporate office goes out the Dialer interface for the ADSL, which means that's where our internet goes out there (all proxying aside, we'll leave that out of this one). ip route 0.0.0.0 0.0.0.0 Dialer1
We'd like to change that default route to go via the VPLS to the ASA, and then out to the internet using the new feed. All the ACLs and rules are in place at both ends for this to work. If I change the default route on the router to: ip route 0.0.0.0 0.0.0.0 10.255.255.1Then it works as expected.
The problem is that then the user VPN breaks. I had hoped I wouldn't have to do any configuration on this but it looks to be so. I'm guessing that the VPN packets are coming in via the ADSL and back out via the new internet. It would be simple if the remote client had a static IP address as I could put in a static route for each user, but it's always going to be dynamic.
What do I need to put in place to get this working? I thought maybe I could leave the default route via the ADSL and put in a next hop rule to go via the VPLS for the specific subnets that need the new internet, i.e. have a subnet specific default gateway, is this possible? (I gave it a go but it didn't seem to work, I think I didn't implement it properly though as it still went via the ADSL, maybe because there is a nat route-map as well?).
Cisco VPN :: 5520 AnyConnect Can Auth A Machine And Then A User?
Aug 10, 2012We are rolling out a new VPN infrastructure utilizing ASA 5520's (one active/standby cluster at each of our two sites) and making the conversion from the old IPsec client over to AnyConnect 2.5 clients. We do have AnyConnect Premium licenses at both sites, but are not utilizing ISE. What we want to do is first auth the machine that's trying to initiate the AC VPN session to determine if it a company-owned machine (with the idea that only co-owned machines can connect), and then auth the user using RADIUS, which uses attribute 25 to assign them into groups for policy application. We have the RADIUS piece working now, but is there a way to first do the machine auth, and then the user auth? We don't just want to use something like cert-based VPN because if the machine gets stolen (or a non-co user otherwise gets into the OS) then we don't want the non-legit user to be able to establish a VPN session just because they have access to a company machine. The other rub is that the machine auth solution must be cross-OS compatible (we use a mix of Windows, MacOS and Linux on the machines that should be allowed to VPN.)
View 7 Replies View RelatedCisco VPN :: ASA 5520 / Restricting End User To One Specific Group With AnyConnect?
Feb 6, 2013I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication. I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account. How do I restrict this so that the user can only use one profile? Currently users capable of VPN would be placed in one specific AD group so that is what SecureACS checks. Is there a sample configuration guide to handle multiple profiles with different levels of access?
View 3 Replies View RelatedCisco Security :: ASA 5520 - VPN Client Remote User Limit
Jun 16, 2012how many remote user connect using Cisco VPN client on Cisco Firewall ASA5520-BUN-K9? Already i read VPN Client FAQ But their have no information about user limitation.
View 1 Replies View RelatedCisco Firewall :: ASA 5520 - User Lose Session With Server While VPN Still Established
Jul 7, 2012i have user connected to office using Cisco vpn client , Cisco asa 5520 acts as vpn gateway, frequently the users got disconnected from the server while the VPN still established and not disconnected!
what is the cause of the issue , where the fault is located ? how to start the troubleshooting to figure out the issue?
Cisco AAA/Identity/Nac :: ACS 5.2 User Roles And Restricting User Access To Add Items?
Sep 22, 2011We are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.
View 1 Replies View RelatedCisco Firewall :: 5510 - Display User Message When User Connects Using AnyConnect Client?
Apr 20, 2009We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
Cisco Wireless :: Allow User To User Traffic On WLC 5500?
Nov 21, 2012Is it configurable to allow wifi user to user traffic on WLC 5508?
View 4 Replies View RelatedCisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8
Nov 2, 2012We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies View RelatedCisco :: Tracking User Changes In LMS 4.1?
Dec 1, 2011I was wondering if it is possible to track and or log the changes that users make in in LMS 4.1. For an example if someone changed a configuration I want that being logged. I want to see what the person changed, when it's changed and who changed it.
View 2 Replies View RelatedCisco :: LMS 4.1 User Tracking?
Dec 27, 2011what is the best way to do a acquistion on ip address on devices that appear to be dead until ping before LMS4.1 reports onn them. For example we run acquistion on a branch we do not see 172.20.12.51, howver we ping it from my desktop Claims unplugged when plugged in, and says "safe to remove" when I unplug the cableand then run user tracking and then it shows up.
View 1 Replies View RelatedURL That Contains User Id?
Jul 1, 2011I'm creating a forms section on our intranet, I want to be able to link direct to specific forms so that it opens immediately. Currently all our forms are MS Word templates that you access by opening MS Word and navigating to the template that is stored on the c drive which staff cannot access directly from their pc's as it is 'locked down'.Now... I can create a url that opens the form directly (i.e. without needing to open Word and navigate to the form template) however that url contains a userid e.g. c://programfiles/word/my-userid/leave-form.doc I obvious cannot use such a url on our intranet to link directly to a form because only I would be able to open the form as it is my userid!
View 1 Replies View RelatedCisco Wireless :: SG-300-52 User Manual?
Jun 25, 2011Where can I download the user manaul for this switch, not the quick start guide?
View 1 Replies View RelatedCisco :: How To Kick Off A User In Prime 4.2
Mar 4, 2013possible in Cisco Prime 4.2, to kick off a particular user? in GUI or CLI ?
View 0 Replies View RelatedCisco VPN :: ASA 5510 VPN User Authentication
Apr 5, 2011We are changing our old Pix 515e this weekend and for brand new ASA 5510.With this new installation, I would like to implement the Radius authentication for remote vpn user. Changing the firewall of the company has many impact and for the first phase the user will keep authenticating locally but I need that in phase 2, they will be authenticated via a radius server.Is there a way to configure both authentication for remote vpn user?
All user will be authenticated locally except the member of the IT Department who will be authenticated by the radius server for testing.I have remote vpn users around the world so I do not want these users to be blocked by the testing of the radius authentication. What I want is that users in group1 will be authenticated locally on the ASA and users in group2 will be authenticated by the radius. When testing will be done, all users will be transfer to the radius authentication gradually.
Cisco :: LMS 4.1 And Nexus 7k User Tracking?
Sep 1, 2011I am trying to determine why hosts off our Nexus 7010s are being picked up in UT. Since LMS 4.0.1, UT should be supported on these devices.When adding the Nexus devices to DCR, provide the netadmin SNMP RO credential.When other SNMP RO credential is provided, user tracking will not collect end host data.I think I have this setup correctly as the device center test passes when cehcking snmp ro credentials.Our 7010s are running NX-OS 5.0(3) - earlier than the recommended version - might that cause issues? We are not using VRFs other than the default and management.
Here is my snmp section:
sh run | sec snmp
ip access-list copp-system-acl-snmp
10 permit udp any any eq snmp
10 permit udp any any eq snmp
20 permit udp any any eq snmptrap
[code]....
Cisco AAA/Identity/Nac :: ACS 5.2 Add A User Into Several Groups?
Apr 5, 2011We are running two ACS appliances but we cannot figure out how we can add a user into 2 differents groups.Here's the context :We have a company A which is having devices, this company uses Group A.then we have a company B which is having devices, this company uses Group B.But the admin has to manage the devices for both companies A & B.We don't want to mix devices from company A with company B.Is there a way to add the user into both groups A & B.
View 5 Replies View RelatedCisco VPN :: ASA 5505 User Cannot Login
Mar 5, 2013I have an ASA 5505 that is hosting a SSL VPN. The user can not login. They receive login error. To the best of their knowledge, this problem started after the office Domain Controller was rebuilt. I have looked on ASA and in AD and cannot seem to trace the issue.
View 9 Replies View RelatedCisco VPN :: ASA And ACS 5.3 Multiple VPN Profiles For One User
May 21, 2012I have a question about ACS 5.3 and ASA VPN profile authorization. I am not sure if it is possible to allow one single user for a set of VPN profiles on ASA, let's make an example:ACS 5.3 group hierarchy:VPN users global should have access to VPN profiles A, B and Z (here we create an authorization profile with no class an no lock attributes, so the group is allowed for all VPN profiles),VPN users A should have access to VPN profile A (here we create a authorization profile with class and lock attributes for profile A),VPN users B should have access to VPN profiles B and Z (is this possible and how does the authorization profile have to look like?)
View 3 Replies View RelatedCisco :: LMS 4.1 User Tracking Not Sortable?
Nov 27, 2011in LMS 4.1, under Monitor->Identity Dashboard, i have "user tracking summary" as a portlet, which tells me i have ~ 17,000 users. when i click the report, it pops up a screen that shows mac address, ip address, hostname, subnet, etc.
If i try to do ANY filtering, it returns 0 records. this could be from a specific IP, mac address, device name, or subnet. i have tried every type of record. every filter i attempt always ends with 0 records returned, even though in the unfiltered list they show up. It would be problematic to manually sort through 17,000 users looking for the particular records i need without the ability to use the filter.
how to filter the User Tracking report? is there some feature in LMS i don't own or have enabled to allow this filtering?
Cisco AAA/Identity/Nac :: ACS 5.2 Maximum User ID
Jan 5, 2013what is the maximum user IDs that I can create to the ACS server? The client have an ACS appliance with version 5.2.
View 2 Replies View RelatedCisco :: WCS (v5.2.193.0) Client User Name (unknown)
Feb 16, 2011We are running Cisco Wireless Control Sytem (v7.0.164.0) with 4 - WLCs (v5.2.193.0) and about a 100 Aironets and I was wondering how to get WCS to identify the Client usernames? When trying to view monitored clients usernames, all it shows is Client Username <unknown>, though their MAC and IPs are correct. I'm not sure if this has to do with mobility anchors or not, but currently we have none setup in case. How to resolve the machine name or actual username that is logged in... either one.
View 2 Replies View RelatedCisco :: LMS 4.2 - NullPointerException With No User Tracking?
Mar 15, 2012I have just got LMS 4.2 soft appliance up and running. When going to Inventory >> Acquisition summary, I get a HTTP 500 error with java. lang.Null Pointer Exception. That is obviously a bug somewhere (although the TAC engineer disagrees with me). I am just wondering if this is could have been caused by the fact that I have not done any user tracking on this LMS server yet? [code]
View 1 Replies View RelatedCisco :: LMS 4.3.2 User Tracking Cannot Be Started
Feb 18, 2013We are running LMS 4.3.2, it was running OK... but now we receive the following message:
"User Tracking Major Acquisition cannot be started as Network Topology, Layer 2 Services and User Tracking are disabled."
All processes are running. System restart and re-install the 4.3.2 update does not fix it. I think this happens after a device update, maybe FaultManagementDeviceUpdate...
Cisco :: User To One Session At A Time In ACS 5.1
Apr 10, 2012I have installed the ACS 5.1 and linked to my WLC, and when I enter my Logeo I agree Signature: User and password whenever you want from different devices, I want to do is only allow a user to one session at a time.
View 7 Replies View RelatedCisco :: LMS 4.0 User Account Lock
Mar 25, 2012how many unsucessful attempts a user has to access the LMS application prior to the account being locked? Is this configurable?
View 3 Replies View Related
