Cisco VPN :: ASA5510 Control Agency Requires A Two Step Authentication

Jan 22, 2013

Currently, we have the AnyConnect client authenticating our users to our AD environment.  All is working as desired.  Now our Controll Agency is requiring a two step authentication for VPN access.  Is it possible (and if so how do you do it) to also configure the AnyConnect client login to send a PIN to the AD usres registered Cell Phone and then require that PIN to be input to make complete the VPN login process?

View 3 Replies


ADVERTISEMENT

Linksys Wireless Router :: WRT54G V6 - ISP Requires PAP Or CHAP Authentication?

Sep 9, 2011

My ISP here at my mother's in Italy (www.teletu.it) gave me the following configuration:
 
1. Supported Protocol: PPPoE or PPPoA

2. VPI: 8

3. VCI: 35

4. Encapsulation: LLC (If not supported: VCMUX/NULL)

5. Modulation: Multimode

6. Authentication Protocol: PAP or CHAP
 
if I connect my laptop to the ADSL modem, it all works just fine and I can connect to the internet (as you can see )
 
HOWEVER, if I then try to configure my WRT54G v6 to use this internet connection (I NEED to be wireless here, or I won't be able to use my iPhone and iPad), there is no way apparently for me to configure the Encapsulation, Modulation, and Authentication Protocol above. I just upgraded my WRT54G's firmware, and am now running firmware Ver.1.02.8, 10/05/2009. I was hoping this would allow me to set these parameters, but I can't find a way.
 
I tried just configuring the WRT54G with PPPoE and the ISP's userId/password, but this doesn't seem to suffice, and I don't see any other settings I could try.

View 3 Replies View Related

Cisco VPN :: Clinet Tacacs+ Authentication On ASA5510?

Mar 25, 2011

How to be able to locate a sample, working configuration of tacacs+ authentication on the ASA5510?

View 2 Replies View Related

Cisco VPN :: ASA5510 VPN Client Radius Authentication With IAS On Windows

Mar 13, 2012

I have this scenario, AS5510 ver 8.4(3), VPN Client 5.0.07, RADIUS authentication with IAS on Windows 2003 Server.The issue is that, establishing the connection with the VPN Client, if the user credentials are correct every things works fine, but if we introduce a wrong password I don't receive an error message or a again the authentication form.Nothing happens the VPN Client keep trying to "contact security gateway", after about 5 minutes it stops without any message.Debugging the authentication process in the ASA I see that if the password is incorrect the radius authentication response is "reject". I have also tried with a different version of VPN Client but nothing change.Using AnyConnect client every things works fine.

View 1 Replies View Related

Cisco VPN :: ASA5510 LDAP Authentication Across W2K3 AD Domains?

Dec 8, 2010

Does the LDAP authentication work across W2K3  Active Directory domains and multiple ASA5510 firewalls? Or do I need to setup another type of authentication? If I use another type of authentication can I get specific portals with special bookmarks based on login account?

View 4 Replies View Related

Cisco :: ASA5510 - 2 SSID With VLans And Radius Authentication?

Mar 10, 2013

I'm using an ASA5510 with AP1130 and attempting to set up a public and a corporate WiFi-network. The corporate one should allow users to authenticate with Radius running on MS ISA for access.
 
VLAN70 security level 1 (IP-range 10.10.70.0/24) for open guest WiFi.
VLAN71 security level 100 (IP-range 10.10.71.0/24) for corporate users WiFi.
VLAN100 security level 100 (IP-range 10.10.100.0/24) server network (only wired servers).
 
ASA is gateway at 10.10.70.1, 10.10.71.1 and 10.10.100.1. It is also DHCP-server for VLAN70 and 71.
 
Radius server is at 10.10.100.5, listening on port 1645 and 1646 for EAP/PEAP and MS-CHAP v2.
 
I get both WiFi-networks with VLAN 70 and 71 working without encryption, ie. open networks. Traffic flows fine and get network access without problems.
 
The problem I run into is that it seems the Radius server must be on the same network as the WiFi-clients for them to be able to authenticate with it. That is, I tried to use VLAN100 as the corporate WiFi network and then I am able to connect, authenticate and get network access if I also enable DHCP for that range. However with VLAN70 as WiFi I am unable to authenticate with Radius on VLAN100. It seems the AP can reach the Radius server but clients never get connected and eventually fail with an error.
 
I can ping the Radius server from the AP. All traffic should be allowed from VLAN71 to VLAN100 in the ASA. Packet tracing shows no errors there.
  
The switch is a 2960G with the following interface config:
 
interface GigabitEthernet0/20
description WiFi trunk
switchport trunk native vlan 71

[Code].....

View 4 Replies View Related

Servers :: Step To Configure LAN In Windows Server 2003

Apr 25, 2011

In my collage i have a LAN to the wind server 2003 again i m also configure a small LAN may be take a 5 computer but the communication is not done.

View 1 Replies View Related

Linksys Cable / DSL :: X3000 / Can't Get Pass The Step Of Assigning IP Address

Feb 16, 2013

some problems when I was trying to install my X3000 as a DSL modem and router.I had to assign a designated IP address but I have dynamic IP from my internet supplier. I can't get pass the stepp of assigning IP address.

View 4 Replies View Related

Cisco Firewall :: Setup SSL VPN With Two-factor Authentication On ASA5510 With Software Version 8.0(4)?

Dec 1, 2009

I am trying to set up SSL VPN with two-factor authentication on an ASA5510 with software version 8.0(4). I want to use LDAP for actual authentication and user mapping, but require a valid certificate signed by a particular local CA to connect.I have imported the CA's root certificate, signed an identity cert for the ASA box and imported, and assigned the cert ("trustpoint")  to the outside interface.Under the connection profile itself (for DefaultWEBVPNGroup), there is an option to select authentication method as AAA, certificate or both. AAA works as expected, authenticating against LDAP. If I select certificate or both, I get rejected with Certificate Validation Failure regardless of if I have a valid signed cert or not. This is what I see with "debug webvpn 100":
 
webvpn_portal.c:ewaFormServe_webvpn_login[1904]webvpn_portal.c:http_webvpn_kill_cookie[682]webvpn_portal.c:ewaFormSubmit_webvpn_login[1964]ewaFormSubmit_webvpn_login: tgCookie = 0ewaFormSubmit_webvpn_login: cookie = c98f3940ewaFormSubmit_webvpn_login: tgCookieSet = 0ewaFormSubmit_webvpn_login: tgroup = NULLTunnel Group: DefaultWEBVPNGroup, Client Cert Auth Failed!Embedded CA Server not enabled. Logging out the user.webvpn_portal.c:ewaFormServe_webvpn_login[1904]webvpn_portal.c:http_webvpn_kill_cookie[682]
 
So, it seems the ASA is only trying to check the cert against a (nonexistent) ASA-based CA. How do I get it to check against an external CA cert?Under "Remote Access VPN -> Network (client) Access -> AnyConnect Connection Profiles", I have ticked "Allow Access" and "Enable DTLS". There is also an option "Require client certificate" which doesn't seem to do anything - whether or not I check it, I can connect and authenticate to the VPN with or without signed certs as long as the previous setting is "AAA".

Some highlights from the config:

crypto ca trustpoint ASDM_pfirewall01.company.tld enrollment terminal fqdn pfirewall01.company.tld subject-name CN=pfirewall01.company.is,O=Company,C=IS,L=Reykjavik keypair company crl configurecrypto ca trustpoint ASDM_TrustPoint0 revocation-check crl none enrollment terminal crl configure  no enforcenextupdate  no protocol ldap  no protocol scepcrypto ca trustpoint ASDM_pfirwall01.company.tld revocation-check crl enrollment terminal no client-types crl configurecrypto ca certificate chain ASDM_pfirewall01.company.tld certificate 02    30820598 30820480 a0030201 02020102 300d0609 2a864886 f70d0101 05050030     <snipped rest of cert>  quitcrypto ca certificate chain ASDM_TrustPoint0 certificate ca 00e2a6f08003ded6c9    3082054e 30820436 a0030201 02020900 e2a6f080 03ded6c9 300d0609 2a864886     <snipped rest of cert>  quitcrypto ca certificate chain

[code]....

View 9 Replies View Related

Connect To A Router That Requires A Password?

Apr 6, 2012

I have a Cisco Valet wifi router that works fine with my laptop and my computer that has a usb wifi adapter. The problem is that for some reason when I try to connect my moms computer to the router it can only connect to the guest router and when I try to connect to the regular router it just fails even when I use the correct password. I have tried uninstalling the driver and re-installing it for the usb wifi adapter for my moms computer (NetGear N150 USB Adapter) and its nothing works. Her computer by the way is an Acer Windows XP SP3 machine.

View 4 Replies View Related

D-Link DCM-201 Requires Frequent Resetting

Mar 21, 2011

I just got Charter cable internet and decided to purchase my own cable modem instead of paying 5 dollars a month to rent one. I got a D-Link DCM-201. I know it is a little old but it was brand new/unused so I figured it would work out well. Ever since we got it hooked up every few hours we lose internet connectivity. The power, cable, and status lights are solid green and the Ethernet light is blinking green. The only fix I have found for this is to power cycle the modem. The problem is this happens about once every 4 hours...having to reset the router every few hours is making having cable internet a much more painful experience than it should be.

View 7 Replies View Related

The Server 192.168.1.1:80 Requires A Username And Password

Oct 29, 2011

I just bought a Westell modem 6100 model online, and when I try to change the profile, I get a message saying: The server 192.168.1.1:80 requires a username and password. The server says: Modem Secure."

View 12 Replies View Related

Cisco Routers :: SRW2048 - Web Configuration Page Requires IE?

Jul 21, 2012

I'm currently trying to setup a Linksys SRW2048 switch.
 
The switch came with version 1.0.0 of the firmware (circa 2005), which worked fine with Google Chrome and Safari on OSX.
 
However, I recently upgraded to 1.2.2 (circa 2009), and the in-built web configuration page doesn't seem to work in anything except for IE6 or IE7.
 
Chrome and Safari give me a whole bunch of resource not available errors, and the page itself doesn't render properly at all:
 
Firefox also doesn't render it properly either:
 
It seems a bit strange on Linksys/Cisco's part that they'd release an updated firmware that meant their switch could only be used by Internet Explorer.
 
Or failing that, are there any known workarounds to get this to work with Chrome, Safari, Firefox - anything other than IE? Or anything on OSX or Linux?
 
Also, I heard that firmware 1.2.1 still works on non-IE browsers - any archives of older Linksys switch firmwares?

View 2 Replies View Related

Cisco Wireless :: SRP527W LAN Requires Frequent Restarts?

Jun 7, 2013

Have an SRP527W that I've had a couple of years,
 
Model:SRP527W, ADSL2+ AnnexA, 802.11n ETSI, 2FXS/1FXOVersion ID:V03Hardware Version:4.0.0Boot Version:1.1.17 (Jan 4 2010 - 21:15:46)Firmware Version:1.01.29 (002) Mar 29 2013ADSL Firmware Version:0.78.0Recovery Firmware:1.01.20 (011)Setup Wizard Version:20110728.00 

As indicated in the subject, wireless users are finding that it is either unattachable (shows up in the list but fails to attach) or if you manage to authenticate and get in, it's painfully slow or simply drops out.  Security is WPA-PSK.   Only noticed the issue after a couple of Windows 8 laptops came into the household, but the problem still seems to be there when they are off so not sure if they are connected in some way or not.  Updated to the latest firmware - no change.   Wired connections are fine and when it's initially restarted, so is the wireless, seems to happen sometime after wireless services are restarted.  Only the one Wireless SSID, nothing fancy, max users around 5, all on laptops or the odd pad.   I changed channels done narrow wide etc, (using mixed mode - some Wireless N laptops some Wireless B/G.   Nothing seems to make any difference.  No log entries until the Wireless system is restarted, doesn't require a reboot of the router, just a SUBMIT of the existing wireless settings to force it to restart. 

View 8 Replies View Related

Cisco VPN :: ASA 5520 Requires To Accept 2 VPNs From Different Devices

Jul 1, 2012

I use a cisco asa 5520 to terminate multiple site to site VPNs. Due to the configuration of a parteners network, i have had to install 2 routers into this parteners network, i have been supplied static private IP addresses for each router each router has a unidue LAN subnet which is the VPN's protected network.The partener use's PAT with only one public facing IP address.The VPNs are initiated from the parteners network using an IP sla ping.
 
Upon installing my first VPN router in the partenrs network, once NAT-T was enabled on the local ASA the VPN started working fine. After installing the second VPN router i tried installing the new config on to the ASA but via CSM, the ASA complains that it can not have 2 VPN's with the same peer address configured.

View 3 Replies View Related

Cisco WAN :: CCENT Requires Urgent 857 NAT Multiple Static IP

May 7, 2011

I am fairly new to the Cisco world and aim to take my CCNA in the coming months.I am now working with a customer who has several Cisco 857 (UK PPPOA ADSL over POTS)The have sonicwall firewall VPN devices that needs to have one block of 8 static ip addreses from the ISP at each site.The current configurations use the network address on the VLAN interface use Static NAT to a private IP address to connect to port 23 on the VLAN interface.  Why would you set up the router this way?,I thought that from a block of 8 IPs the first would be the network address the last the broadcas address, one  for the router (on the VLAN interface) leaves 5 usable for the hosts attached to the ethernet ports on the VLAN.

View 2 Replies View Related

Connect Two Computers Together - It Requires Both IP And Subnet Mask?

Mar 6, 2011

I understand ip addressing and what a subnet is.But why is it sometimes I connect two things together,it always requires a subnet mask, and other times no? For example when I try to connect two computers together, it requires both IP and subnet mask.But if I use FTP software all it ask for is IP.Same thing when connecting to a website through their ip, doesn't require subnet.

View 6 Replies View Related

Network Disappears From Computer - Requires Restart?

Sep 29, 2011

I've been having this issue where my wireless network completely disappears from my computer and it requires a restart to fix.I know for a fact that it is not my modem/ISP as my iPad still connects just fine to the network.My network disappears about after 10-20 minutes of being logged on.

View 1 Replies View Related

D-Link DIR-825 :: Requires Reset To Keep Shareport Working

Apr 14, 2011

Shareport recognizes the printer only after resetting the DIR-825 router. I don't know if this is a Shareport issue or an issue with the DIR-825 disabling the USB port.This happens after there is no PC connected to the router for a number of hours such as overnight. I have 1 laptop and 1 desktop running Win 7 64-bit and 1 laptop running Win 7 32-bit. The desktop is connected directly to the router and the laptops connect via wifi. All PCs work perfectly when the DIR-825 is reset.This isn't a big issue but it's extremely annoying and shouldn't happen. I use a Cisco WAG320 in my office that has similar USB functionality and this never happens.

D-Link Router: DIR-825
FW Version: 1.13NA
Operating System: Win 7 32 and 64 bit
SharePort Version: 3.1.0 R1 (SXUPTP Driver : 3.4.6.0)

View 2 Replies View Related

D-Link DIR-655 :: Email Notifications When ISP Requires SSL / TLS Port 465?

Feb 22, 2010

DIR-655(A3) 1.33NAb02_HNAP_beta  I used to be able to send notifications on log full etc...  When my ISP was still allowing outbound email w/opt out of block on port 25. This worked on my old DI-524, and used to work on my DIR-655.In an effort to clamp down on spam my ISP formerly SBC now AT&T began requiring SSL. Secure Authentication is not required. With the ever increasing concern for controlling spam DLink really needs to get in gear and provide the support customers need and back the efforts of ISP's to control spam. Otherwise it's wasted code occupying space. On that note if space is a concern, need space for the code ~ throw SecureSpot out  !

[URL]

On the Outgoing Server (SMTP) Settings window click Edit and verify:

# Server Name - displays smtp.att.yahoo.com.
# Port - displays 465.

Note:  When updating the secure server settings, check SSL checkbox first to update the port setting.

* Under Outgoing mail (SMTP),  the box next to server requires a secure connection (SSL) is checked.  This works flawlessly with Thunderbird and other mail clients therefore it is clearly a shortcoming of the firmware on the DIR-655 i.e. no SSL? This is totally inadequate.

View 5 Replies View Related

Cisco Switches :: Sx300 Series Requires Reboot Every 2 Months

Nov 15, 2011

We have 3 sf-300 series switches in Layer3 mode deployed in different offices. We have found that approximately every 2-3 months at all 3 locations users experience a serious reduction in bandwidth. Only after rebooting the cisco does the problem go away and we're okay for another few months. some setting/feature that may be contributing to this? We are only using several ports and 1 static route on each switch. We are not using any of the bells and whistles on the switch. 2 of the switches are using the original firmware, whereas the other is using the newest firmware.  Maybe this is just what we should expect from a Small Business switch?

View 18 Replies View Related

Cisco :: LMS 3.2 - Reboot Requires Manual Start Of TomcatMon And Apache

Feb 24, 2012

I have taken over a couple of LMS 3.2.0 standalone servers (two different networks). When I reboot them they tend to be slow coming back up (20-30 min). I"m thinking this may be due to the fact that LMS was reinstalled on both of them as I see an old CSCOpx folder (CSCOpx_old) as well as the current one. I assume that someone reinstalled and the registry may be dirty and service dependencies may be jacked up but honestly I don't know how this works for LMS and I haven't found much good info in the user guide for common services for service dependencies or registry keys in general.
 
Also, one of the servers never comes up fully on reboot or restart of the daemon manager. I troubleshot this and found that Tomcatmonitor and Apache are always down after reboot/restart. Tomcatmonitor says that it was shutdown by the administor in a pdshow and Apache says that it was never started.  I have to go into the server and manually start these processes with a pdexec to get the application up.

View 1 Replies View Related

Cisco WAN :: ASA 5510 / Backup Isp Requires Changed Dynamic Rule?

Dec 14, 2011

I have one ASA 5510, a primary ISP (cable, the single public IP lives on the ASA), and a backup ISP (ADSL, separate router that hosts its single public IP). I use IP tracking to detect link down on the primary. When I pull the plug on the cable modem and go to "Route monitoring", I can see the ASA's default route is now the backup ISP default route.That conforms with [URL]  Pings to 8.8.8.8 fail however, and when I do a packet trace the ASA complains about the dynamic nat rule that still points to the primary ISP's interface.Only when I change the existing dynamic NAT rule (on my inside interface) to use the backup ISP's pool (which is a single 192.168.x.y address) , does 8.8.8.8 reply to my pings. So it kinda works but it's not full auto . I can't add a second dynamic nat rule on the same inside interface, nor can I select 2 IP pools in a single dynamic nat rule.

View 4 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

Linksys WRT54G - Router Requires Constant Re-setting

Sep 7, 2012

Lately, I upgrade the firmware on my router. A linksys WRT54G. In order to access the router I had to do a manual reset to factory settings. Post upgrade, for some reason I couldn't access the internet. I tried everything for hours and finally through sheer luck of unplugging every cable and ever power lead and plugging it back in, it started working.

However, lately I've found that the only computer connected to the internet via eathernet cable is loosing connection intermittently. Also we seem to get constant huge spikes in latency and very inconsistent speed. Unplugging the router and plugging it back in again seems to solve this problem temporarily, but requires toggling of power multiple times a day. Also I had what I believe was an IP address conflict, or lack of an IP address once, but using the windows troubleshoot errors fixed that by resetting my wireless network card. (This was on a 2nd machine)

[code]...

View 8 Replies View Related

Access To Free Wireless Service Requires Security Key

May 30, 2011

I have access to free wireless service but it requires a security key? How do I get this key?

View 3 Replies View Related

Linksys Cable / DSL :: X3000 Requires Daily Restart?

Feb 3, 2012

I have a Linksys X3000 router.  While it is running, connection latency will gradually increase over about a day until eventually it just stops working at all and I have to power it off and back on again.
 
Ping times to a local website slowly increase from 30ms immediately after restarting the router, to about 100ms about an hour before it will need to be restarted, then rapidly increase to over 1 second before it drops out completely.  When this happens, no connections through the router will work, I cannot even ping it or connect to its configuration web page.
 
I upgraded the firmware to see if that would work but it didn't.  I have had the exact same problems with the 1.0.0 and 1.0.01 versions.
 
Can I get it replaced?  And in the mean time, is there some way to make the router automatically restart at a scheduled time?

View 2 Replies View Related

D-Link DIR-615 :: Requires Power Reset For Laptop To Connect?

Mar 22, 2011

I've just gotten a DIR-615 and replaced a working linksys G router. I configured it to work with my ipad (wireless N), my laptop-win 7 (N), and my desktop-vista (USB connected N). Everything works ok,. I'm using WPA personal, WPA2only, AES encryption, 3600, 802.11n only, auto 20/40 mhz channel width, invisible.

Here's the problem. As I powered up and shut down the laptop each day, it wouldn't connect to the router. I could see the connection, but windows said it couldn't connect. I had to go and unplug the router, count to 10, and then plug it in, and tell the laptop to connect and then it would connect it would be fine.

I thought it might be a compatibility with the laptop driver, but after powering down the desktop today, I had to do the same power cycle on the router to get the desktop to connect.  So then I went and turned off the IPAD and had the same thing happen. 3 for 3.

I'm pretty sure its router settings and not the 3 devices, this never happened with the Linksys router, but I don't know what to change.

One other odd thing, when I view the network in windows, the DIR-615 icon is there (for about 15 secs), and then it disappears (for about 5 secs), and then reappears (15 secs), disappears (5 secs), etc. - almost like its dropping out for 5 secs... I haven't noticed a performance hit, but haven't transfer big files yet.

View 14 Replies View Related

Dell :: 1397 Internet Connection That Requires 802.11n Speed

May 2, 2013

I have Dell Studio XPS i5 laptop (64 bit) with DELL Wireless 1397 WLAN Mini Card (version 5.30.21.0 from 1.10. 2008). I recently subscribed for an internet connection that requires 802.11n speed. As my wireless card does not support it what are my options here. Is there a magical link to update my card and start gaining from the maximum speed (30 Mbps or higher if I want) or I have to change the card by buying/installing a new one.

View 14 Replies View Related

D-Link DCS Network Camera :: 920 - Crashes / Requires Reboot

Aug 3, 2009

Have 13 DCS-920 Every few days a few random cameras will will hang/become unresponsive at random intervals.  The cameras require that I unplug the cameras before they will respond. When the cameras are unresponsive I cannot access the camera via a web browser, the D-View Cam software, or the setup wizard. This is a problem as they are all mounted in positions requiring a ladder to access.

I have some connected via 802.11g and other hard wired over 10/100 cat-6 Ethernet cable.

View 14 Replies View Related

Cisco Wireless :: WLC5508 - Requires To Setup A Dynamic Interface On A Network?

Aug 10, 2012

Having setup several WLC4402's in the past, I am posed with a new implementation that I have never tried before.  I will be setting up a new 5508 that will ONLY be used for remote access-points in H-REAP mode.  It is going into a data center and there will be no local LWAPP's.Is it still required to setup a dynamic interface on a network that will essentially only have the controller IP?  Or can I serve all the AP's out of the single, untagged management interface (which I believe is also the old ap-manager interface now?)

View 2 Replies View Related

Cisco :: MIR Feature On MSE 3350 Requires Context-Aware Service To Work

Oct 21, 2009

Does the MIR feature on the MSE 3350 requires the Context-Aware Service to work?  I read that the system uses location, signal strength and coverage data in conjunction with monitor mode APs at each exit to trigger the roam.   I just don't know if MIR does this on it's own or needs to get location from Context-Aware service.

View 2 Replies View Related

Westell Modem 6100 Server Requires Username And Password

Oct 29, 2011

I just bought a Westell modem 6100 model online, and when I try to change the profile, I get a message saying: The server 192.168.1.1:80 requires a username and password. The server says: Modem Secure."

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved