Cisco VPN :: ASA5520 Any Way To Set Up Profile To Check PC
Mar 5, 2013
I have a Cisco ASA5520 that we are going to use to allow users to connect to our network via the Anyconnect client, I have authentication set up to validate against AD via LDAP, but was wondering if there were any way to set up the profile to check the PC before they log in....we do not want users using their home PCs to attach to our corporate network, only PCs that were issued to them by the company. Nothing is jumping out at me in the config, we are running some fairly old sofware on the boxes (ASA - v8.2(2), Anyconnect - v2.5.3046) I plan on upgrading the Anyconnect to v3.1 but will probably need to keep running the 8.2(2) version on the ASA due to support issues.
View 2 Replies
ADVERTISEMENT
Jan 13, 2013
May I have to know how to check functions included for asa image NCI-ASA5520-BUN-K9?
View 2 Replies
View Related
May 31, 2011
Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
View 1 Replies
View Related
Apr 17, 2011
I have enabled the following attribute...Show Pre-connect Message—Displays a message to the user before the user makes the first connection attempt.Where do you actually enter the text for the message?
View 1 Replies
View Related
Feb 23, 2012
I have an ASA 5510 being fed by ACS for authentication and groups.I have several VPN groups, and I'm trying to determine how the local routes on the VPN client are created. I know it's based on the vpn group becuase clients with different policies get different routes when they login. I know I should know this as I've setup groups before but for some reason this section of my brain wasnt backed up.
View 4 Replies
View Related
Aug 2, 2012
what's the ACS 5.3 common configuration for authorization profile for RAS authorization ?
I have an authorization error and the customer needs PPP, LCP, ip pool (configured on the ras).
View 1 Replies
View Related
Mar 31, 2012
I am running some tests with Cisco Anyconnect 3.0 and trying to configure profiles with profile editor. my understanding is that when we configure a profile under the AnyConnect profile editor, it will be used automatically when client connects to the SSID.
I have downloaded both the profile editor and AnyConnect secure mobility client, when i create a new profile and save it under "Network Access Manager newConfigFiles" folder, it seems the profile does not take any effect when i try to connect to the SSID, I am still propmted for user credentials when I try to connect to the SSID. I read from somewhere that a profile should be created using profile editor when using EAP-FAST, otherwise connection would fail, I did find failures when using EAP-FAST however this does not happen if I use local auth (on wlc or AP).
so the question is how do I suppose to configure profile editor to work properly with AnyConnect? if I have multiple profiles configured under profile editor, then how does AnyConnect know which profile config file to take when i switch between SSIDs?
View 2 Replies
View Related
Jun 6, 2011
I have a problem with one of our IPSec site-to-site vpns.
-we use ASA5540 and the remote site uses a software based FW (steelgate borderware). -there are some old ACLs on our FW that have the remote site's IP address as an incoming node having TCP.... access to some servers on our LAN (why they didn't use static/dynamic NAT for clients of both end to have TCP connection???)
-when I try to set up the vpn the name entry of the remote site (which is optional) changes with IP address of the peer in vpn profile and it confuses the vpn, so the IKE phase1 won't establish. the name entry is because of those ACLs that have been entered in the past.
Q- How to stop ASA creating names via ASDM when adding ACLs?
Imagine the other site's network people are the most inflexible IT guys to do any changes in terms of using static or dynamic nat for their clients to have access to ours, so I can replace their FW IP address in ACL with other NAT addresses.
View 1 Replies
View Related
Mar 7, 2011
editing the name of a vpn connection profile and its policy, i have created the profile throught ipsec VPN wizard, the profile got automatically the name: DefaultRAGroup and also its grouppolicy got the name: DefaultRAGroup, in the edit window i cant change the Name?how can i rename them?
View 1 Replies
View Related
Feb 4, 2013
I just saw the AVC feature in WLC version 7.4.100.0 and wonder, if there is a possibility to select a AVC profile per user, based on it's RADIUS authentication via ACS.For example:
- A user in group teacher can access youtube on SSID A
- A user in group student can not access youtube on SSID A
View 3 Replies
View Related
May 14, 2013
How can I hold the public IP on my cisco client VPN NAT session so nobody else can use it? I have a cisco asas 5510 inside is 172.10.20.86 public 166.245.192.90
View 1 Replies
View Related
Feb 17, 2012
I'm looking into starting a file sharing server (think this is what its called) which will allow people to login into one of my PC's over the internet and download my files. My goal is to allow family members and friends to access my files and only specific files on this PC. The files could be family videos as well as pictures. Some video files will be in excess of 10gb along with typical jpegs and what not. I'll probably be running windows server 2008 on it. I'm also considering allowing people on some other forums that I'm a member on (cars, hobbies, ect) and allowing people to host vids on my server. My current IP provider is Comcast and I'm on a Dynamic IP so wondering how easy this is or if its recommended I get a static IP.
I' am looking for some articles that you'd recommend on this. I'd also like to have password protection / or login criteria so car members aren't able to view all my family videos, but can only log into some folder labeled (cars) and not my folder labeled family. Or another option would be that people have to login before they are able to even see what folders are accessible.For instance car members could only see car folders Family members could see anything stored on the PC?
View 6 Replies
View Related
Nov 9, 2011
Is it possible, through a QoS profile, to control how much bandwidth a user gets to use for upstream traffic? I can easily set limits for downstream traffic, via the per user bandwidth contracts, but it is not obvious to me on how to control upstream traffic.
View 1 Replies
View Related
Oct 18, 2011
How to link the command set to a shell profile in acs 5.2.
View 1 Replies
View Related
Jan 30, 2012
How can I hold the public IP on my cisco client VPN NAT session so nobody else can use it? I have a cisco asas 5510 inside is 172.10.20.86 public 166.245.192.90
Did I need to call my ISP?
View 3 Replies
View Related
May 24, 2012
I'm in router setting in 1921, I have 40 remote VPN group profile attributes, but I can only connect simultaneously at 30, I wonder if there is a maximum limit of groups configured on a router 1900 IOS
View 0 Replies
View Related
Nov 25, 2012
Is it possible to send profile name as an Radius atribute during client authentication? I would like to match users depends on profile name to sperate Identity Stores in my ACS. ASA 5540 8.4, anyconnect 3.1.01065, ACS 5.1
View 3 Replies
View Related
Oct 14, 2011
I have a requirement to guarantee 100Mb of bandwidth over my WAN for a particular protocol.I've noticed on the 4507R (running 12.2(54)) that I am unable to config a class-map with "match port" (my protocol is not listed so i cant use match protocol").
So instead I've created an ACL with the source of the traffic I wish to guarantee. Next, I've created a policy-map, only to find that I am unable to specify "bandwidth".
tell me how I could create a QOS profile, on a 4507R with SupIVs running 12.2(54), in order to guarantee 100Mb to a specific subnet (or vlan, or ideally specific protocol).
View 1 Replies
View Related
May 31, 2012
I am in the process of setting up ACS 5.2 for a network and have run into an issue when attempting to apply the following aaa commands to a network device:
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
Once the commands have been applied to the device configuration I get "command authorization failed" when attempting to do anything. Taking a quick look at the TACACS Authorization reports I see a failure reason of "13025 Command failed to match a Permit rule" and under the Selected Command Set "Deny All Commands" is listed. After doing a bit of searching, I noticed some articles online that indicate I should be able to specify the appropriate command set to the authorization profile under the Default Device Admin policy. However, when I open up a Device Administration Authorization Policy, nowhere in the window does it display command sets that I can select from.
View 4 Replies
View Related
Jun 1, 2011
I am setting up Radius AAA for cat6K switch.For authentication its work and user can login to switch. But for the privilege level assignment, it does not work. After loging in, I always get privilege 1. I need your guide on how to configure on ACS 5.1, RADIUS Attribute.I follow the document to configure the cisco-av-pair for assign Privilege 15 and Privilege 5 , but it does not work.This attribute format was shown in document is to set Privilege 15, "shell:privlvl=15" it is correct way of configure it on ACS 5.1
View 5 Replies
View Related
Sep 21, 2012
I am trying to configure a client profile under the Any Connect Client Profile tab in the ASDM but keep getting an error message stating "Check that you have a proper Any Connect package installed in the Any Connect Client Software menu. Also check that your ASDM username have enough privilege." My user has sufficient privilege but I am not sure which Any Connect software I should have to enable this. Right now I have anyconnect-win-3.0.10055-k9.pkg installed. This is a lab setup using GNS3.
View 1 Replies
View Related
May 2, 2012
Working as a consultant I find it annoying I cannot see a drop-down list in the AnyConnect client as you can with the traditional IPSEC VPN client with multiple profiles. How to modify the default profile to list multiple entries?
View 5 Replies
View Related
Jul 20, 2011
I can logged on my hotmail email account, but when i checked my profile it is temporarily blocked. and i can't sign in thru my windows live messenger. what should i do to unblock my profile and at the same time i can logged in thru my windows live messenger.
View 2 Replies
View Related
Feb 8, 2012
After completing an AD upgrade to 2008r2 I've had my fill of roaming profiles. I want to change all users back so that their profile is on their pc. Of course ideally I'd like this to occur with the user affected as little as possible. Most users are still winxp but some win7 machines too.
View 18 Replies
View Related
Apr 30, 2013
how we can clear the username in the Anyconnect Connection Profile on a users laptop? Currently it defaults to the last username used but our security group would like that cleared so that the field comes up blank every time. This feature was available in the old Cisco 3030's but I can't find it in the ASA.
View 3 Replies
View Related
Jun 10, 2013
We assign in our IPSec VPN the tunnel-address from our centralized dhcp server pools.In the profile we have two server's ip configured.In test (whireshark) we noticed that the discover always go to the first configured ip.
I do not understand and could not finf hints how the function is.
- backup server with a timeout when no answer comes from primary ?
- should ASA do simultaneous discover to all configured ip's ?
=>Problem is, that although the first server not answered in a timely manner, we noticed no discover to the second.
Here the partial CLI - Config:
++
tunnel-group AZInt07 type remote-access
tunnel-group AZInt07 general-attributes
authentication-server-group ActivPack
default-group-policy AZInt
dhcp-server 10.x.x.y
dhcp-server 10.x.y.y
[code].....
View 3 Replies
View Related
Mar 8, 2013
i've configured 4 connection profiles (IT,HR,Admon,VIP) on the asa everything works well, but our boss wants to know if it's possible to assign the right connection profile without using group drop-down list, what he wants is to use a unique connection profile (non-default) and via radius attributes using ACS 5.X to assing the right profile.
View 6 Replies
View Related
Jul 19, 2012
I deleted a contact and I want to post something that doesn't involve her, but I don't want her to be rude to me if she sees it.
View 1 Replies
View Related
Dec 12, 2012
I have a Windows 7 64 bit computer that is connected to the internet through an ethernet cable to a 2-wire modem. Other computers at my home are connected wirelessly but I am not. I do have a NetGear print server and connect wirelessly with it to a printer. I am suddenly getting the notification "Native WiFi Default Profile Connected" even though I have been running the computer for a year without ever seeing this.
Is the wireless USB connection over-riding my ethernet connection? and is it possible to revert to having the ethernet connection be dominant? I prefer the ethernet connection for speed.
View 7 Replies
View Related
Nov 5, 2011
I would like to make configuration files for my provisionning server.I need to compile a plain txt file to a cfg file, but i do not find the good compilator for WRTP54G. I only found for spa-2102 and WRP400 and they do not seem to work on WRTP54G.i Made a tftp server and my provisionning profile rule field points towards the cfg file via the tftp server like this.
View 1 Replies
View Related
Oct 10, 2011
In our company we use the ACS 5.and i have a small problem, what we need to do is.create a profile that will allow SHOW RUNNING CONFIG but not configure terminal.i am investigating and im a littel bit lost i have created a new group but i dont see any option to put permissions.
View 1 Replies
View Related
Jan 2, 2013
We recently had a pair of Nexus 5k switches setup in our network. We had professional services handle the initial configuration but they weren't able to setup config sync for us. Each Fex is connected to each 5k, so we need a switch-profile to maintain a consistent setup on our interfaces. I went through the process in Configuring Switch-Profiles, but when I check the status of the peer, it says not reachable. [code]
View 1 Replies
View Related
Feb 13, 2011
Two 5548 switches running switch profile and it got out of sync (probably because one of the switches lost power before it has chance to save configure). Once the switch profile out of sync, you can't make any change to the switch profile any more, verification will fail.Is there any good way to get the switch profile re-sync without recreating it?
View 2 Replies
View Related