We are trying to finally get rid of a couple old 3060 concentrators and would like to see how many active connections are still on. Is there any reporting that can be seen from the concentrators?
View 3 Replies
I have noticed that under the Device Change Audit list under the configuration dashboard. LMS lists the wrong user for the last change. For example. User ABC performed a change on a switch yesterday but switch shows user XYZ has performed the change.
e.g.
SwitchA
! Last configuration change at 16:27:06 AEST Mon Aug 15 2011 by ABC
User XYZ then performs changes on switchB, switchC. These show up correctly. but the change on switchA shows user XYZ instead of ABC.
User XYZ has never logged into the switchA in question.
I'm currently setting up two VPN 3000 Concentrators at two different sites to create a IPsec LAN-to-LAN Tunnel. I have gone through all the basic configuration guides on the CISCO site, but a LAN-to-LAN session is never created. I have enabled the logs on the Concentrator and it displays no errors at all - it appears the Concentrator is not even trying to establish a IPsec LAN-to-LAN Tunnel.After running through the standard setup provided by CISCO, is there anything I need to do to make the Concentrator try to create a Tunnel, or should this be automatic once all settings are in place?
View 2 Replies View RelatedWe are about ready to embark on moving all L2L and network extensions (Cisco ASA 5505s) from the Cisco VPN 3060 Concentrator to a Cisco ASA 5520. We would like to know if there is a simple method to doing this such as a converter? Also, are there any lessons learned? We are running 8.4.3 so we know that NAT configuration has differed. Can the configuration from the 3060 be modified in anyway in configuring the ASA?
View 4 Replies View Relatedis it possible to do a site to site with a Cisco ISR 881W --> to a Cisco 3060 concentrator head?
View 1 Replies View Relatedhp 3060 j610 had to re new my router now the printer cant connct to itprinter asks me to press wps button on router but cant se any button it then says press ok and starts counting down but cant find router
View 1 Replies View RelatedI'm decommissioning my SonicWall PRO 3060 and upgrading to an ASA5550 (we're increasing our WAN link speed to 1Gig and need the 5550). In any case, I want to copy over the configuration from the PRO to the ASA. I have everything documented and I've started doing the changeover, but in looking at some other network diagrams on the net I'm seeing router symbols between the LAN switches and the ASA and I'm beginning to worry that I might need routers to do this which, of course, would increase cost quite a bit.
So my question is this: If I have a core switch carved into multiple VLANs and I connect each VLAN to a port on the ASA, will I be able to route and filter traffic from VLAN to VLAN through the ASA? If so how, in general, is this accomplished (I'm betting ACLs). I think that the ASA will be able to do this easily, but I just want to be sure before I get too far into the configuration of this unit,.
ASA
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GigE0/0 GigE0/1 GigE0/2 GigE0/3 GigE1/0 GigE1/1 GigE1/2 GigE1/3
| | | | | | | |
| | | | | | | |
WAN BackupWAN VLAN400 VLAN500 VLAN600 VLAN700
me what are the best Free tools to do a Network Audit (Thoughput, speed linksswitchs usage, analyse network topology.. etc)
View 7 Replies View RelatedIn our network we use cisco WS-C6509-E (R7000) Backbobe switch. We want to route syslog to log server.But I couldn't do it. How can solve this problem?
View 7 Replies View RelatedI need to understand why change audit report reports an unused username Name of the user who performed the change. This is the name entered when the user logged in. It can be the name under which the LMS application is running, or the name using which the change was performed on the device. #The User Name field may not always reflect the user name. The User Name is reflected only when: A config change was performed using LMS. #A config change was performed outside of LMS, but the network has username-based AAA security model, wherein authentication is performed by an AAA server, which could be TACACS/RADIUS or local.
View 2 Replies View RelatedWe have a PIX 515E running ver 6.3 and we want to implemente some sort of logging to keep track of who/when logs in to the PIX and if they make any config changes or to the file system. All of this is for forensic purposes in the future. I have already looked at some PIX docs but I don´t seem to find what I am lokking for.
View 1 Replies View RelatedACS and i would like to know how to enable the "Configuration Audit" for someone login to my network devices using their ACS login and i can monitor what they did on it.
ACS Version : 5.2.0.26
i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.It is possibile to generate an email or similar automated process to notify administrators on these audits?
(version in use 4.7.2)
Sometimes our network lag and i thing there is a computer making this problem. i'd like to audit all input output of all port of a Catalyst 1900. all i manage to do is to enter to the console menu via Telnet.. once here, i try monitoring but i'm afraid to do a bad thing :
Catalyst 1900 - Main Menu
[C] Console Settings
[S] System
[N] Network Management
[P] Port Configuration
[Code]...
When performing an audit from NCS Prime 1.3 on our 5508 controllers (500 lic) we are getting mismatch messages from many of our 3602i AP's that say the following...
(Type)Configuration Name Audit Status Attribute Prime Infrastructure Value Controller Value
(AP APname, Interface) 802.11a/n Mismatch Spectrum Intelligence true false
These AP's are not configured as Spectrum Intelligence on the controllers, rather as local. It seems that NCS believes that they are supposed to be SI. We have refreshed the config from controller many times but this does not change. The 5508's run v.7.2.111.3 Is there a change I can make on NCS or otherwise to make this mismatch go away? Is this a bug? It is not causing any problems (that we can see) but as most would rather not have these mismatches.
I'm using ACS 5.4p2 within distributed systems: one primary and one secondary instance.For now, primary instance is acting as Log Collector server and I can see any AAA audit logs.
When the primary instance fails I can authenticate successfully using the secondary instance.However, when primary instance comes back, I'm not able to see any audit logs operated by secondary.
My cisco works LMS3.2 is not showing recent configuration of my Cisco devices. also it dont show any change report on last 24 hours or even if i select x number of day, looks like its not saving any changes made on devices.
today i logged in and cisco ASA was showing this in status as well Configuration Last Archived Time May 03 2012 11:27:46 EDT on checking i could see it is same date when cisco ASA was added in cisco works. do i need to click some where for auto update configuration changes and latest confoguration in cisco works setting?
I have a cisco 2811 router set up as a nat/firewall gateway for my network. I've configured it for CBAC on using ip inspect and an access list.What I want is to use audit-trail to record network traffic (which means sending syslog messages to a server) concerning established sessions from my own network to locations in the outside. If i configure this using ip inspect audit-trail and no ip inspect alert-off, the configuration looks like this: [code] which works just fine, but there is the matter of icmp packets.
Since i use polling software that needs to check some machines in the outside part of the network, it is only natural that several icmp sessions are established through the Inspection Rule per minute. The problem is that since these sessions are recorded along with everything else, my syslogs are flooded with these (since i am using logging trap informational) to the point that more messages are generated about icmp than all other traffic combined, especially in non-working hours.What I am asking is a way for the audit-trail to be selecively disabled for icmp, so that the outgoing (echo) &incoming (echo reply) sessions can be established without generating syslog messages.
I have a user ABC(Admin Account) and XYZ(limited user). For both of them i would like to have two different ip configuration. If ABC(Admin Account) logins he should have ip, gateway and dns1, dns2 and dns3. If XYZ(limited user) logins he should have ip, gateway and dns1 only.Is it possible to have above configuraions.
View 4 Replies View RelatedI have Synology DS213 directly connected to a SMC Comcast business cable modem. The IP address of the DS213 is 5.4.3.x. The cable modem is pushing out IP Address in the same range 5.4.3.x. The cable modem connects to a wireless router and switch. The users who use wireless and wired connections have a public IP Address 192.168.x.x
View 5 Replies View Relatedwhat would be the best method to limit some users/workstations from accesing the internet on a vlan that has access to the internet?
I was thinking of just creating a whole new VLAN for those few workstations that doesnt access the internet or using ACLs on the ASA.
I know to add a user in the service engine is (config)#user Aileen create but how would you remove it. I tried no before user to negate the command but i do #sh users and the username is still listed.
View 1 Replies View RelatedI'm using a Cisco ASA 5520 with IOS 8.2.2. We have many remote users using the Cisco VPN client, but I have been asked can we logout idle users as we do hit our license limit and some users stay conenct for days.
View 3 Replies View RelatedI've just set up dialin VPN on my PIX 515e. The users can connect fine but my split tunnel ACL is not applied and I have the following error in syslog No translation group found for udp src outside:10.0.56.2/137 dst inside_lan:10.0.8.6/137 If i try to ping my inside interface from the client, i get a reply from the outside interface IP address. Do I need a specific NAT rule for my VPN client users?
View 2 Replies View Relatedi installed the Cisco Prime LMS widget and see there is a choice to search by username and hostname and phonenumber (for IP phones?) how can this be set up?
View 1 Replies View RelatedIs it possible to export internal ACS users from an ACS 4.x Windows (On ESXi), solution to an ACS 5.x solution. All I want to be able to do is export usernames and passwords out of the 4.x solution and then import them into the 5.x solution. I thought maybe the CSUtil program be used ?
View 3 Replies View RelatedWe need SQL-Connect to DB-Tables, as some "self-written" perl-scripts try to collect data.Are there any steps necessary to enable access to DB-Tables (and Views) ?
View 1 Replies View RelatedI have ACS 5.1 configured to authenticate users based on Active Directory. I have configured wired 802.1x too, with machine authentication enabled on ACS.When I login with credentials that exist in AD, it works fine. Then I configured Windows Authentication to ask for credentials (popup window). But I experience network disconnection when I login with a local account even though I entered correct AD credentials.I want to do the following: for an account that exist on the machine being authenticated (non-AD account), ACS should check its local database and reply with authentication success if it finds it, so the user is granted network connectivity.I heard about Identity Sequence in ACS. But I still don't see the right configuration,
View 2 Replies View Relatedhow to Configure ACS 5.x so LMS 4 users can authenticate via TACACS+? I have ACS 5.x setup and authenticating to Active Directory. Have changed the LMS 4.x Authentication Module to TACACS+. Have gotten past the user / password problem by configuring a local user in LMS 4.x. Now, am hitting the Default rule in ACS and Shell Profile is deny access..
View 1 Replies View RelatedI am trying to connect using officeextend but couldn't . I have managed to connect the officeextend AP to the DMZ WLC however i cant get the users to authenticte to the ACS (although there is a rule to access the access on ports 1813 and 1812). Should the DMZ WLC need the ACS servers (i thought they wouldnt require as they are anchored back to the Internal WLC that the ACS server address
oon a side note, i have'nt created dhcp for hte officeedxtend users - will this cause an issue - (just deciding on to it on WLC or windows server)In-fact i cant even see myself authenticating on the ACS server
I have set this up on pre 8.3 code and 8.3 code as well. I have the following configured on the ASA, but it is not working and I am not seeing the ASA trying to NAT the VPN pool IP address that the client gets assigned.
object network VPNPool
subnet 192.168.70.0 255.255.255.0
nat (outside,outside) dynamic interface
same-security-traffic permit intra-interface
i have 2 ISP, each ISP is 20Mbps internet speed.. and i connect this 2 ISP to mikrotik router,so this network will have 20Mbps + 20Mbps line and this network have 150 users..any idea how to set the QoS? i don't want the user using p2p application will use the Full bandwidth then affect the others user become slow browsing and i want reserve some bandwidth for some user for gaming.
View 3 Replies View RelatedI have a customer with an ASA5510. We have an SSL VPN (tunnel-based, or "SVC") that we use for remote access. That works great.They want to be able to use this same functionality, but add users who will not have the full access that the current SSL VPN users have. So in other words we currently have a small group of users who get full access to the LAN. Then they want to have a second group of users who will only have access to certain nodes.I'm wondering if there's some way to do this using LDAP between the firewall and the Radius server? The user gets put in a different tunnel group depending on what the FW learns from the server?We only have the Anyconnect Essentials license, so unfortunately we can't do a clientless SSL VPN, which otherwise might work well here.
View 3 Replies View Related
