Network Setup With Different Security Levels For Groups
May 29, 2011How can I set up a network with different security levels to different groups?
View 3 Replies
ADVERTISEMENT
Network Share Permissions And Security Groups?
Apr 17, 2013I have a department network share that has several sub folders within that share. The director of this department doesn't want her employees to have access to everything in said share. We have a blanket security group for the dept that grants read/write access to the share. I tried creating a limited view security group and added it to the permissions on the share (right click the share, security permissions etc) but I am still able to go into folders that I shouldn't have access to.
View 3 Replies View RelatedDifferent Levels Of Security In Networks
Jul 7, 2011different levels of security in networks
View 2 Replies View RelatedCisco :: ASA Interface Security Levels?
May 25, 2011*By default, the interface with higher security level can access "interfaces" with lower security level*By default , lower security level interface has no access to higher security level interface (access list needed to permit access
View 9 Replies View RelatedCisco Firewall :: ACL With Security Levels In ASA 5520
May 6, 2013I have a DMZ (50) from where I need to allow some protocols to inside zone (level 0). I am doing that with ACL, but after having done that the implicit security level rule to lower level (outsite level 0) is not working anymore, I guess by the implicity deny after the acl. I'd need allow traffic to the outside zone from DMZ, as well as the inspect traffic from the inside one. Is there anyway to have both ACL and Security levels?
If not, what do I need to do to just allow some protocols going to higher level and leave the higher-to-lower traffic inspected allowed, same schema as we have with security levels.
Cisco :: WLC 4404 / 5508 Web Authentication By AD Security Groups
May 3, 2012web authenticate users within a specific Active Directory Security Group. I tried to authenticate over Radius with Cisco Secure ACS and Network Access Restrictions. But NAR only works with Layer 2 authentication. And Web Authentication over LDAP can only be used with User Objects.
View 5 Replies View RelatedCisco AAA/Identity/Nac :: Setup ACS 5.2 With An ASA V8.3.2 To Lock Users Into VPN Groups?
Jan 18, 2011I'm trying to setup ACS 5.2 with an ASA v8.3.2 to lock users into VPN groups based on a users AD group. I've tried various combinations but the group lock isn't working. I've done steps 1 & 2 ...
1) Network Devices and AAA Clients -> Define VPN
2) Users and Identity Stores -> Setup AD and Directory Groups, test connection
Policy Elements:
Q1) Policy Elements - Do I need an authorization profile for each group:
Q2) What RADIUS attributes should I use to match my ASA tunnel-groups?
RADIUS-IETF attribute 25?RADIUS-Cisco VPN 3000/ASA/PIX 7.x 85 (Tunnel-Group-Lock)?Other?
Access Policies:
Q1) Do I need to enable and use group mapping?
Q2) Do I need a Network Access Authorization Policy for each group?
Cisco AAA/Identity/Nac :: Setup RA VPN On ASA 8.4 With 2 Groups - VPNGp1 And VPNGp2?
Aug 21, 2011I am trying to set up RA VPN on ASA 8.4 with 2 groups - VPNGp1 and VPNGp2. VPNGp1 users will access 1.2.3.0/24 and VPNGp2 users will access 5.6.7.0/24. User authentication will happen using ACS 5.3 Radius.
On ASA, I have configured the IP pools, VPN ACLs, VPN groups, group policies for each group, and tunnel groups.
On ACS, I have created vpn-user1 and vpn-user2 for each of 2 groups.
I am not sure if some more configuration needs to be done on ASA and ACS... Do I need to add new users - vpn-user1 and vpn-user2 - on ASA, under each corresponding group policy, using vpn-group-policy command? Or I need to do something else on ACS?
Lastly, how can I configure authorization and accounting for the VPN users? Do I need to do this on ACS or on ASA?
Find Network Security Key After Router Already Setup?
Aug 28, 2011How do I Find network security key after router already set up
View 1 Replies View RelatedFind Network Security Key After Router Already Setup
Dec 22, 2012Find network security key after router already setup
View 2 Replies View RelatedWEP Security Setup - Can't Connect To Home Wireless Network
Feb 23, 2013I have a work supplied laptop. Used to be able to connect to my home wireless network - this stopped working last week. It can connect to other wireless networks, both at the office and other public places, but can't connect to my home network.
I've tried: Manually creating the wireless network Removing the profile from regedit Removing the profile from ProgramDataMicrosoftWlansvcsProfiles
It sees the network and attempts to connect, but never successfully connect. I have other laptops at home that are working just fine. The network is setup with WEP security, and I've entered/reentered the password several times.
Note, when I started this, the home network did not appear under the Manage Wireless Networks list in the Network and Sharing Center.
Cisco Switches :: SF-300-08 SNMP Setup Doesn't Show Any Groups In Add User Pulldown
Jun 1, 2012I'm setting up a new SF-300-08 with SNMP.I have defined Groups OK.But, when I go to Add User, the Group pulldown is grayed out and I can't add a user.
View 1 Replies View RelatedCisco :: LMS 4.1 No User Defined Groups Shown In Fault Notification Groups?
Dec 12, 2011I created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group
D-Link DIR-655 :: Separate Two Groups On Business Network?
May 7, 2011I've got a business network that I'd like to separate two sets of computers all together (thinking through a firewall rule or other method). Here's a text example of what I want to achieve:
Group A: PC 1, PC 2, PC 3 (can see each other and share files within this group)
Group B: PC 4, PC 5, PC 6 (can see each other and share files within this group)
But Group A & B can not see each other and are blocked from accessing each other.Can this be done with the DIR 655 or do I need to upgrade? Also, these two groups will be sharing the same internet connection.
Cisco Wireless :: 5508 Assign Single Ssid To Multiple Interface Groups By Assigning Ssid To Multiple AP Groups
Aug 26, 2012Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
Cisco Firewall :: ASDM 5.0.7 Creates Duplicate Network Object Groups
Aug 5, 2011We are facing the problem in ASDM 5.x creates duplicate network object groups in the configuration when PIX with software 7.0.7 is used.
Audit report its showing below commands :
asdm group SALES_ref dmz2 reference SALES object-group network SALES_ref network-object 172.20.7.8 network-object 172.20.10.3 network-object 172.20.11.2
no access-list dmz2_access_in extended permit tcp object-group Network_10.10.1.0 object-group SALES object-group SALES_Ports access-list dmz2_access_in line 200 extended permit tcp object-group Network_10.10.1.0 object-group SALES_ref object-group SALES_Ports
i was created SALES object group 2 month back after that ASDM Automatically created the duplicate object with SALES_ref name and changed the old ACL.
Cisco AAA/Identity/Nac :: 1113 - Multiple Network Device Groups Using One Windows Remote Agent?
May 4, 2011I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
Cisco :: Way To Grant SSL VPN Users Different Levels Of Access?
Mar 18, 2011I have a customer with an ASA5510. We have an SSL VPN (tunnel-based, or "SVC") that we use for remote access. That works great.They want to be able to use this same functionality, but add users who will not have the full access that the current SSL VPN users have. So in other words we currently have a small group of users who get full access to the LAN. Then they want to have a second group of users who will only have access to certain nodes.I'm wondering if there's some way to do this using LDAP between the firewall and the Radius server? The user gets put in a different tunnel group depending on what the FW learns from the server?We only have the Anyconnect Essentials license, so unfortunately we can't do a clientless SSL VPN, which otherwise might work well here.
View 3 Replies View RelatedLight Levels LX SX Info About Fiber Experience
Jun 7, 2012I've got tons of fibre in my network. However, tbh, my knowledge about correct light levels isn't great. I generally wait until my router complains about a light level before I do anything. I would like to set up SNMP monitoring for light levels, but I need some kind of baseline.Anyone with extensive fibre experience? What light levels should I be looking at for both multimode and singlemode fibre?
View 6 Replies View RelatedD-Link DIR-655 :: Blocks Epson Artisan Ink Levels?
Aug 12, 2011I purchased a Epson Artisan 835, which I am runnung wireless. When I try to check the ink levels from my laptop they are all greyed out. Epson tech said the Dir-655 was the problem and that I needed to get the router to give permission for the ink levels to go through.
View 14 Replies View RelatedCisco :: 4404 TX Power Levels Are Low After WLC Upgrade To 7.0.98.0
Oct 7, 2010I recently upgraded our WLC 4404 to release 7.0.98.0. The process was very smooth with no issues. The controller manages access points in two buildings. Prior to the upgrade the access points were maintaining high TX power levels...typically between 1 and 3. After the upgrade the power levels all droped to 6 and 8. I have confirmed that the correct external antenas have been set for each access point. I have not done a site survey to see if the lower power levels are acceptable. But the environment has been very consistent for the past year with regards to TX power levels. For the time being I have manually set a power level of 2 to prevent any service outages. Is there any explanation as to why the power levels have changed so drastically?
View 3 Replies View RelatedCisco Firewall :: 5510 Vpn Client Groups Configured / DHCP Server Stops Giving Network Service
Feb 20, 2013I have a asa 5510 vpn client groups configured and connected to the internal network DHCP server stops giving network service dhcp and the network goes down.
View 6 Replies View RelatedCisco AAA/Identity/Nac :: 881 SSH Login Using Only Public / Private Key Levels
Mar 10, 2013I'm trying to make a setup on my Cisco 881 router, but I'm having some trouble.I've managed to configure logging in with a Public-Private key pair over SSH, but it's also still possible to log in over SSH with just a username and password. I'd like to prevent this, if possible. I imagine I might have manually configured this to be allowed at some point, but I can't quite figure out how I did this, as no matter what I've tried to remove, it keeps allowing this option. I still need to be able to log in with a username, because I want users to have different privileges.
Once I've logged in using the Public-Private key, I don't automatically go into privilege mode, even though the user is configured with a privilege level. I'd like to configure that users that I've configured to use a certain privilege mode, automatically go into privilege mode without a password prompt. I know it did this before I started using the Public-Private key (or before I used AAA, which was configured around the same time), so I wondered if it's possible to do this still.
Cisco Firewall :: ASA 8.x Logging To Multiple Hosts At Different Severity Levels?
Jun 19, 2011Is it possible to configure the ASA to:
log syslog informational to one host
and
log syslog critical to a different host
It seems that the ASA allows you to only specify 1 logging severity level for all syslog hosts..
Cisco AAA/Identity/Nac :: AIR-AP1121G-A-K9 / HTTP Login Privilege Levels
Oct 4, 2011In CLI we have users log in at priv 1 and use "enable" to increase privilege and do configurations. This allows "accounting" of command history. On the AIR-AP1121G-A-K9 (12.3(8)JED1) I cannot duplicate this for http login.
I can log in as a user at priv 1. When I try to go to a privileged link like "Security" I get prompted for a second login/pw. Nothing works here unless I have a second user defined at priv 15 and enter that login/pw. The problem is - that login/pw can be used to log in via http in the first place which bypasses accounting of the actual user. It also allows login to the CLI at priv 15 which I cannot permit.
username test1 secret 5 abcdxxx
username test2 privilege 15 secret 5 efghxxx
enable secret 5 ijklxxx(code)
Cisco Firewall :: 6513 - Local User And Privilege Levels
Jul 14, 2011I have FWSM's in Cat 6513's. I have a need to be able to session from the switch to the FWSM by using default account (not local user), at privilege level 15 I further have a need to allow a user read only access by ssh'n into the FWSM...
I believe I need to setup a local user, at, say privilege level 5, assign the show command only to privilege level 5, then set the authorization command for that user. So, i think my command sets are as follows to accomplish this:
username <username> password <pw> priv 5
priv command level 5 mode exec command show
aaa auth ssh console LOCAL
aaa auth enable console LOCAL
aaa authorization command LOCAL
I think, that this will allow the user at privilege 5 to run only the show command and only by SSH to the FWSM while allow the priv 15 level default login to continue to function properly.
Security / Firewalls :: Sonicwall Network Security Appliance - Receiving A Content Blocked Message?
Dec 24, 2011I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
Security / Firewalls :: Connecting To A Security-enabled Wireless Network?
Jan 19, 2013I am trying to connect to a Security-enabled wireless netowork. I have the key. My problem is that I can't seem to figure out how to enter it. When I try to connect I open the "view available networks"window. I see the network name and it shows a strong signal (all 5 green bars).
View 3 Replies View RelatedHow To Setup A Security Password For Router
Nov 1, 2012need to know how to setup a security password for my router?
View 1 Replies View RelatedWhat Is The Best Security Setup For Dlink N150
Oct 16, 2011What is the best security setup for this model!
View 1 Replies View RelatedHow To Setup Configuration And Security After Reset
Feb 24, 2012How to set upo configuration & Security after reset
View 2 Replies View RelatedCisco Security :: Setup SSL VPN On 2811?
Mar 7, 2011I'm trying to setup a SSL VPN on a 2811. I believe I have the SSL VPN portion understood, but I can't tell because I keep getting stuck on the Certificate Server, ca trustpoint and identity trustpoint configuration.
guide that walks you through the CA cert, Cert Server, ca trustpoint and identitiy trustpoint to ios SSL VPN?
Cisco Security :: How To Setup Netflow V9 On ASA
Sep 25, 2011how to configure the ASA to support netflow V9, either in ASDM or CLI mode as welcome.
i follow the PRTG guide it doens't seem success to make the detection on netflow activity