I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
I am looking for recommendations on a device to put at the forefront of our network, mainly for web content filtering. Our network is currently setup as this:We have two Internet providers. One for each network that are physically separate except a a Cisco 3560 which is used for failover. In the event one ISP goes down, one network can use the others ISP, however, it has no access to the other network beyond that switch.Currently, each network has a web content filter (SmartFilter) server which is going end of life in a year. We would like to replace each server with a single box at the front of the network for filtering. Other bonuses would be things such as bandwidth control, virus protection, etc.Perhaps the most important thing is to make sure our ISP bandwidth download speed does not get hampered by the device we choose to put at the front. We have 50mb download on one and 30mb on the other. If the device throttles the download at 10mb then it's useless to us.
how to migrate the db from acs windows 3.3 to acs appliance 4.2.15.We are replacing win 3.3 to appliance 4.2.15 as a part of end of life. So we have the eap-tls/peap authentication.It has the huge records. So suggest me the steps to migrate the db from win 3.3 to appl 4.2.15.Do we need to upgrade to win 3.3 to win 4.0 to win 4.2 & then to migrate to appl 4.2 ?
I m getting mention error when try to open subjected web link.
Deny TCP (no connection) from Outside:188.8.131.52/2443 (184.108.40.206/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
Where, a.b.c.d = our private ip address (Natted) w.x.y.z = Public Ip address.
I have RSA Securid appliance 3.0 "A120" V 7.1 Sp4 and Cisco Secure Access Control System (ACS) Appliance V4.1.1 (build 23)..I make communication between the Cisco Secure ACS and the RSA Securid appliance using RADIUS Protocol .I only configure 1st IP for RSA appliance and Add this ip In cisco ACS and i go through implementation guide that is attached in this discussion all things is fine in authentication.
now i enabled second IP for RSA but i did not know how to configure the Cisco ACS to know Second IP for RSA?
I am trying to reimage a Cisco MARS 25 appliance for the pnadmin password recovery procedure. I am trying to boot the system with Recovery DVD (Version 5.3.2) shipped with the appliance. I connected a VGA monitor and USB keyboard to the appliance and when I do a reboot, I can see the Installation options. Please Choose A MARS Model To Install...
1. Distributed Mars - Local Controller But I am not able to select the Option 1 for the reimaging of Local Controller since my keyboard is not responding for the selections. During the LILO boot process, I can see some error message that 'Keyboard Not Present'. I tried to connect the keyboard to different USB ports and the PS/2 port using a USB to PS/2 adapter. Still keyboard is not functioning.I am able to select the BIOS options while connecting the USB keyboard to appliance. But it is not functioning when booting from Recovery DVD. Also the keyboard is functioning if I boot the appliance directly with previous image. Unfortunately I dont have any PS/2 keyboard available for connecting and admin password for Login.Is there any workaround/solution for supporting the USB keyboard during the Recovery Procedure ?I tried the serial connection with hyperterminal but some junk charaters appear even after setting the recomended Baud rate, parity, flow control etc.The Ethernet console seems not working with the default IP address 192.168.0.101 for eth1.
2. Distributed Mars - Global Controller 3. Mars Operating System Recovery 4. Quit
I was configure IPSEC vpn on ASA5540 and i have problem with port blocked. I am unable to block server ports to remote users.See below configuration. I need to configure vpn filter list but don't know how to configure vpn filter list.
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10 NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
I need to know the oversubscirption for the WS-X6816-10G-2T, the 2T supervisor engine supports 80Gbps for each slot so the oversubscirption should be 2:1 (if my calculation is correct) but I cannot find any confirmation about that
I have a C6509 with WS-X6548-GE-TX port module. The first port group, 1-8, is showing oversubscription (packets dropping) in the shared buffer. What interface commands can I use to find the specific port causing the buffer overflow?None of the ports is continuously overutilized and none of them in a SPAN destination group.I don't want to move connections without knowing which one is causing the problem. Also I fear that moving the connections may shift the bleeding to another shared port group.
Can open (url) in work computer but not at home - Message coming up at home that it will be closed for maintenance and that was last week and has since finished now as i can open site at work but not at home
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
What do I do if I cannot access the setup address IE 220.127.116.11?I use my N750DB as a network booster at home. It runs via ethernet cable from the main router. I used to be able to get on no problem and now, I just can't. I have spent 2 days trying to sort my internet problems.
I just did small office transfer all their existing computers and equipment over to a new office site. They had new voice and data cables run, as well as patch panel and telephone and cable modem equipment set up in new office The private telephone tech requested that I port forward port 8000 to the telephone equipments' IP address He also requested that I provide the Office Static IP address to him My question is--am I opening this office's network up to any security risks by forwarding port 8000 to his telephone equipment's internal system IP address and providing him the actual Static IP address of the office Internet connection?
I have question regarding route reflector. In my MPLS core network ,we have two route reflectors. Two route reflectors and each PE routers are belonged to a peer group. Route reflectors are Cisco 7301. IOS 12.3. I have Hardware maintenace on one Routereflector. How can I do that without interupting the end customer trafic.
I am currently deciding which IOS to use for various catalyst 3560 models. Version 12.2(55)SE3 seems fitting for this case, but I cant find out when the 12.2SE reaches End of Software Maintenance. I have checked this link: urls...
I have two WLC version 18.104.22.168 with the standby unit having HA-SKU. I have tested the AP-SSO functionality without any problem in lab with direct connection on RP port between two WLC. Once I brought them into data centre in separate location (latency is less than 10ms between the two DC), the standby unity always went into maintenance mode. The booting process on standby unit went to maintenance mode as shown below:
Management Gateway and Peer Redundancy Management interface are not reachable.Entering maintenance mode.
I have checked on the core switches at 2 data centre that the two WLC RP ports are connected to same VLAN and it is spanned across MAN link (10GB and less than 10ms delay). The spanning tree on those ports are forwarding as well.I have rebooted the second unit but no luck.The interface between two DC is using MTU 9216 which I do not think would cause this issue.
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
After upgrading our Cisco MSE to 7.4, the appliance does not stay connected to the network. Once the appliance is restarted, layer 3 echoes occur for about 2 minutes and then stop. The only way to get it to respond again, is to restart the appliance. Again, after a few minutes, it stops responding. I've checked the switch, and there is no port security set up on it. I've checked ACL's, and other potential culprits to no avail. The MSE interface is set up, and the device is configured.
I'm currently trying to install the Cisco LMS 4.2 Appliance on a VMware vSphere 4.0 environment.I'm following the [URL]. I downloaded the Cisco_Prime_LAN_Management_Solution_4_2.iso and I started the server.I get this screen and I choose option 1:
I try to upgrade LMS 4.2 to LMS 4.2.1 on a soft appliance and i got this error. To upgrade from LMS 4.2 to LMS 4.2.1:
lms/admin# conf t lms/admin(config)# repository myrepo lms/admin(config-Repository)# url disk://opt lms/admin(config-Repository)# end lms/admin# application upgrade Cisco_Prime_LAN_Management_Solution_4_2_1upgrade.tar.gz myrepo Save the ADE-OS running configuration?(yes/no) [yes]? yes Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Upgrade... % Local file not found lms/admin#
All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days. Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?
A while back we were looking into upgrading our SUN/Oracle server to better service our CiscoWorks. Our vendor (partnered Cisco Vendor) told us that Cisco was developing an appliance like WCS and CNR that runs Redhat for CiscoWorks.Does any one have any info on this or could this be a rumor?
We do not run Windows devices on any of our network enterprise and this would be so cool!
Oracle is getting to be a clone of Windows..in our opinion
If this is true, I will happy to sit and wait for it.
We now run LMS 4.0 on a SUN/Oracle T2000 and it seems to be bottlenecking.
I upgraded wcs to version 7.0.172 and migrated it to new server and ip address. The upgrade was done by install wcs 7.0.172 on new server and restoring a backup. I also upgraded the location appliance from 22.214.171.124 to 126.96.36.199. The wcs can see the location appliance without a problem. The problem occurs when i try to backup the location appliance. The wcs appears to run the backup and completes with a success but i cannot find the backup file in the ftp directory. wcs backup to ftp folder is fine.is a there a way of doing a manual backup the location appliance what logs can i check to see whether the backup is taking place or not?