ACS Remote-Address IP adress logged wrongly

I'm running ACS acs-5.4.0.46-B.221 and I found suspicious log entries. The issue is that IP address logged in logfile has reverted all octets.
Logged Remote-Address=Z.Y.X.W instead of Logged Remote-Address=W.X.Y.Z. Is it known bug or not? These supiscious entries are there for one day only.
Thanks
Zdenek

If you are going to change the ip scheme of whole network then go like this
--Change the IP of the AD where agent is installed.
--Uninstall the agent from the AD
--Assign the ip to the acs via CLI
--Delete the old agent from the ACS network configuration and add the new one with new ip.
--Install the agent on the AD again and enter the new ip address of the ACS during installation.
--Go to ACS external user database >> windows database > select the new remote agent.
Refresh the agent in the network confguration.
HTH
Jatin
Do rate helpful posts-

Similar Messages

  • ASA 5505 - L2TP over IPsec - Remote Address shows outside interface address

    Using an ASA 5505 for firewall and VPN.  We've enabled L2TP over IPsec to allow Windows clients to connect without third party software.
    The devices complete the connection and authenticate fine, but then are unable to hit any internal resources.  Split tunneling seems to be working, as they can still hit outside resources.  Packet tracer shows tcp flowing freely between VPN clients (192.168.102.0/24) and internal resources (192.168.100.0/24).  Even the NAT translation looks good in packet tracer.
    I pulled up the session details for one of the VPN clients in the ASDM and under the IPsecOverNatT details, it is showing the VPN client's remote address correctly, but displays the local address as the address assigned to the outside interface (which the client is using to connect.)  This seems to be the problem, as viewing detailed connection logs shows the internal resources trying to send packets back to the outside interface rather than the VPN client's assigned internal addresses.  Details:
    Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: [OUTSIDE INTERFACE ADDRESS]
    local ident (addr/mask/prot/port): ([OUTSIDE INTERFACE ADDRESS]/255.255.255.255/17/1701)
    remote ident (addr/mask/prot/port): ([VPN CLIENT ADDRESS]/255.255.255.255/17/0)
    current_peer: [VPN CLIENT ADDRESS], username: vpnuser
    dynamic allocated peer ip: 192.168.102.1 [This is what I think it should be showing for local ident]
    dynamic allocated peer ip(ipv6): 0.0.0.0
    #pkts encaps: 16, #pkts encrypt: 16, #pkts digest: 16
    #pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 16, #pkts comp failed: 0, #pkts decomp failed: 0
    #post-frag successes: 0, #post-frag failures: 0, #fragments created: 0
    #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
    #TFC rcvd: 0, #TFC sent: 0
    #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
    #pkts no sa (send): 0, #pkts invalid sa (rcv): 0
    #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
    #pkts invalid prot (rcv): 0, #pkts verify failed: 0
    #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0
    #pkts invalid pad (rcv): 0,
    #pkts invalid ip version (rcv): 0,
    #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0
    #pkts replay failed (rcv): 0
    #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0
    #pkts internal err (send): 0, #pkts internal err (rcv): 0
    local crypto endpt.: [OUTSIDE INTERFACE ADDRESS]/4500, remote crypto endpt.: [VPN CLIENT ADDRESS]/8248
    path mtu 1500, ipsec overhead 82(52), media mtu 1500
    PMTU time remaining (sec): 0, DF policy: copy-df
    ICMP error validation: disabled, TFC packets: disabled
    current outbound spi: 05BFAE20
    current inbound spi : CF85B895
    inbound esp sas:
    spi: 0xCF85B895 (3481647253)
    transform: esp-aes esp-sha-hmac no compression
    in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
    slot: 0, conn_id: 77824, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
    sa timing: remaining key lifetime (kB/sec): (4373998/3591)
    IV size: 16 bytes
    replay detection support: Y
    Anti replay bitmap:
    0x00000000 0x000FFFFD
    outbound esp sas:
    spi: 0x05BFAE20 (96448032)
    transform: esp-aes esp-sha-hmac no compression
    in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
    slot: 0, conn_id: 77824, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
    sa timing: remaining key lifetime (kB/sec): (4373999/3591)
    IV size: 16 bytes
    replay detection support: Y
    Anti replay bitmap:
    0x00000000 0x00000001
    Any ideas?  The remote clients connect but when internal resources try to send traffic to the VPN clients, the packets are directed to the outside interface address instead of the local address assigned to the VPN client.

     I have what I believe to be a similar issue. Site to site vpn is working well. That is site b can ping and send traffic to site A but Site A can not. Site B is a 3rd party vpn router. Site A is a Cisco 5505.
    It appears that when the crypto map inserts the route into the routing table it shows the route via the outside IP of the outside interface and not the IP of Site B. in the crypto map I can see the proper ip address for the peer. I can't figure out why when it inserts the route that it uses the wrong ip address

  • More than one Windows ACS Remote Agent

    We recently added a second Windows Remote Agent to have Windows authentication service available for our two ACS.
    Agent definition (CSAgent.ini) is correct but in Network Configration - Remote Agent (on each ACS web console) we see that the second Remote Agent is "available" but "not in use" (while the first one is, of course).
    If we stop the CSAgent Service on the first Remote Agent server, we do not see any activity on the second one (auth not working) and service still remains "avilable" but "not in use".
    Then, debugging with csagent.exe -z -p all we can see is something like:
    Debug printing on..
    Logging mode: LOW
    ACSRemoteAgent server starting ==============================
    Running as console application.
    Will listen on port 2004
    Configuration will be fetched from 10.1.1.101:2003
    Agents: CSWinAgent
    CSWinAgent File: ..\bin\CSWinAgent.exe
    CSWinAgent Port: 2005
    1 agents configured
    Permitted CSAgent Clients: 10.1.9.10-11
    Hit Return/Enter to stop...
    Listener activated
    Watchdog activated
    CSWinAgent launched
    Client connecting from 10.1.9.10:4346
    RPC: Info request received
    RPC: Info reply sent
    Client disconnected, thread 944 terminating
    Client connecting from 10.1.9.10:4347
    RPC: Info request received
    RPC: Info reply sent
    Client disconnected, thread 2108 terminating
    Client connecting from 10.1.9.10:4348
    and, in the CSWinAgent log windows we see NO logs at all....
    Where are we wrong???

    You must use ACS Remote Agent for Windows, version 4.0, with ACS Solution Engine, version 4.0. Other releases of Cisco Secure ACS are not supported.
    The following URL may help you:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawi.html#wp300510

  • Login "async" Remote Address

    Hi,
    we have ACS 5.3 and I don't know why we have a lot of authentication failed of of Username like:
    "state to down"
    "d state to up"
    "% Authentication failed"
    "l1/0:15, changed state to up"
    All logs have "async" in the Remote Address field
    The followng is an example of the log:
    Do you know why?
    thank you
    Fabrizio

    can you please tell me what device they are coming from? The async port is a console port. Once you find the NAS ip address,please get it physically checked what is connected on Console port, even if we have a console cable connected remove it. It seems like there is something that is causing a noise on console port (tty0).
    On the NAS device, please use "show line" and check if there is noise appearing on the console port.
    Jatin Katyal
    - Do rate helpful posts -

  • I utilise Entourage for my mails. When I tip a mail adress and write a wrong one, I change. When I will send again a mail to the same adress the wrong and good one appears both.  How can I delete the wrong one

    Question is here above but more details here under
    I use Entourage as Mail sender. I don't use the adress book.
    When I tip a wrong adress  and make the correction, the old one stays in the memory of my computer ( apple I Mac ).
    When I wish to send a new message to the same adress, the wrong one appears in the same time , and some time I don't remember wich is the good one .
    To avoid that problem, how can I delete the wrong adress for future sending of mails.

    Solution, use Apple Mail
    I can highly recommend migrating to the Address Book. You won't have the typo'ed history in your email.
    Here's the KB on how to clear the list
    http://support.microsoft.com/kb/823667

  • Coherence Extend remote address port in TCP Connection

    Hi,
    From the log below, I see remote address port is picked some random port(48552). (currently i disabled the firewall), If i enable the firewall it could be an issue, is there any way i can specify the remote ports that tcp connection use?
    2011-02-24 13:18:18.076/1280.207 Oracle Coherence GE 3.6.0.1 <D6> (thread=Proxy:ExtendTcpProxyService:TcpAcceptor, member=13): Opened: TcpConnection(Id=0x0000012E56A3CA1B0A1F96B688F7EEBCEDA2AA9397203393CF480379B3963D86, Open=true, LocalAddress=10.31.150.182:9099, RemoteAddress=10.31.150.182:48552)
    One more question,
    I have two proxy servers, is it possible to configure the client to make two connection (redundant) one for first proxy and another for second proxy. is it make sense?
    Thanks
    Prab
    Edited by: 833796 on Feb 24, 2011 2:35 AM

    Hi Prab
    The random port is what normally is called an ephemeral port for the client and is usually not a problem for firewalls since this is expected behavior. If you want to control the client port you can do this by adding the <local-address> to the tcp-initiator element.
    As for the second question, it doesn't quite work to do as you suggest. The proxy contains state for the client, as this is not replicable between the proxies one cannot continue where the other one left off.
    Thanks
    /Charlie

  • Ip remote address invalid

    Hey Guys, trying to connect with a friend of mine for the first time today, neither of us has used iChat before. He is on Leopard, i'm on Tiger.
    We can text no problem, but we can't video or audio chat.
    Keep getting the message IP Remote Address Invalid.
    We tried the usual, logging off etc, even reverted to our mobile broadband sticks & still no-go.
    Any ideas????

    OK so heres the thing, he has a macbook & an iMac - both new, both running leopard, & he can connect those via, text, vid & audio
    But he cant connect to me, running Tiger, so it appears the fault is with me.
    My router is a Thompson 735BB6
    I'm on version 3.1.9 (v446)

  • OWSM Custom Step - Determine Remote Address

    I'm working on a custom step that provides custom metrics for some of our web services (BPEL). The only thing that I haven't been able to figure out is the remote address.
    The heart of my code is:
    public IResult execute(IMessageContext messageContext) throws Fault {
    Result result = new Result();
    result.setStatus(IResult.FAILED);
    boolean isRequest = (IMessageContext.STAGE_REQUEST.equals(messageContext.getProcessingStage()) || IMessageContext.STAGE_PREREQUEST.equals(messageContext.getProcessingStage()));
    if (!isRequest) {
    result.setStatus(IResult.SUCCEEDED);
    return result;
    try {
    log(messageContext);
    result.setStatus(IResult.SUCCEEDED);
    } catch (Exception ex) {
    messageContext.getInvocationStatus().setErrorMessage(ex.getMessage());
    generateFault(ex.getMessage());
    return result;
    private void log(IMessageContext messageContext) throws Exception {
    String client = null;
    try {
    client = ((MessageContext) messageContext).getRemoteAddr();
    // HttpServletRequest httpServletRequest = (HttpServletRequest) messageContext.getProperty("javax.servlet.request");
    // if (httpServletRequest != null) {
    // client = httpServletRequest.getHeader("Host");
    } catch (Exception ex) {
    String msg = "Unable to extract the client IP address.";
    throw new Exception (msg);
    <continue capturing metrics and log to the database>
    The problem is, client is always null. I've tried both techniques I've found online and neither of them seem to produce any results. Could there be some server configuration that is preventing this information from be sent to OWSM?

    mrmora,
    After opening a Service Request and communicating with one of Oracle's reps, I was told that the HttpServletRequest (and I guess other client info) is never available for either the Server Agent or Client Agent.
    I created a Gateway, instead, and and I'm now getting the HttpServletRequest and the client's IP. Both of these codes now work:
    HttpServletRequest request = (HttpServletRequest)messageContext.getProperty("javax.servlet.request");
    String clientIP = httpSrvltRqst.getRemoteHost();
    =====
    String clientIP = ((MessageContext)messageContext).getRemoteAddr();
    Thanks.

  • ICloud mail adress is wrong during reset phase

    Hey,
    Trying to reset my iphone but the iCloud email adress is wrong. I've had j******@gmail.com usually, but during my installing phase it asks me for j******@gmail.se.
    I'm from Sweden, hence the .se. But I've never created a gmail with .se, and to be honest I don't think that's even possible.
    The proper way to do this I've read, is to erase the connection from the phone to iCloud before resetting, but that ship has sailed. (Or, if it just wouldv'e had my correct email adress....)
    This problem is now blocking my phone. I've logged in to my iCloud but since I've succeded in the first part of resetting the phone is nowhere to be seen when I'm logged in.
    Also, should also say that I've ofc tried both j******@gmail.se and j******@gmail.com.
    When trying to log in with j******@gmail.se it just says: Incorrect Apple ID or Password.
    When trying to log in with j******@gmail.com it says: Incorrect Apple ID, "*my email adress*" cannot be used to unlock this iPhone.
    Any recommendations?

    Also i cant restore the iphone cuz it also needs a password!

  • Get remote address in HttpSessionAttributeListener?

    Hi,
    I'm using an HttpSessionAttributeListener to log user sessions: it looks for the "NtlmHttpAuth" attribute, which is bound by the NtlmHttpFilter from the jCIFS project.
    Is there a way to get the remote user address, from the HttpSession? I can't seem to find an obvious way to do it. The only thing that comes to mind is to create another filter (executed before NtlmHttpFilter) that would grab it from the request and set it as an attribute on the session, but this seems a little circuitous. I'm not even sure it would work, since I'm not 100% clear on how exactly NtlmHttpFilter interacts with the session life-cycle.
    What's the right thing to do?

    The remote address is indeed request based, not session based.

  • Coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpA

    Hi
    I have installed coheI have installed coherence server "fmw_12.1.3.0.0_coherence_Disk1_1of1.zip" along with Examples on windows machine and C++ client coherence-cpp-12.1.3.0.0b51709-windows-x86-vs2012.zip on the same machine.
    I have built the "contacts" C++ Example successfully and while I execute this "contacts" using run I am facing TcpAcceptor error.
    On my coherence server the TcpAcceptor is listening on port 8088, so I have modified the extend-cache-config.xml file with values "ip address of my windows machine" and port as "8088".
    All the time I am getting below error,
    coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpAcceptor
        at class coherence::lang::TypedHandle<class coherence::component::net::extend::PofConnection> __thiscall coherence::component::util::TcpInitiator::openConne
    ction(void)(TcpInitiator.cpp:307)
        at coherence::component::util::TcpInitiator::openConnection
        at coherence::component::util::Initiator::ensureConnection
        at coherence::component::net::extend::RemoteCacheService::openChannel
        at coherence::component::net::extend::RemoteService::doStart
        at coherence::component::net::extend::RemoteService::start
        at coherence::component::util::SafeService::startService
        at coherence::component::util::SafeService::restartService
        at coherence::component::util::SafeService::ensureRunningServiceInternal
        at coherence::component::util::SafeService::start
        at coherence::net::DefaultConfigurableCacheFactory::configureService
        at coherence::net::DefaultConfigurableCacheFactory::ensureService
        at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
        at coherence::net::DefaultConfigurableCacheFactory::configureCache
        at coherence::net::DefaultConfigurableCacheFactory::ensureCache
        at coherence::net::CacheFactory::getCache
        at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void,void,void,void> >::sizeOf(bool)
        at _onexit
        at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
        at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
        at BaseThreadInitThunk
        at RtlInitializeExceptionChain
        at RtlInitializeExceptionChain
        on thread "main"
    Caused by: coherence::net::messaging::ConnectionException: coherence::component::util::TcpInitiator::TcpConnection@029EAD78{Id=NULL, Open=1, LocalAddress=NULL,
    RemoteAddress=10.242.152.242/10.242.152.242:8088}: socket disconnect
        at class coherence::lang::TypedHandle<class coherence::net::messaging::Response> __thiscall coherence::component::net::extend::AbstractPofRequest::Status::g
    etResponse(void)(AbstractPofRequest.cpp:203)
        at coherence::component::net::extend::AbstractPofRequest::Status::getResponse
        at coherence::component::net::extend::AbstractPofRequest::Status::waitForResponse
        at coherence::component::util::Initiator::openConnection
        at coherence::component::net::extend::PofConnection::open
        at coherence::component::util::TcpInitiator::openConnection
        at coherence::component::util::Initiator::ensureConnection
        at coherence::component::net::extend::RemoteCacheService::openChannel
        at coherence::component::net::extend::RemoteService::doStart
        at coherence::component::net::extend::RemoteService::start
        at coherence::component::util::SafeService::startService
        at coherence::component::util::SafeService::restartService
        at coherence::component::util::SafeService::ensureRunningServiceInternal
        at coherence::component::util::SafeService::start
        at coherence::net::DefaultConfigurableCacheFactory::configureService
        at coherence::net::DefaultConfigurableCacheFactory::ensureService
        at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
        at coherence::net::DefaultConfigurableCacheFactory::configureCache
        at coherence::net::DefaultConfigurableCacheFactory::ensureCache
        at coherence::net::CacheFactory::getCache
        at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object
    ,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void
    ,void,void,void> >::sizeOf(bool)
        at _onexit
        at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
        at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
        at BaseThreadInitThunk
        at RtlInitializeExceptionChain
        at RtlInitializeExceptionChain
        on thread "main"
    Caused by: coherence::io::IOException: socket disconnect
        at unsigned int __thiscall coherence::net::Socket::readInternal(unsigned char *,unsigned int)(Socket.cpp:333)
        at coherence::net::Socket::readInternal
        at coherence::net::Socket::SocketInput::read
        at coherence::io::BufferedInputStream::fillBuffer
        at coherence::io::BufferedInputStream::read
        at coherence::component::util::TcpInitiator::readMessageLength
        at coherence::component::util::TcpInitiator::TcpConnection::TcpReader::onNotify
        at coherence::component::util::Daemon::run
        at coherence::lang::Thread::run
        on thread "ExtendTcpCacheService:coherence::component::util::TcpInitiator:coherence::component::util::TcpInitiator::TcpConnection::TcpReader"

    We are facing same issue.    Could you please provide us any working .Net sample code for the version 12.1.2.0.
    <ssl>
                  <protocol>Tls</protocol>
                  <local-certificates>
                    <certificate>
                      <url>c:\Cert\</url>
                      <password>password</password>
                      <flags>DefaultKeySet</flags>
                    </certificate>
                  </local-certificates>
                </ssl>
    thanks
    Bala

  • HT5622 I wrongly entered my apple id into my new i phone . It was my e mail address with a letter wrong I have registered right on the i cloud account but when I go to get apps it still shows wrong e mail How do I delete this incorrect e mail Thanks Mike

    I wrongly entered my apple id into my new i phone . It was my e mail address with a letter wrong
    I have registered correctly on the i cloud account but when I go to get apps it still shows wrong e mail
    How do I delete this incorrect e mail? Thanks Mike

    settings - app/itunes store - sign out - sign back in.

  • Question about iCloud. How do I change my e-mail address, I have the wrong one and want to change it.

    question about iCloud.  How do I change my e-mail address, I got the wrong address.

    There are a variety of options available to you, including creating an email "alias" or changing the email address associated with your iCloud ID.
    For all practical purposes your iCloud email address and Apple ID are interchangeable. To change your Apple ID read Apple ID: Changing your Apple ID.
    If you simply created an Apple ID in error, you might consider abandoning it altogether and creating a new one. On the other hand, if you already used that Apple ID to purchase iTunes or other digital content, don't create a new Apple ID, because any purchases you already made are inexorably linked to the Apple ID used to make them.

  • Can I check remote address connecting to a ServerSocket before accepting?

    I have a ServerSocket for which I'd like to implement an IP filter, using an allow or deny list to control which IP addresses can connect. After accepting the connection, I check the remote address on the Socket that is created, and apply the filter. However, if I close the connection to a denied address, the client sees that the connection was accpeted, but then it throws a SocketException when it tries to write to it.
    That accomplishes the purpose of the filter, but it doesn't seem like good behavior from the client's perspective. I'd like to implement a ServerSocket that doesn't even accept the connection if the remote address is not permitted. Is there any way to do that?

    Why not write a connection accepted/refused message
    to the client and then carry on (or close the
    socket/streams at both ends)?I'm not sure I understand your suggestion. When ServerSocket.accept() returns by providing a Socket object, that is the first time the server code can determine the IP address of the client and apply an IP filter. However, the connection has already been established at this point, so it's not possible to make an accept/refuse decision for the connection based on the client IP address. By the time the server code sees the IP address, the connection has already been accepted, and the only recourse is to close the connection from the server (by calling close() on the Socket object that was returned), and the client will then throw an exception with the message saying that the software closed the connection.
    Legitimate users trying to connect may interpret this as a software problem, if they don't know any better. Intruders will discover from this behavior that the port is open through the firewall, and may conclude that IP filtering is being applied, and if they have some idea of what IP addresses are allowed, they could easily spoof them. Or they could keep trying, hoping to catch the server when the IP filtering is turned off.
    It would be better to mimic the filtering behavior of a firewall, whereby the connection is not established. Then the client would report that it could not establish the connection, and the user would be more likely to look into whether the port is open or IP filtering is occurring, rather than thinking there is a software problem. And the intruder would conclude that the port is not open and go somewhere else.
    I would need a different implementation of ServerSocket to do this. I checked jakarta commons net, but that only provides client side utilities. I'm currently untangling the source code of java.net.ServerSocket to see how difficult it will be to override the accept() method to provide filtering behavior. This seems like a useful thing, and I thought perhaps someone had already done so. Or perhaps someone can tell me why this is not a good idea.
    Message was edited by:
    MidnightJava

  • ACS 5.4 with ACS 5.6 as a Log Collector

    Hello,
    I have a ACS 5.4.0.46-6 running.
    Now I want to setup a ACS log collector on my ESX 5.5.
    Since ACS 5.4 is not supported on ESX 5.5 I want to install ACS 5.6.
    Question :
    I this setup possible?
    Can I use the ACS 5.6 as a log-collector for the ACS 5.4?
    Regards,
    Herald

    Hi,
    Herald .
    Your tests spare me lot of time since I was going to try the same configuration.
    I am afraid that such a configuration will not work as long  as the log collector server has to be part of the same distributed deployment other aaa servers are.Actually I think that servers members of the same distributed deployment needs to run same sw version
    Regards
    MM

Maybe you are looking for