Accounting on PIX

Similar Messages

• Unlock user account on PIX v7.0

  How do you unlock a PIX local database user account in PIX v7? You can set the account to lock after a set number of failed password attempts, but I can’t seem to unlock the account. From the CLI, you can display the number of failed attempts and when the account was locked. There doesn’t seem to be a command to unlock the account; the only fix I have is to delete the account then recreate it

  clear aaa local user lockout {username name | all}
  http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008045277a.html#wp1912560

• Command accounting in PIX

  Hi:
  I want to use something like "command accountig" in pix 525; I mean I want to know what commands was executed or typed by administrator.
  Somebody knows if it is possible in PIX? My pix version is 6.3.3.
  Thank you.

  I could find the following information for ver 6.2. I guess it is applicable to 6.3 too. http://www.cisco.com/warp/public/110/pix_command.shtml#accounting Basically, actual command accounting is not available. However, you can generate some sort of a record using syslog.

• AAA PIX accounting

  Hi,
  I would like to configure accounting on PIX devices version 6.3(5)and up. I only need to capture device administration commands for the boxes. The firewalls are setup with aaa authentication and SSH. I did not see SSH as an option for protocols to capture accounting records.
  Thanks.

  AAA accounting for SSH not supported in PIX 6.x version, you have upgrade to 7.x version for this.
  Try this link:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#pixconfig_addingacctg

• How do I add my sync items to new phone

  Hi all,
  I recently had a palm centro and did regular syncs to my computer. Yesterday my phone came into contact with my 2 year old and needless to say "it went to heaven", so now I am looking to buy a different palm phone maybe the pixie or maybe just some other type of phone (not sure yet). 
  My question is can I get all my sync music, messages, photos etc thats on the computer be added to a new phone that is not a centro? if so how do I do this?
  Thank you in advance

  Photos:
  You should be able to poke around a folder similar to the one listed here (the page is for other devices, but Centro files can't be that far off) and see all the phots that have synchronized to your Centro: http://kb.palm.com/wps/portal/kb/common/article/31573_en.html
  And then there's how to move the photos to Pixi: http://kb.palm.com/wps/portal/kb/na/pixi/pixi/sprint/solutions/article/19401_en.html
  Messages:
  I don't think there's any way to port SMS messages over to a new phone.
  Email messages are synchronized from the source accounts to Pixi: http://kb.palm.com/wps/portal/kb/na/pixi/pixi/sprint/solutions/article/20098_en.html
  Music:
  You can either use USB Drive Mode to move music files to a Pixi (without playlists): http://kb.palm.com/wps/portal/kb/na/pixi/pixi/sprint/solutions/article/19401_en.html
  ... OR ... sync a playlist using an add-on app like GoGadget, doubleTwist: http://www.palm.com/us/products/software/sync.html
  Calendar, Contacts:
  They're moved from Palm Desktop when you run a migration tool from Palm: http://www.palm.com/us/support/downloads/pre/migration/dta_windows.html

• AAA Rules for PIX515E 6.3(5)

  Hello. If I wanted to configure the PIX for authentication from an ACS server (for the purpose of PIX management), what else would I need apart from the following:
  aaa-server Admin-FW protocol tacacs+
  aaa-server Admin-FW max-failed-attempts 3
  aaa-server Admin-FW deadtime 10
  aaa-server Admin-FW (inside) host 192.168.2.9 access timeout 10
  aaa authentication serial console Admin-FW
  aaa authentication telnet console Admin-FW
  aaa authentication ssh console Admin-FW
  AFAIK, I have not specified what IP addresses that someone can telnet from to log onto the PIX. I have tried the following, but I'm sure I haven't provided the correct statements:
  aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW
  ... and I get a Username / Password prompt on the PIX but it keeps asking for a username and password. I know my TACACS account is fine since I can log onto routers with the same details as what I am using to authenticate to the PIX.
  I also ran a debug on the PIX when I was trying to authenticate. The output is attached.
  Thanks,
  Timothy

  Hi,
  Config seems to be just fine, though you can still go through following :
  Telnet access :
  http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sysmgmt.html#wp1022109
  SSH access :
  http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sysmgmt.html#wp1034079
  "aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW"
  Above command is for pass through traffic, and has no role for Administrative authentication. So you can remove this.
  Apart from that, in your debugs I see this,
  150: Processing a rejection for user , session id: 1097271073
  151: Processing a rejection for user , session id: 1097271073
  *152: Marking server 192.168.2.9 down in servertag Admin-FW*
  153: Processing a rejection for user , session id: 1097271073
  154: Processing a rejection for user , session id: 1097271073
  Can you check your ACS server logs pass/fail, to see of you are even touching the ACS server.
  I am sure you must have defined a AAA client entry for PIX as a TACACS+ client.
  Please look into that. As from these debugs it seems like, PIX is considering it dead.
  Debugs that can help you :
  debug aaa authentication
  debug aaa authorization
  Also, as you are using version 6.3(5),
  Create a local account on PIX, and use these commands,
  aaa authentication serial console Admin-FW LOCAL
  aaa authentication telnet console Admin-FW LOCAL
  aaa authentication ssh console Admin-FW LOCAL
  So that you always have a fallback.
  Regards,
  Prem

• How do I create multiple FB accounts for uploading iPhoto pix?

  I create content for several small business Facebook accounts.
  I was hoping to create multiple FB accounts within the iPhoto sharing accounts preferences, but iPhoto doesn't seem to accept my FB alter egos.
  I'd like to be able to have an account that goes right to my personal page pkus a separate sharing account for each FB page for which I'm an administrator. Doesn't seem like too much to ask, but I've been trying to figure this out for a few weeks now. Alas, FB has no real help to speak of so I throw myself on the mercy of the iPhoto community.
  Any suggestions? It would make uploading to FB much speedier--so I'd do it whenever I import pix from my camera into iPhoto instead of being a FB slacker.
  Thanks,
  Nancy

  Ahh, no wonder.
  I had assumed from the account preference choices that I ought be able to create multiple sharing accounts in FB, because of the + sign. And, in fact, for a while time I did have two sharing accounts for two different personal FB accounts. At that time it did work to upload photos directly from iPhoto to the two different personal accounts. But I was never able to upload directly from iPhoto to the intended business account. And since upgrading I can't seem to create a second personal FB account in iPhoto.
  Thanks, Larry, for the assistance. I'll follow your suggestion to recommend the feature to Apple.

• HT5517 I want to photo stream pix from my iMac to apple tv. When I try to enter the iCloud account name and password, the systems tells me that terms of service have changed and won't let me proceed. What's that about.

  I want to photo stream pix from my iMac to apple tv. When I try to enter the iCloud account name and password, the systems tells me that terms of service have changed and won't let me proceed. What's that about?

  You need to reset the password for the "old" account, and then use that to turn off iCloud.  Then you will be able to sign in with your new ID.
  You can reset your password at iForgot.apple.com.
  If you don't know the answers to the security questions, you will need to start there.
  http://support.apple.com/kb/HT5312
  -If you established a rescue email address, there will be a link on the "Passwords & Security" page of id.apple.com.  Clicking the link will send the reset to your rescue email address (NOTE:  This is not the same address as your Apple ID email)
  -If there is no link on the page, then you didn't establish a rescue email address.  Contact AppleCare at 800.694.7466 (If you are in the US), and ask for account security.  You will need to answer some questions to verify your identity, AND you will need access to a computer to generate a temporary support pin.
  -If you are not in the US, click http://support.apple.com/kb/HT5699 - Apple ID: Contacting Apple for help with Apple ID account security
  HTH

• Yosemite. iPhoto has stopped sharing pix via email. Have tried removing and re-adding accounts. This is a new problem. What gives??

  I recently had a new hard drive installed and upgraded to Yosemite 10.10.1 on a Macbook Pro. No problems for the first week, then iPhoto 9.6 stopped sharing pix via email. I tried removing and re-adding my accounts but that didn't help. Thanks in advance for any advice. Ra Buck.

  PS. IPhoto doesn't seem to connect, but I'm not getting an error message.

• If I help out a friend & download a free app (through my iTunes account) on their new iPod Touch, will their device automatically be added to my itunes device list (and they can see all my contacts, pix, music etc)?

  If I help out a friend & download a free app (through my iTunes account) on their new iPod Touch, will their device automatically be added to my itunes device list (and they can see all my contacts, pix, music etc)?

  Just wondering, what context is this in?
  First up, is your iTunes account part of an iCloud account?
  Secondly, if it's a free app, why don't they just download it? If they are having trouble finding it on the App Store, but you can find it easily, you can share the link for it via email with them, and if they view that email on their iPod they can just tap the link and it will open the App Store to that App for them, so they can download it themselves.
  If you were to go to the Store settings pane and sign in with your iTunes account, that should only provide the possibility for download items from your iTunes account, such as purchased apps, music and movies. However, if you signed in, downloaded the app, and then went back and signed out of the account again, there shouldn't be any access apart from the app you downloaded. This is provided you sign in using the Store section of the Settings app, not the iCloud section.
  One problem they will have if you download this in your account instead of theirs, in order to download updates for that app, they will need you to enter your iTunes password to download the updates. Doing that doesn't give them access to anythign to do with your account other than that update, but they will be unable to receive updates for it without your password. They would also likely be unable to sync the app onto their computer, as their computer would not be Authorised with your iTunes account.
  If you can answer some of the questions I've asked, I may be able to suggest alternate ways for you get them the app on their device.
  Hope this all helps a bit

• I made a huge mistake, my wife loaded pix under guest and as I closed it to get to my account pix were deleted. Is there any way to recover these pix? Please help!!!

  I made a huge mistake, my wife loaded pix under guest and as I closed it to get to my account pix were deleted. Is there any way to recover these pix? Please help!!!

  You can try data recovery software, like Stellar Phoenix.  That may (or may not) recover some or (probably not) all of them.  Any that cannot be recovered have probably been overwritten and are gone for good.
  Note that you should not do anything further with the machine until you have the data recovery software, and should not install said software on the machine, since that may overwrite the data you're trying to recover.  You'll want to have some other drive you can boot from and use the recovery software from.

• Command Accounting Failure on my PIX

  Hi,
  I am configuring my PIX ver 7.2(2) for command accounting using the "aaa accounting command" command but I am not able to see any accounting information on my ACS 4.1 build 23 server!
  Although authentication for this PIX is working just fine and the accounting is also working perfectly for other IOS devices, accounting for the PIX is not giving any results when browsing to the TACACS+ administration page!!
  I am posting the PIX show-tech for your referecne!
  Appreciate your support here!
  BR,
  Haitham

  Hi Rohit,
  Thank you so much, you were absolutely right. The accounting problem was due to the bug CSCsg97429 and the problem was resolved after applying the patch: applAcs-4.1.1.23.1.zip
  Thanks,
  Haitham

• PIX Accounting

  Hi,
  I have configured a PIX with the following commands:
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ (sopdc) host 10.XX.XX.XX
  timeout 20
  key XXXXXXXX
  aaa-server TACACS+ (sopdc) host 10.XX.XX.XX
  timeout 20
  key XXXXXXXXX
  aaa authentication serial console LOCAL
  aaa authentication telnet console TACACS+ LOCAL
  aaa authentication enable console TACACS+ LOCAL
  aaa accounting command TACACS+
  aaa accounting enable console TACACS+
  aaa accounting telnet console TACACS+
  Authentication works fine but accounting doesnt work where i can see limited logs in the ACS server as attached.
  Any ideas?

  Seems to be a bug. This issue has been documented in the PIX 7.x code:
  http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsc85210
  The fix has been integrated into PIX 7.2.1 and later.

• Enabling Displays Prefs in Simple Finder account for KId Pix user.

  Hi,
  I have set up a managed "Simple Finder" account for my son so he can play Kid Pix - however Kid PIx want's to run at "800x600" and "Thousands of Colours"
  It tries to make the switch but ends up at the wrong resolution - after allowing system prefs to run the Displays settings is still greyed out.Is there a way to enable this or is there another workaround someone knows about ??
  Thanks
  Dual 2.66 Dual Core MacPro   Mac OS X (10.4.10)  

  It very likely is possible to allow a "Simple Finder" access to the "Displays" pref pane, either through "Workgroup Manager.app" or by hand editing 'mcx_settings'.
  However, from the description of the problem, an easier workaround is probably to enable the "Displays" menu item. While logged in to the managed account, temporarily "switch to full Finder" from the "Finder" menu, navigate to "/System" > "Library" > "Core Services" > "Menu Extras" and double-click the "Displays.menu". Up to ten of the most recently used resolutions can be displayed in the menu, and "managed" users can change them without accessing the "Displays" pref pane itself.

• My daughter and i started to shar apple account...now our phones are getting mixed up...we get each others pix/texts...how can i fix it?

  My daughter got her iphone first and used my itunes account for it because she needed the credit card for apps.
  Then, i got my iphone and started to use the same account.
  Now our phones are mixed up and we get some of each other's texts and pictures.
  How am i supposed to fix it?
  Can we still share the account or does one of us have to make a new one and if so, does that mean that one of us has to lose everything on our phone?
  Please help.

  YOu can share account for apps and music, but separate for imessage/facetime/icloud
  On both devices go to setting - message - send&receive and start a new convo - remove or uncheck the apple id.
  When you get a new apple id go to the above settings and input it.