Authentication for easy vpn users using windows ad and xauth on pix firewa

Similar Messages

• Can't connect to Easy VPN Server using Windows 7 inbuilt VPN client

  Hi Everyone,
  I would like your help to resolve a vpn issue I am having with my Windows 7 inbuilt vpn client. I am trying to connect to an Easy vpn server on a Cisco 2951 ISR G2. Well, I can connect using Cisco vpn client v5.07 but I can't connect using Windows 7 inbuilt vpn client. Is there any configuration that I am missing so that I can connect using Windows 7 inbuilt vpn client to connect to the vpn server?
  Thank you.

  Hi MindaugasKa,
  Base on your description, your case must is the NPS client can’t pass the NPS policy.
  The NPS client can’t connect the network may have many reason, such as the Network Access Protection Agent service not started successful, the certificate not issued properly,
  please offer us information when your Windows 7 client denied, such as event id, original error information, screenshot.
  More information:
  Extensible Authentication Protocol (EAP) Settings for Network Access
  http://technet.microsoft.com/en-us/library/hh945104.aspx
  Network Access Protection in NPS
  http://msdn.microsoft.com/en-us/library/cc754378.aspx
  Appendix A: NAP Requirements
  http://technet.microsoft.com/en-us/library/dd125301(v=ws.10).aspx
  802.1X Authenticated Wireless Access Overview
  http://technet.microsoft.com/en-us/library/hh994700.aspx
  Connecting to Wireless Networks with Windows 7
  http://technet.microsoft.com/library/ff802404.aspx
  The related thread:
  NPS 2012 rejects windows 7 clients after upgrade from 2008 R2. Requested EAP methods not available
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/44af171f-6155-4f2e-b6c7-f89a2d755908/nps-2012-rejects-windows-7-clients-after-upgrade-from-2008-r2-requested-eap-methods-not-available?forum=winserverNAP
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• 2 Factor Authentication for Anyconnect VPN using ISE

  We are planning to implement dual factor authentication for Anyconnect VPN.
  The end users will be authenticated using domain name in machine certificates and username password with
  ISE used as radius server.
  We have the following approaches to achieve this :-
  1. Use primary and secondary authentication with user credentials as primary authentication
  and CN field of the certificate as secondary authentication.However this option prompts users for password for
  both the fields while we want the machine certificate to authenticate itself without a password.
  2. Second approach is to authenticate using user credentials and authorize the user to access the network if
  the machine certificate has a domain name in CN field which we are able to validate from the AD using
  Dynamic Access Policy.
  We are looking forward for discussions on the above approaches and are open to any other
  solution.

  Hi Umahar,
  Not sure I understood correct. You would like to authenticate the user using machine certificate for anyconnect and want to extract CN attribute the client's certificate and send it to the ISE server for further authenticate with AD. And also you don't want an additional password prompt to be produced to the user.
  If my understanding is correct. Then user would get a prompt for the password atleast because in the machine certificate there won't be password, but to authenticate with RADIUS/TACACS , we need both username and password. So how will the user gets authenticated without password.
  If you are looking a way to just see if the user is present under AD, not exactly and authentication then this might not be possible.

• I am thinking of buying a iPad but my main desktop machine uses Windows 7 and MS Office.  How easy or difficult is it to transfer data files between the iPad and Windows?  Are there obvious problems or the need for some form of conversion programs?

  I am thinking of buying a iPad but my main desktop machine uses Windows 7 and MS Office.  How easy or difficult is it to transfer data files between the iPad and Windows?  Are there obvious problems or the need for some form of conversion programs?
  Many thanks for any advice.
  David

  You don't need conversion programs, iTunes can copy most of your content over to the iPad via the file sharing section, and some apps also support Dropbox, email attachments, transfer via your wifi network. There are a number of apps that you can get that support Microsoft office file (microsoft don't make an app versions of their software) e.g. from Apple there are Pages (word support), Numbers (excel) and Keynote (powerpoint), and from third-parties there are apps such as Documents To Go and QuickOffice HD

• Certificate authentication for Cisco VPN client

  I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
  I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
  Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.                    

  Dear Doug ,
            What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
  With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
  1)  What is the AnyConnect Essentials License?
  The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers"  platform limit with AnyConnect.  Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device.  With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
  You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150      
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  Security Contexts              : 2        
  GTP/GPRS                       : Disabled 
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 750      
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          : Disabled 
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150      
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  Security Contexts              : 2        
  GTP/GPRS                       : Disabled 
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 750      
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          :  Enabled
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled
  Any connect VPN Configuration .
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

• I just bought a macbook pro and am ready to order Microsoft Office for Mac. I use Windows 2007 at work and want to be sure I am able to work with files from that system. Do I need to buy 2 different editions of Microsoft Office to be able to do this?

  Do I need to buy 2 different Microsoft Office products if I want to be able to use my new Mac with Microsoft Office for Mac and also use files saved on my work computer which uses Microsoft Window 2007?

  Pomme4us wrote:
  Do I need to buy 2 different Microsoft Office products if I want to be able to use my new Mac with Microsoft Office for Mac and also use files saved on my work computer which uses Microsoft Window 2007?
  Sorry, but your likely going to have to use Windows 7 and Office on your Mac at work using Bootcamp.
  Although you can share files OfficeMac and Office on Windows, the formatting will be off because two platforms use different installed fonts and formatting. This will cause a productivity lost and require extra editing at work
  If you could share just PDF's then your fine, but that will unlikely be the case.
  So to share files seamlessly your going to have to install Windows 7 (another $300) full version, 64 bit, using Apple's Bootcamp.
  https://www.apple.com/support/bootcamp/
  It's ok, though, you can boot into OS X to use that online and surfing etc at home. It's the internet and sharing of files from other Windows users that cause Windows to hoze up, so mimimalize both of those and you should be fine.
  You can also run Windows 7 in a virtual machine software like Parallels or VMFusion. as long as you don't have any super demanding needs of the hardware, like running 3D games or super intense CPU actions like video processing. Office work is just fine and it's safer than Bootcamp, as in a virtual machine you can keep "snapshots" of previous states of the OS, and revert back to in case something goes wrong in mere seconds.
  A real good piece of news though, Windows 8 is so radically changed from Windows 7, that your workplace will remain with Windows 7 as long as possible to put off all the retraining necessary with that new OS version.
  So think of the $300 + $60 investment in Windows on your Mac as a longterm thing.

• HT1335 My ipod classic have no software and I am stuck with it. It was formatted for apple but I use windows 8.  Please help. Thanks in advance.

  My ipod classic have no software and I am stuck with it. It was formatted for apple but I use windows 8.  Please help. Thanks in advance.

  Hello there, DrDhillon.
  The following Knowledge Base article goes over the steps that will help you resolve your issue:
  Restoring iPod to factory settings
  http://support.apple.com/kb/HT1339
  Thanks for reaching out to Apple Support Communities.
  Cheers,
  Pedro.

• HT5192 unable to download ios 5.0 for ipad using windows 7 and itunes 10.1

  I am unable to upgrade to ios 5.0 for my ipad. I am using windows 7 and my itunes is updated 10.1   it keeps timimg out and i get error message 3259.  I already tried diacbling antivirus software

  You've tried turning off all firewall and antivirus software ? If that doesn't work then you could try downloading the 5.1.1 update via a browser :
  original iPad
  iPad 2 wifi
  iPad 2 gsm/sim
  iPad 2 CDMA
  iPad 2 new
  iPad 3 wifi
  iPad 3 gsm
  iPad 3 CDMA
  When it's finished downloading, in your computer's iTunes press and hold the shift key on Windows (command key on Mac) when clicking the Check For Updates button which should let you navigate to the downloaded file.

• How to get a organization name for a particular user using API's

  Hi alll,
  How to get a organization name for a particular user using API's

  You need to do something like this:
  SearchCriteria criteria = new SearchCriteria("User Login", "XELSYSADM", SearchCriteria.Operator.EQUAL);
                 UserManager usrService = oimClient.getService(UserManager.class);
                 Set<String> retAttrs = new HashSet<String>();
                 retAttrs.add(UserManagerConstants.AttributeName.USER_ORGANIZATION.getId());
                 List<oracle.iam.identity.usermgmt.vo.User> users = usrService.search(criteria, retAttrs, null);
                 System.out.println("ORG KEY :: " + users.get(0).getAttribute("act_key"));

• Ihave downloaded iCloud to my new PC and am using windows 7 and office 2010. I cannot get iCloud to come up on Outlook with the choices for CalendCar and contacrts, my iMail account is there, but not the general coud choices. What am I doing wrong.

  I have downloaded iCloud to my new PC and am using Windows 7 and Offie 2010. I cannot get iCloud to come up on Outlook with the choices for Calendar and Contacts, my iMail accnt is there***.me.com, but not the general Cloud choices for calendar and contacts? What am I doing wrong?

  I have I cloud 2.0.2.187 loaded just downloaded yesterday.

• I am using Windows XP and just installed Elements 12. When I try to select a different brush or shape the drop down list will not stay open long enough to select a different item. I have used Elements 9 for awhile and have not had this problem

  I am using Windows XP and just installed Elements 12. When I try to select a different brush or shape the drop down list will not stay open long enough to select a different item. I have used Elements 9 for awhile and have not had this problem

  grannybel
  It would appear that you are destined for the Adobe Photoshop Elements Forum since your question is related to Photoshop Elements and not Premiere Elements which is the focus program where you have posted.
  But, while the arrangements are being made, here are a few things for you to think about if you have not already
  1. Reset Tools - Select Brush Tool, then
  2. Delete Settings File
  Go to Full Editor/Edit Menu/Preferences/General and click on the option "Reset Preferences on Next Launch".
  We will be watching for your progress.
  Thank you.
  ATR

• Acrobat reader installed fine, but opens for five seconds and then closes. Using Windows 7 and mcafe

  Acrobat reader installed fine, but opens for five seconds and then closes. Using Windows 7 and McAfee on a Dell laptop.

  You can try using Windows Explorer to navigate to C:\Program Files (x86)\Adobe\Reader 11.0\Reader, then double-click on Eula.exe and accept the license agreement

• Some times firefox does not opens facebook and google pages and this does not happen for other sites. Iam Currently using windows xp and using 3.6.3 Firefox version.Please help.

  Some times the fire fox does not open google and facebook pages but it does not happen for other sites. Iam currently using Windows xp and iam using Mozilla Fire fox 3.6.3 .Please help
  == URL of affected sites ==
  http://www.facebook.com,www.google.com

  You can try a direct connection and select No Proxy in the connection settings.
  You can find the connection settings in "Tools > Options > Advanced : Network : Connection"
  Also do a malware check with a few malware scan programs.<br />
  You need to use all programs because each detects different malware.<br />
  Make sure that you update each program to get the latest version of the database before doing a scan.
  * http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  * http://www.superantispyware.com/ - SuperAntispyware
  * http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  * http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  * http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
  See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and [[Searches are redirected to another site]]

• I am using windows 7 and can't get the print drives to load for F2210 printer

  I am using windows 7 and can't get the print drives to load for F2210 printer and I keep receiving different fatal error codes.

  Hello @Imvertical 
  Welcome to the forums!
  I read about how you're attempting to install your Deskjet F2210 on your Windows 7 system and receive Fatal Error codes. I will do my best to help and make some suggestions for you to try. 
  To being, try a standard copy from the unit to see if it will copy. If copies work, continue troubleshooting. If not, let me know what happened when you made a copy.
  Next:
  Perform a Level 3 uninstall.
  There are 2 ways you can run the uninstall:
  From Original installation CD:
  1. Insert CD into drive, and then cancel the installer
  2. Click Start and open 'Computer', and then right click on the CD drive and open
  3. Open folder Util
  4. Open folder CCC
  5. If you have an HP computer run the L3uninstall.exe. If you have a non-HP computer run the L4uninstall.exe
  6. When the uninstall has completed restart the computer
  7. Run Disk cleanup from Accessories\ System Tools
  8. Download and install the latest version of Adobe flash player
  http://www.adobe.com/support/flashplayer/downloads.html
  9. Download the full feature software and drivers: HP Deskjet F2200/F2224 All-in-One Printer series Full Feature Software and Driver
  10. Run the download to reinstall the printer
  If software was downloaded and extracted to your system:
  1. Click Start and type %temp% in the run field
  2. Look for, and open the folder starting with 7z (Example: 7zS2356) (If there is more than one, choose the most recent folder)
  3. Open folder Util
  4. Open folder CCC
  5. If you have an HP computer run the L3uninstall.exe. If you have a non-HP computer run the L4uninstall.exe
  6. When the uninstall has completed restart the computer
  7. Run Disk cleanup from Accessories\ System Tools
  8. Download and install the latest version of Adobe flash player
  http://www.adobe.com/support/flashplayer/downloads.html
  9. Download the full feature software and drivers: HP Deskjet F2200/F2224 All-in-One Printer series Full Feature Software and Driver
  10. Run the download to reinstall the printer
  Please let me know if the installation worked after the Level 3 uninstall.
  Good luck and have a nice Wednesday!
  R a i n b o w 7000I work on behalf of HP
  Click the “Kudos Thumbs Up" at the bottom of this post to say
  “Thanks” for helping!
  Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!

• I have a late 2009 iMac, with a Nvidia 9400 Graphics card.  I was wondering what my options are for upgrading.  I use Windows 7 via Bootcamp, so I need a card that is compatible.

  I have a late 2009 iMac, with the default Nvidia 9400 Graphics card.
  I was wondering what my options are for upgrading.  I use Windows 7 via Bootcamp, so I need a card that is compatible/has available drivers.
  This is for gaming. On the lowest settings of "Call of Duty 4", I get about 100 FPS... Was hoping to be able to play on higher resolution w/o the fps lag.
  I'm not good with the hardware part of computers at all, but know how to get around the OS.

  In most cases the graphics cards in iMacs are Not upgradeable.  They are usually soldered to the logic board.  RAM is considered, along with harddrives, the only component that is upgradeable in an iMac, unlike in PC's.  So basically you would need to sell your unit and purchase an iMac with a more powerful graphics card.
  Hope this helps