Authentication on an IDSM-2?

I have a requirement to have Authentication on our network devices using RSA Secure tokens or restrict it's mgmt interface from the network.
So far I am using AAA through the ACS to accomplish this but I can find nothing about AAA for the IDSM-2.
Does AAA exist for the IDSM-2 or does anyone have another suggestion for said devices?
Thanks!
(Current HW setup. Will be upgrading to 720's soon but my security deadline is looming sooner.)
Mod Slot Ports Module-Type Model Sub Status
1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok
15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok
2 2 16 1000BaseX Ethernet WS-X6516-GBIC no ok
3 3 16 10/100/1000BaseT Ethernet WS-X6516-GE-TX no ok
4 4 16 10/100/1000BaseT Ethernet WS-X6516-GE-TX no ok
13 13 8 Intrusion Detection Mod WS-SVC-IDSM-2 yes ok

Cisco Traffic Anomaly Detector Module:
Authentication, Authorization, and Accounting (AAA) Support
Integrates with AAA through TACACS+
Privilege-level and command-level authorization and accounting
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet0900aecd80220a6e.html

Similar Messages

RADIUS authentication for IDS admin

Hi,
We've decided to centralize our accounts and are using ACS to authenticate admin access to switches, firewalls and to the CS-MARS by RADIUS. I'd like to extend that authentication also to the IDSMs running on our switches and to our CSS1100 boxes. Can this be done? how about network sensor appliances (i.e. 4200)? I've looked into the documentation but haven't found what I'm looking for. Any help is appreciated.
Thanks, Joe

The current released versions of IPS does not support RADIUS authentication. However the support is being introduced in later versions like 7.1.x
Madhu

AAA authentication for IDS access?

I've been implementing a new SSM-20 I haven't found anything that indicates we can use RADIUS to authenticate users logging into the GUI or telnet/ssh. Am I missing something here?

You expectations are quite reasonable but regretably, Cisco ONLY supports local authentication on the IPS Sensor platform (4200 series, CIDS, IDSM-2 and SSM).
This has been discussed in the past:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddef483

IDSM CPU 1 High Probleme

Hi everyone.
My name is wan tae kim in korea.
I have the question to idsm problem.
Is using idsm by ips mode in our customer.
Cpu1 will be continued in 100% state but does not know cause.
Is used by Inline mode but need Configuration verification.
I want to receive steers of many persons.
I ask counsel whether take Configuration.
IDSM Configuration:
service interface
exit
service authentication
exit
service event-action-rules rules0
overrides deny-packet-inline
override-item-status Enabled
risk-rating-range 90-100
exit
general
global-overrides-status Enabled
exit
exit
service host
network-settings
host-ip x.x.x.x/25,x.x.x.x.
host-name R_Core2_IDSM
telnet-option enabled
access-list x.x.x.0/24
access-list x.x.x.0/24
access-list x.x.x.0/24
access-list x.x.x.x/32
exit
time-zone-settings
offset 540
standard-time-zone-name GMT+09:00
exit
exit
service logger
exit
service network-access
exit
service notification
exit
service signature-definition sig0
signatures 2152 0
engine flood-host
rate 100
exit
exit
signatures 5684 2
alert-severity medium
exit
signatures 13003 0
engine traffic-anomaly
event-action produce-alert
exit
exit
signatures 13003 1
engine traffic-anomaly
event-action produce-alert
exit
exit
exit
service ssh-known-hosts
exit
service trusted-certificates
exit
service web-server
exit
service anomaly-detection ad0
exit
service external-product-interface
exit
service analysis-engine
virtual-sensor vs0
description default virtual sensor
physical-interface GigabitEthernet0/7
physical-interface GigabitEthernet0/8
exit
switch Configuration:
monitor session 3 source vlan 305
monitor session 3 destination intrusion-detection-module 9 data-port 1
Thank you.

Hi Wan Tae Kim,
The 100% CPU utilization is actually expected behavior and should not be cause for concern. To confirm the actual load on the sensor you can use the command:
show stat virt
and check the line "Processing Load Percentage ="
Additionally, you can check the output of:
show int
and verify that the number of "Receive FIFO Overruns" is low/zero, indicating that the sensor is able to keep up with the rate of traffic being sent to it via your SPAN session.
Here are examples of both outputs with the important lines in bold
sensor# show stat virt
Virtual Sensor Statistics
   Statistics for Virtual Sensor vs0
      Name of current Signature-Defintion instance = sig0
      Name of current Event-Action-Rules instance = rules0
      List of interfaces monitored by this virtual sensor = InterfacePair0 subinterface 0,GigabitEthernet0/3 subinterface 0
      General Statistics for this Virtual Sensor
         Number of seconds since a reset of the statistics = 1627117
         MemoryAlloPercent = 31
         MemoryUsedPercent = 31
         MemoryMaxCapacity = 1800000
         MemoryMaxHighUsed = 634880
         MemoryCurrentAllo = 566529
         MemoryCurrentUsed = 561597
         Processing Load Percentage = 1
         Total packets processed since reset = 7875642
         Total IP packets processed since reset = 3782287
         Total IPv4 packets processed since reset = 3755319
         Total IPv6 packets processed since reset = 26968
         Total IPv6 AH packets processed since reset = 0
         Total IPv6 ESP packets processed since reset = 0
         Total IPv6 Fragment packets processed since reset = 0
         Total IPv6 Routing Header packets processed since reset = 0
         Total IPv6 ICMP packets processed since reset = 94
         Total packets that were not IP processed since reset = 4093355
         Total TCP packets processed since reset = 204508
         Total UDP packets processed since reset = 2252490
         Total ICMP packets processed since reset = 14688
         Total packets that were not TCP, UDP, or ICMP processed since reset = 1310601
         Total ARP packets processed since reset = 2923053
         Total ISL encapsulated packets processed since reset = 0
         Total 802.1q encapsulated packets processed since reset = 0
         Total packets with bad IP checksums processed since reset = 0
         Total packets with bad layer 4 checksums processed since reset = 268
         Total number of bytes processed since reset = 1029553988
         The rate of packets per second since reset = 4
         The rate of bytes per second since reset = 632
         The average bytes per packet since reset = 130
      Denied Address Information
         Number of Active Denied Attackers = 0
         Number of Denied Attackers Inserted = 0
         Number of Denied Attacker Victim Pairs Inserted = 0
         Number of Denied Attacker Service Pairs Inserted = 0
         Number of Denied Attackers Total Hits = 0
         Number of times max-denied-attackers limited creation of new entry = 0
         Number of exec Clear commands during uptime = 0
      Denied Attackers and hit count for each.
      Denied Attackers with percent denied and hit count for each.
sensor# show int
Interface Statistics
   Total Packets Received = 29934896
   Total Bytes Received = 4010927826
   Missed Packet Percentage = 0
   Current Bypass Mode = Auto_off
MAC statistics from interface GigabitEthernet0/0
   Interface function = Sensing interface
   Description = Connected to Attacker Switch
   Media Type = TX
   Default Vlan = 0
   Inline Mode = Paired with interface GigabitEthernet0/1
   Pair Status = Up
   Hardware Bypass Capable = No
   Hardware Bypass Paired = N/A
   Link Status = Up
   Admin Enabled Status = Enabled
   Link Speed = Auto_100
   Link Duplex = Auto_Full
   Missed Packet Percentage = 0
   Total Packets Received = 4095925
   Total Bytes Received = 298897396
   Total Multicast Packets Received = 3431616
   Total Broadcast Packets Received = 0
   Total Jumbo Packets Received = 0
   Total Undersize Packets Received = 0
   Total Receive Errors = 0
   Total Receive FIFO Overruns = 0
   Total Packets Transmitted = 664379
   Total Bytes Transmitted = 42520256
   Total Multicast Packets Transmitted = 0
   Total Broadcast Packets Transmitted = 0
   Total Jumbo Packets Transmitted = 0
   Total Undersize Packets Transmitted = 0
   Total Transmit Errors = 0
Best Regards,
Justin

IDSM-2 login issue

Dear Friends,
we have IDSM-2 mod on 6509 chasis, till few days back we were able to ssh and login from switch to IDSM but from few days we are getting the below error.
Disconnected. no supported authentication methods available
(server sent: public key keyboard intercative)
Note: no configuration has been changed
Tried changing the ssh client (scrt, putty) still no luck.
Please advice.

syed musaib mujtaba,
By resetting the box gets fixed for while due cids service restarted and based in your issue seems to be a problem with that service. In this case I would suggest you is to freshly reimage the device or try latest soft 7.0(9)E4.
Path to get software:
Cisco.com
Downloads Home > Products > Cisco Interfaces and Modules > Services Modules > Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services Module >
Steps:
http://www.cisco.com/c/en/us/td/docs/security/ips/6-0/configuration/guide/cli/cliguide/cliImage.html#wp1031992
Johan,
Cisco TAC Support Engineer
Security/FW/IPS Team

TACACS and IDSM-2

Is it possible to configure an IDSM-2 module for tacacs authentication?

As far as I know, no IDS/IPS module/appliance/blade supports authenticaiton to any external server

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

Authentication - multiple domains with multiple accounts

Dear All,
Consider an environment where a user, Joe Bloggs, has an account on two Windows domains: DOMA and DOMB. DOMA is a domain that all users in the organisation are members of. DOMB is a domain used by a smaller subset of users. The user's
machine is part of the DOMB domain.
I'd like to deploy SharePoint 2013 on DOMA and have the user, logged on to their DOMB machine, seamlessly authenticate (through IWA) with SharePoint 2013.
So far, I've thought of the following solutions:
1. Build a trust between the two domains. Possible, but the AD information in DOMA is more up-to-date than that in DOMB and I'd like to use that to populate SharePoint user profiles. Also, DOMB is likely to be deprecated in the future.
2. Use WorkPlace Join. Unfortunately, devices are running Windows 7 and WorkPlace Join only works for devices running Windows 8.
I've wondered whether it's possible to map two accounts on separate domains together so that a user on DOMB can effectively masquerade as their corresponding user on DOMA when authenticating with SharePoint, but haven't come across a way of doing this, yet.
Any ideas? Or, am I completely mad?!
Thanks in advance.

1) Is your only option for seamless logon with IWA. It is not possible to map accounts "together" so-to-speak. SharePoint stores a reference to the user's SID, which must match the user making the request.
An ADFS trust might be another option, although that increases your deployment footprint and complexity.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Error while authenticating a user

Dear all,
Hope you all are doing well.
Production issue :
When an user tries to login with his username and password. He is getting error message "INTERNAL ERROR OCCURED".
And the standard RFC which i'm using for authenticating user is SUSR_LOGIN_CHECK_RFC
CALL FUNCTION 'SUSR_LOGIN_CHECK_RFC'
EXPORTING
       bname                                 = ip_empid
       password                             = ip_password
EXCEPTIONS
       wait                                     = 1
       user_locked                          = 2
       user_not_active                    = 3
       password_expired                 = 4
       wrong_password                   = 5
       no_check_for_this_user         = 6
       password_attempts_limited    = 7
       internal_error                         = 8
OTHERS                                    = 9.
I want to know what is the meaning of this internal error ? something is going wrong with the standard RFC which I am referring to ? Some one please help me out..
Thanks in advance.

Hi Syed,
Really need more of a context to your problem.
1. You've posted in the SSO forum. A SSO problem or a normal SAPGUI logon problem ?
2. You say .... "And the standard RFC which i'm using for authenticating user is SUSR_LOGIN_CHECK_RFC" .... Meaning what ??? you are using a home developed solution ?
3. Problem affects one user or all users ?
4. Backend version and kernel pl level please.
Cheers,
Amerjit

Authenticating test applcation in OAM is not working

Hello OAM experts, can you please help to figure out why my test application is not getting authenticated by OAM.
I have installed IDM for fusion application and SSO login is working for all admin consoles such as WLS, EM, OAM, OIM. I have deployed test application to OAM server itself to test the authentication of protected resources.
Host identifier is already there which was create while configuring my IDM for fusion applications. I created new application domain , created resource for /text/*, created authentication policy and used LDAPScheme for authentication, created authorization policy and defined constraints by adding a group OAMAdministrators ( just for testing purpose). I also added response in the authentication policy.
Then I have configured admin.conf of OHS server to redirect http://webhost1:7777/test to oam server host and port. It is getting redicted but not to the SSO login page. The URL still shows http://webhost1:7777/test and executes the test page and displays test application. It should have been redirected to SSO login page though OAM.
At this stage I have no clue what did I miss. As I said, when I login to wls console, it gets redicted to SSO login through OAM login page and then while accessing OIM, it directly takes me to OIM application since the user has privileges and also OAM page without logging in again.
But why my test application is not redirected to OAM authentication page ?
Any help is grately appreciated.
thanks
Edited by: Jyothi on May 3, 2012 3:25 AM

Hi, I am having the same issue. I am new to all this OAM stuff. I am using OAM 11g with a 11g Webgate configured. When I try to access the OAM Console the SSO setup does work and kicks-in and redirects me to the OAM server's integrated login page. But my test application that lives on an app server installed on a separate machine is never challenged for their credentials. As the documentation says I have CLIENT-CERT defined as the auth-method in my login-config inside my applications web.xml file.
I think I am not using the right providers. What I want is Identity Assertion and also OAM authentication (if Identity Assertion fails Authentication should kick-in and redirect to challenge login page). So I have an OAMIdentityAsserter and an OAMAUthenticator set-up in addition to the Default Weblogic Identity Asserter and Default Weblogic Authenticator.
I have tried everything but, the login redirect never happens. If I use the DefaultAuthenticator along with OAMAuthenticator (no OAMIdentityAsserter) and define BASIC in my login-config in web.xml then the Default Weblogic Authenticator pops up a dialog box which does let me enter credentials and when I do it does make the trip to the OAM server and works flawlessly. But I don't want basic authentication and I don't want a dialogue box to pop-up. I want the OAM server to redirect me to it's built-in login page just like it does for the OAMConsole itself which is being protected by the out of the box 10g IAMSuiteAgent Webgate. Which, as you know, comes pre-installed.
Please let me know your configuration and the providers you have set up and how you were able to make the OAM server challenge you for credentials when trying to access a protected resource/application.
Thank You.

Web Authentication on HTTP Instead of HTTPS in WLC 5700 and WS-C3650-48PD (IOS XE)

Hello,
I have configured a Guest SSID with web authentication (captive portal).
wlan XXXXXXX 2 Guest
aaa-override
client vlan YYYYYYYYY
no exclusionlist
ip access-group ACL-Usuarios-WIFI
ip flow monitor wireless-avc-basic input
ip flow monitor wireless-avc-basic output
mobility anchor 10.181.8.219
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth parameter-map global
session-timeout 65535
no shutdown
The configuration of webauth parameter map is :
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
parameter-map type webauth global
type webauth
virtual-ip ipv4 1.1.1.1
redirect on-success http://www.google.es
I need to login on web authentication on HTTP instead of HTTPS.
If I login on HTTP, I will not receive certificate alerts that prevent the users connections.
I saw how to configure it with 7.x relesae but I have IOS XE Version 03.03.05SE and I don´t know how to configure it.
Web Authentication on HTTP Instead of HTTPS
You can login on web authentication on HTTP instead of HTTPS. If you login on HTTP, you do not receive certificate alerts.
For earlier than WLC Release 7.2 code, you must disable HTTPS management of the WLC and leave HTTP management. However, this only allows the web management of the WLC over HTTP.
For WLC Release 7.2 code, use the config network web-auth secureweb disable command to disable. This only disables HTTPS for the web authentication and not the management. Note that this requires a reboot of the controller !
On WLC Release 7.3 and later code, you can enable/disable HTTPS for WebAuth only via GUI and CLI.
Can anyone tell me how to configure web authentication on HTTP instead of HTTPS with IOS XE?
Thanks in advance.
Regards.

The documentation doesn't provide very clear direction, does it?
To download the WLC's default webauth page, browse to the controller's Security > Web Login Page. Make sure the web authentication type is Internal (Default). Hit the Preview button. Then use your browser's File > Save As... menu item to save the HTML into a file. Edit this to your liking and bundle it and any graphics images up into a TAR archive, then upload via the controller's COMMAND page.

Intermittent AD Authentication failures in ISE 1.2

Starting today I was getting intermittent authentication failures in ISE. It would say that the user was not found in the selected identity store. The account is there though. At one point I ran a authetication test from the external identity source menu and I got a failure and then the next time a pass. I have no idea why this is happening. I just updated to ISE 1.2 the other day. I'm also seeing what looks like a high level of latency on both of my PSN's. Is this normal? Any ideas?
Thanks
Jef

Interesting. I have one location that is not having this problem at all. The other is having it somewhat frequently. The PSN's for each location are tied to the local AD servers. I have not had this until we started getting 300-380 PC's connecting. We are a school so we are slowly getting started. It's real random. One user will work then another time they won't. Happens with admin and user. I have notices that with this new version of ISE it is complaining that it is getting accounting updates from the NAS too often, but I have not looked into this because I just installed 1.2 about 3-4 days ago and haven't had time to look into it.
When you say Multicast to you AD...how did you check that? We do use multicast.

Authentication Combination in ISE 1.2

Is it possible to have dual authentication using workstations auth certs and Windows domain credentials for authentication in ISE 1.2?

Hi Kevin,
This would be a client side configuration.
What type of authentication is this?
VPN? wired or wireless dot1x?
**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**
Please Rate if helpful.
Regards
Ed

ISE 1.2 Authentication fails for 2nd AD domain with the forest trust relation

We are running cisco ISE 1.2, we have new AD domain with forest trust relation between both the new and the old. authentication to with the new domain fails.
Is there any requirements or configurations change needs to be done to make it success?

Use the license that is currently on your ISE. If your account has access to download the software, then you are good. The license will not change during the upgrade. If you are using ISE 1.2 Patch 8 or above, then you are using the same Base/Plus?Apex Licensing model.
If you are not yet on Patch 8, the you are using Base/Advanced and these will be converted during the upgrade.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton

Can we add new logical system in Entitlement tab in SAP Authentication.

Hi ,
We already Installed and configured sap integration kit and every thing works fine. My question is as of now we connected our sap BW Dev system to BOBJ but we would like to connect to BW Prod System to same BOBJ System. What are the steps we need to follow to do this.
Can we just add the new logical system in entitlement tab of sap authentication in BOBJ 3.1? and import the roles and login to BOBJ USING THE Newly added SYSTEM Credentials. Thanks in Advance.
Thanks,
SK.

Hi Ingo,
Thanks for the information.
Are there any specific steps you need to follow when you are adding one more system to sap authentication. can you please give the steps we need to follow to setup this in right way. Thanks in advance.
Is there any thing we need to configure on sap side other than sap logon ticket parametre. If you can please provide the steps it will be great. Thankyou very much In advance.
Thanks,
SK.
Edited by: Vallabhaneni SK on Jul 14, 2009 8:53 AM

Authentication on an IDSM-2?

Similar Messages

Maybe you are looking for