Basic Administration Radius configuration on the PIX using 6.2

Similar Messages

• Hotmail Security, the default configuration through the wizard uses SSL?

  I was wondering if there is a way to check the server settings used by the default wizard when you add an hotmail account to your device (iPad , iPhone or others). The main concern is if it uses actually the SSL encryption or not. I think so and I hope so but I'm not sure 100%. If you go to check it there's not an advanced tab under Mail/Account/nameofaccount/ so you can't see that. Thanks to everyone!

  Should this be a security concern that I am using the
  default keystore that comes with the JVM. Is my data
  still be encrypted?When you say, "default keystore", I assume that you mean the "cacerts" file. If so, you're OK. "cacerts" identifies root CAs that your client is willing to trust. Web sites whose site-certs are signed by one of the root CA in cacerts (i.e., Verisign, Thawte, et. al.) will be trusted by JSSE.
  SSL generates shared-keys anew for each new session. The data used to generate this "shared secret" is protected; unless the Bad Boy between you and the server has access to the SERVER's private key, that info is safe. Your data is encrypted over the wire, and only the destination web-server will be able to decrypt it.
  Grant

• Problem in Configuring Dynamic VPN in the pix

  Hi All,
  I am having a problem in configuring a dynamic VPN in my pix which has the 7.2 version of ios but i am able to work with same configuration in the pix whch has 6.3 version i just want a user from outside my network using the vpn client access the resource inside my network below is my configuration is it ok are should i need to do anything more? please advice me.
  ip local pool vpnpool1 192.168.170.1-192.168.170.254
  crypto dynamic-map map2 20 set transform-set guatemala1
  crypto map map1 20 ipsec-isakmp dynamic map2
  crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption aes-256
  isakmp policy 20 hash sha
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup Guatemalavpn address-pool vpnpool1
  vpngroup Guatemalavpn split-tunnel inside_nat0_outbound
  vpngroup Guatemalavpn idle-time 36000
  vpngroup Guatemalavpn password xxxxxxx
  access-list outside_acl permit tcp 192.168.170.0 255.255.255.0 172.19.10.0 255.255.255.0
  route outside 192.168.170.0 255.255.255.0 200.30.222.65
  access-list inside_nat0_outbound extended permit ip any 192.168.170.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  access-list 102 permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  nat (inside) 0 access-list inside_nat0_outbound

  Try it and tell me if works:
  ip local pool vpnpool1 192.168.170.1-192.168.170.254
  access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  access-list acl-inside extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
  access-group acl-inside in interface inside
  nat (inside) 0 access-list inside_nat0_outbound
  group-policy Guatemalavpn internal
  group-policy Guatemalavpn attributes
  wins-server value xx.xx.xx.xx
  dns-server value xx.xx.xx.xx
  default-domain value mydomain.com
  crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
  crypto dynamic-map map2 20 set transform-set guatemala1
  crypto map map1 20 ipsec-isakmp dynamic map2
  crypto map map1 interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption aes-256
  isakmp policy 20 hash sha
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  tunnel-group Guatemalavpn type ipsec-ra
  tunnel-group Guatemalavpn general-attributes
  address-pool vpnpool1
  default-group-policy Guatemalavpn
  tunnel-group Guatemalavpn ipsec-attributes
  pre-shared-key *
  route outside 192.168.170.0 255.255.255.0 200.30.222.65

• NFS protocol across the Pix firewall

  I have a Pix 515E running PixOS version 8.0.4 with two interfaces, inside and outside.
  On the inside interface, I have a Redhat Enterprise Linux 5.4 64 bits machine as an NFS server version 4 (NFSv4).
  On the outside interface, I have three (3) Redhat Enterprise Linux 5.4 64 bits as NFS clients.
  I have the following configuration on the Pix:
  static (inside,outside) 192.168.1.1 4.2.2.2 netmask 255.255.255.255
  access-list external permit icmp any any log
  access-group external in interface outside
  At the moment, none of the Linux client machines can mount a share on the NFS server because
  my ACL is too restrictive.  I would like to be able to open the firewall so that Linux client
  machines can mount the NFS server using NFS over UDP or NFS over TCP.
  I am looking for the exact UDP and TCP ports to be added to the ACL in order to accomplish
  this, from someone who have done this before.
  Anyone know how to do this?
  Thanks,

  I think I just answer my own post.  Just need to add about three lines to the configuration:
  access-list external permit tcp any host 4.2.2.2 eq 111 log
  access-list external permit udp any host 4.2.2.2 eq 111 log
  fixup protocol sunrpc 111
  Now I can mount the NFS server from my linux machines

• I purchased a 3TB Airport Time Capsule After 8 hours been able to configure the box using Ethernet connection but now I want to move my current backups and it wants authentication but no box is available to provide my administrator name can anyone help ?

  I purchased a 3TB Airport Time Capsule to use with my Mac running latest Maverics. After 8 hours been able to configure the box using Ethernet connection but now I want to move my current backups from my small driveand it wants authentication but no box is available to provide my administrator name can anyone help ?

  I overcame the permissions by allowing both paths to have read and write access to anyone but that didnt solve it until I copied it into the DATA directory which I created on the Airport Time Capsule.
  I had already discovered the TIME MACHINE How to transfer backups but I am struggling still with the item and cannot currently get it to work. My setup seems to have created a wireless link to my router which is what I wanted and in that set up there are three options. I have simply gone for the extension of my network. I ignored the other option there which I cannot remember something like DNS? That may be the problem becasuse when I remove the Ethernet connector it just doesnt go anywhere.
  I have also found I cannot update my TIME MACHINE software (currently 1.3) as although Apple tell me I should be able to set backups hourly daily or weekly I have only ever been able to run it hourly when i would prefer longer intervals so thought an update might be necssary.
  Also tried to get an update for my Airport Utility (Currently 6.3.2 but cannot find one even though I have read there might be one available and again this might be the problem.
  Have reset the Time Capsule now about a dozen times.
  Following the instructions and trying to copy my existing backup it suggests you need to copy it to the root directory but that is when I get some sort of security issue and I found I could only get it to accept if I dragged my .backupdb to the DATA directory on the Time Capsule. I dont even know if I do this it will work when I come to use it.
  I therefore found your reply of no more help than i had discovered but I hope you return to read this note because I really do need some help.
  I am intending starting again in the next couple of days and fully documenting what I do and what I see and then as I suspect it will be no different and I will then seek an appointment at the Apple Store in Trafford Centre and if that proves unsuccessful then I still have time to return and become a dissatisfied customer with Apple for the first time in a long experience with Apple. I have noticed frightening notes on the conversations which point to problems of Mavericks working with Airport Time Machine!! So in the end it might not be me doing anything wrong. Unfortunately you do feel left out in the dark sometimes that is why I hope you can respond with a solution?

• Farm Remote App 2012 R : Your system administrator does not allow the use of default credentials to log on to Work Resources

  Hi
  Here is the situation:
  I have a Farm with 3 servers W2012R2 in a Domain
  Server1                           Server 2                                  
  Server3
  RDSession Host            RDSession Host                            
  RDSession Host
  Connection Broker        Connection Broker (Passive)
  RD Web Access
  2 DNS Alias : - poc.mydomain.local (Use for the RD Web Access and points to Server1
                      -poccb.mydomain.local (Use for the Connection Broker and points to Server1)
  I have setup the Connection broker in HA with Server2 as Passive Server : DNS Round Robin poccb.mydomain.local (Server1)
  The certificate Manager has generated 2 CA certificates :
  - 1 for the RD Web Acc (poc.mydomain.local
  -1 for Connection Broker SSO and for publishing
  I have created 1 Group Policy for these 3 servers and 1 GP for my client Windows 7 SP1.
  Server GPO :
  Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
  Always prompt for password upon connection=Disabled
  Require use of specific security layer for remote (RDP) connections : SSL (TLS 1.0)
  Set client connection encryption level : High Level
  Client GPO
  Computer/Administrative Templates/System/Credentials Delegation = Allow delegating default credentials (Concatenate OS defaults with input above)
  TERMSRV/POCCB.mydomain.local
  I use no Gateway and in my collection,I have activated SSL (Like in my Server GPO)
  I have now problem with SSO.
  Connection with remote desktop client with server name = poccb.mydomain.local
  Your system administrator does not allow you the use of default credentials to log on to the remote computer poccb.mydomain.local because its identity is not fully verified
  If in my client GPO I add the physical name of the 3 servers, it works :
  TERMSRV/Server1
  TERMSRV/Server2
  TERMSRV/Server3
  Open RDP Files with server name = poccb.mydomain.local
  if my connection broker connects me on Server1 , no problem
  But If I arrive on Server2 & Server 3=
  Your system administrator does not allow the use of default credentials to log on to Work Resources
  I have searched on internet. No result for " to log on to Work Resources"
  Any idea ? Thanks for your help

  Hi,
  Thank you for posting in Windows Server Forum.
  Firstly check that, your user is using domain\username to enter the credential in the dialog box.
  Now for a try, you can edit .rdp file with notepad and just place “enablecredsspsupport:i:0” line in it, save it an launch to check whether you are facing same issue.
  As you are using windows 7 then upgrade to RDP 8.1. Also as you have already enter the FQDN name of server under “Allow delegating default credentials”. For a try please enable and configure for all the remaining settings as follow and check the result.
  Start / Run / gpedit.msc / Computer Configuration / Administrative Templates / System / Credentials Delegation, and make sure you have the following four options enabled and configured:
  Allow Delegating Default Credentials with NTLM-only Server Authentication
  Allow Delegating Default Credentials
  Allow Delegating Saved Credentials
  Allow Delegating Saved Credentials with NTLM-only Server Authentication
  Finally, open a command prompt and use “gpupdate /force” command to apply the policy directly.
  More information:
  Remote desktop credentials did not work
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• I am trying to install the OS Mavericks upgrade on my MAC and it requests for me to enter an administrator password. I do not use an an administrator password on the machine. Any ideas how to resolve this?

  I am trying to install the OS Mavericks upgrade on my MAC and it requests for me to enter an administrator password. I do not use an an administrator password on the machine. Any ideas how to resolve this?

  If you bought the machine new yourself, and did not enter a password when configuring it, leave the field blank.
  If you bought it used, then you need to reset the password, as described here:
  Apple Article to reset the password

• Use case of FQDN parameter in CPPM -- Administration -- Server Configuration

  Q: What is the difference between 'FQDN' & 'Hostname' parameter available in the ClearPass Server configuration?
  A: The FQDN parameter is primarily used for SSO functionality with any external IDP servers. We can configure the VIP hostname of a ClearPass cluster to be the FQDN.
   'Hostname' parameter in the Administration --> Server Configuration, does not need to be an FQDN. We can specify any user defined names. If we need to join the ClearPass cluster members to the same Active directory domain, then hostname should be different. Otherwise, it will create duplicate computer/machine accounts for ClearPass Server in the Domain Controller and may lead to PEAP-EAP-MSCHAPv2 authentication issues/failures for the clients against Active Directory.

  You could use regular expressions to try to strip the "+" from your form variables but wouldn't it be easier to just have the select field display +5 and then just pass "5"  and not use the plus character in your database or in your passed variables?  Special characters in your passed variables is always a potential headache.
  Lawrence   *Adobe Community Expert*
  www.Cartweaver.com
  Complete Shopping Cart Application for
  Dreamweaver, available in ASP, PHP and CF
  www.twitter.com/LawrenceCramer

• Destination disabled. []: [CrystalEnterprise.Ftp]. Please note the name of the job server used for your request and contact your system administrator to make sure the specified destination is enabled. (FWB 00031)

  Hi
  In BO 4.0 SP 9 when a administrator tries to schedule a report via CMC there is no error
  But when a user schedules a report and the destination is FTP location -> Use default settings he gets following error
  Destination disabled. []: [CrystalEnterprise.Ftp]. Please note the name of the job server used for your request and contact your system administrator to make sure the specified destination is enabled. (FWB 00031)
  There is only one Job Server and the destinations are enabled in it
  There is no Job server for Crystal Reports Job Server
  Do i need to create it and how.

  Please check if you have proper rights to schedule to FTP. You can create a new job server, whenever you schedule it, there are multiple job servers, it will handle based on the load. But it is not mandatory, depends on the load.

• How do I configure snow leopard server to allow local client to access the server using its public domain name

  I have SLS 10.6 running on my local network with DNS configured.
  I can access the server from a client on the lan using server.local or server.domain  where domain name is my publically registered domain,
  From the internet I can access my server using the registered domain name i.e. www.domain.com. 
  Is it possible to set my server up so that www.domain.com  also reaches the server when used by a client locally?   At present I get a page not found error.

  The configuration you're aiming for is called split-horizon or split-brain DNS, and it's quite possible.  It can get slightly hairy when you have different stuff using the same host name for different purposes, for instance, and you'll need to track all external DNS entries in your internal DNS server when you're running "split". 
  Here is how to set up DNS services.   Split-horizon is one of the options listed there.
  My preference is to use a different domain or subdomain within the network, and to avoid using split-horizon where I can reasonably manage it.  One domain name is configured for and reachable outside and is effectively public, and the other domain (or a subdomain) is inside and private and only reachable directly or via VPN, for instance.

• [svn] 3519: Fix typo in error string for situations where there are advanced messaging configuration settings from LCDS used in the configuration files but no AdvancedMessagingSupport service .

  Revision: 3519
  Author: [email protected]
  Date: 2008-10-08 04:17:40 -0700 (Wed, 08 Oct 2008)
  Log Message:
  Fix typo in error string for situations where there are advanced messaging configuration settings from LCDS used in the configuration files but no AdvancedMessagingSupport service. The error string said that there was no flex.messaging.services.AdvancedMessagingService registered but it is the flex.messaging.services.AdvancedMessagingSupport service that needs to be registered.
  Add configuration test that starts the server with a destination that has the reliable property set which is an advanced messaging feature but there is no AdvancedMessagingSupport service registered.
  Modified Paths:
  blazeds/trunk/modules/common/src/flex/messaging/errors.properties
  Added Paths:
  blazeds/trunk/qa/apps/qa-regress/testsuites/config/tests/messagingService/ReliableDestina tionWithNoAdvancedMessagingSupport/
  blazeds/trunk/qa/apps/qa-regress/testsuites/config/tests/messagingService/ReliableDestina tionWithNoAdvancedMessagingSupport/error.txt
  blazeds/trunk/qa/apps/qa-regress/testsuites/config/tests/messagingService/ReliableDestina tionWithNoAdvancedMessagingSupport/services-config.xml

  Hi,
  Unfortunately I already tried all kinds of re-installs (the full list is in my original message). The only one remaining is the reinstall of Windows 8 itself, which I would really like to avoid.
  What I find really strange is the time it takes for the above error message to appear. It's like one hour or even more (never measured exactly, I left the computer running).
  What kind of a timeout is that? I would expect that, if ports are really used by some other application, I get the message in less than a minute (seconds, actually). To me this looks like the emulator itself for some reason believes there's a problem with
  some port while in reality there isn't.
  I'll eventually contact Microsoft Support, thanks for the suggestion.
  ▼
  ▲

• Anyone succesfully configured a LinkSys WRT54G using a G5 tower for the IPh

  Hi,
  Anyone succesfully configured a LinkSys WRT54G using a G5 tower for the IPhone?
  If so please, could you give megive me the router configurations?
  As my wi-fi network won't even showup on IPhone.
  Thanx
  SvK

  I have that same router and the iPhone found it with no prolblem..
  I wish I could be mroe of a help try accessing your routers settings.

• If iPad mini has the basic iPad 2 hardware, why can't use Siri on iPad 2?

  If iPad mini has the basic iPad 2 hardware, why can't use Siri on iPad 2?

  Wrong on all counts. Well except for the A5 post.
  The 3rd Generation iPad and iPhone 4s both have an Audience chipset for noise suppression/voice recognition that the iPad 2 et. al. do not have. The iPhone 5, 5th Generation iPod Touch, 4th Generation iPad and iPad Mini are using a different type of hardware based noise suppression/voice recognition that is an improvement over the Audience chipset (hope you didn't have Audience stock).

• How can I configure Mac Mail to use the correct SMTP server?

  I have successfully set up Mac Mail to use a new e-mail account. Inbound and outbound mail is working just fine. However, I am seeing something odd when I create a new message or reply to an existing message. The outbound account that shows is not that which has been configured for the account. I can manually select the correct outbound account.
  What are my troubleshooting steps?

  One of the first things to check in Mail Preferences, Composing:

• Is it possible to delete message in the server using Mail configured using IMAP?

  Is it possible to delete message in the server using Mail configured using IMAP?
  Currently when I delete the message in Mail, the server still keep a copy of it, which means it is not deleted on the server. I know that POP can do this but I still want the option of being able to access it from other computers.
  My server has only a small size, so I hope that I can just delete it from my Mail instead of having to log in to the server and delete it again.
  Thank you.

  yxchng wrote:
  Is it possible to delete message in the server using Mail configured using IMAP?
  Yes, but doing so will remove it from everything else.