Checkpoint SecureRemote and Clean Access solution

Similar Messages

• Windows 7 and Clean Access

  Since Microsoft is saying that Windows 7 will be out for the Holiday season, I'm wondering when Cisco will have Clean Access ready to fully support Windows 7.
  We will end up with lots of students coming back to campus with brand new computers running Windows 7 and expecting them to work.
  Has anyone heard anything about Clean Access support for Windows 7?

  Yes, I know it doesn't support it (yet), but I wanted to get the discussion started now.
  I haven't heard anything from Cisco regarding Clean Access and Windows 7 and I really don't want students/users showing up after the holiday season with Windows 7 computers that "don't work because Clean Access doesn't support Windows 7, yet". That's my fear anyway...
  Mike

• Trouble with Leopard and Clean Access Agent

  I just got Leopard yesterday. I loaded it to my computer and all went well. Except when I tried to get on the internet (on my college campus that requires Cisco Clean Access) it wouldn't let me. I realize this is a third party software problem, but I was wondering if anyone else is dealing with this and had found a way around it.

  its the same situation at my school (OSWEGO STATE), after a long heated discussion with the CTS department i still had no answer.
  however this morning i was notified that Cisco is in no rush to update and may, if we're lucky update by the end of November.
  i've decided to try and run a cable modem through my TV service, my CTS on campus has just screwed over Mac users for the past few years, and they have no motivation to stop and help us out.

• NAC FRAMEWORK and Clean Access

  could anyone please tell me whether cisco supports both of these now

  Yes it supports these.
  http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps8788/prod_qas0900aecd806bfe39_ps6128_Products_Q_and_A_Item.html

• Clean Access License issue

  Hello,
  I'm implementing a Cisco clean access solution (Out-of-band VG).I've entred the license in the CAM after getting it from Cisco by entering the PAK number.
  the problem is that I don't see the Switch management Tab in the menu, also when I want to add a CAS server there is no way to specify the Out-of-band option, there is only Inband and VG.
  the problem is reselved temporarely by entering a 30 days license.
  Is it a license problem?
  how can I resolve this issue?
  thanks/.

  The switch management will show when you add a CAS license for OOB to your CAM. Without a CAS license the switch management tabs don't get displayed.
  You should have a separate PAK that came with the CAS. Use that PAK and the eth0 MAC address of your manager (NOT your server) to get the CAS license, upload that to your CAM and it should work fine.

• Open Text Invoice Management and Document Access

  Our client wants to implement/integrate the open text management in SAP ERP for a procure to pay project for AP. Can someone suggest a training course to learn about this integration?
  Please explain how the open text works with SAP and any good documentation would help.

  OpenText offers several courses on the Invoice Management, Invoice Capture Center and Document Access Solutions. Information on the schedule and location for the courses for these and other SAP Solutions is available on the OpenText web site:
  Business Users
  251 Vendor Invoice Management (VIM) for SAP®  Business Users
  Administrators
  250 Vendor Invoice Management (VIM) for SAP® Solutions Consultant Bootcamp
  252 Vendor Invoice Management (VIM) for SAP® System Administration
  261 OpenText Invoice Capture Center (ICC) Consultant Bootcamp
  760 Document Archiving for SAP® Solutions: Customizing SAP ArchiveLink
  764 Data Archiving for SAP® Solutions: Customizing
  766 SAP® Workflow Customizing
  768 Archiving for SAP® Solutions: Consulting
  769 SAP® Archiving Bootcamp Training Program
  769 SAP® Archiving Bootcamp Training Program - Virtual - Part 1
  769 SAP® Archiving Bootcamp Training Program - Virtual - Part 2
  770 DocuLink for SAP® Solutions: Customizing
  777 OpenText Extended ECM for SAP® Solutions
  778 OpenText EFM for SAP®  Solutions u2013 Consultant Bootcamp
  Documentation is available in the OpenText Knowledge Center (Registration required):
  Vendor Invoice Management 5.2
  Invoice Capture Center 5.2 SP5
  Archiving and Document Access 9.8
  OpenText also offers a Supplier Information Management Solution that your client may find interesting.

• Mac OS X Leopard Fails with Clean Access Agent

  Hey All,
  I've had several students in my office saying that Leopard and Clean Access don't work together. I haven't seen a specific error, yet, but was wondering if anyone else is seeing this problem...?
  I'm using the 4.1.2.0 agent for Macs.
  Mike

  I am at Cal Poly SLO and we have this error "Agent user operating system is not supported" Part of our system has been changed back to allowing Mac users to Authenticate using the web browser instead of the agent. That should work until cisco updates the agent

• 802.1x (DOT1x) and Cisco Clean Access 3140

  Hi,
  We have about 300 remote sites and would like to implement an authentication mechanism to authenticate end-devices (Windows PCs) before allowing access to the network. We thought we could implement DOT1x on our Cisco 2960, 3750 and 4500 series switches and send the "PC-switch" access requests to our centrally located Cisco Clean Access 3140 NAC servers -back at the HQ sites. We understand the NAC servers will be used to authenticate (among other things) the end-users workstations to ensure each workstation is a company owned PC and all  the security parameters are installed and up today. -RIGHT?
  Can the Cisco Clean Access 3140 server perform the Authentication security checks from the 802.1x (DOT1x) enabled switches?
  Does the Cisco Clean Access 3140 server have to be inline (on the users subnet) and/or be centrally located?
  Is the Cisco Clean Access 3140 still usable?
  Thanks
  Frank

  unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
  I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
  Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
  What are using for a radius server?

• Cisco Clean Access (CCA) Agent and iPod Touch

  Has anyone had any success in connecting an ipod to this type of wireless network?
  In looking the post, I see there has been a problem with macs and CCA. Since I know nothing about CCA is this something that even works with and ipod?
  The college, where my son attends, sent him this reply: Unfortunately, we are not able to get any iPods connected on campus at this time due to limitations of the iPod software. However, we are working on resolving this problem with the company that provided our Cisco Clean Access system and will keep students informed as a solution is reached.
  Thanks for your input.

  The college where my boy goes has a person on in the IT department who supports Apple equipment. You need to find the IT person at your school who supports Macs. That will help a bunch.
  I spoke with him about the problem, and in their case, the company that implemented CCA was going to fix the problem. I did send him the file from the link, iPhone Enterprise Deployment Guide, on the page you looked over. Go to that page again, click on "iPhone Enterprise Deployment Guide" then on "iPhone OS - Enterprise Deployment Guide" That should download a PDF which has information on how they can setup for iPhones so it should work for iPhone. A few weeks later it was working again.
  I know nothing about how to do it, but from looking though the doc, if memory serves me, it wouldn't be that hard for the tech person who works with it everyday.
  Hope this helps.

• Plse...help me on the communicating between CLEAN ACCESS MANAGER and Switch 3560E-24Ps by snmp

  Dear All,
  I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). Plse give me any suggestion to solve that problem. All configuration is as below:

  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/412_cam_book.html

• Clean access rules and Windows service pack 3

  I am having a small issue with our Clean Access Manager blocking any Windows XP computer that has service pack 3 installed. The main failure it is giving in the reports is this
  Failed Checks:
  pc_Windows-XP-SP2, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 2]
  pc_Windows-XP-SP1, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]
  The key that is there when sp3 is installed is this:
  \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 3
  I have verified that pc_Windows-XP-SP1 and pc_Windows-XP-SP2 are there as well as created a check for service pack 3 eric_pc_Windows-XP-SP3 and added the check to the rules governing windows updates for XP pro/home and windows media edition. But for some reason they are not taking effect. The CAM is running version 4.1.3.1 and the the CAA is version 4.1.3.2. Any assistance would be greatly appreciated.
  Thank you,
  Eric

  Here is the configuration guide for the Clean Access Manager which will help you :
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_instal.html

• Clean Access and Windows 2003 Server

  I am trying to install the Clean Access Client on a VM running Windows 2003 Server. When I connect to our customer's network the VPN client appears to connect properly and I see the Clean Access window. Then it all seems to fall over. My customer tells me I should see a blue window with a red OK button on it but I never see it. As a result I never get completely into the network. Is this because I am running this on Windows 2003 Server or should I be looking at something else? Can this run in a Virtual Environment and on 2003 Server?

  I work it out partially by myself:
  1)
  (excuse me, I meant "kinit and Krb5LoginModule" not "kinit and kinit.exe").
  Krb5LoginModule seems to work now (with TCP). The output is:
  KRBError:sTime is Tue Jun 01 17:13:51 CEST 2004 1086102831000
  suSec is 945761
  error code is 52
  error Message is Response too big for UDP, retry with TCP
  realm is SSOTEST.RTC.CH
  sname is krbtgt/SSOTEST.RTC.CH
  KrbKdcReq send: kdc=rtcnt978.ssotest.rtc.ch TCP:88, timeout=30000, number of retries =3, #bytes=232
  DEBUG: TCPClient reading 1496 bytes
  KrbKdcReq send: #bytes read=1496
  KrbKdcReq send: #bytes read=1496
  EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
  KrbAsRep cons in KrbAsReq.getReply sso_testuserCommit Succeeded
  Which is what I want (it tries first with UDP, then the KDC says the TGT is too big for UDP and the client tries again with TCP)
  2)
  I still have the error :-(

• Confusion on Cisco clean access and Cisco NAC

  Dear Pros,
  I still confuse with the name mismatch as above. Please any one give me the correct NAC part number for both server and manager
  swamy

  Cisco Clean Access and NAC are the same.
  NAC is just the new naming.
  You can have NAC installed in two way, Framework or Appliance mode.
  I think Framework is not available anymore (I may be wrong).
  If you go with the appliance, you'll need a minimum of two. 1 for the CAM (Clean Access Manager) which manages the policies and 1 for the CAS (Clean Access Server) that is the "filter" between your authentication lan and your prod network.
  Dominic

• I am trying to change my password, but not remember the security questions and not access recovery email. Please give me a solution.Ana Maria Cappatto Simoes/ F. 11.50414433

  I am trying to change my password, but not remember the security questions and not access recovery email. Please give me a solution.Ana Maria Cappatto Simoes/ F. 11.50414433

  Welcome to the Apple Community.
      1.    Start here (change country if necessary) and navigate to 'Password and Security', reset your security questions using the link provided, you will receive an email to your rescue address, use the link in the email and reset your security questions.
      2.    If that doesn't help, you don't receive a reset email or you don't have a rescue address, you should contact AppleCare who will initially try to assist you with a reset email or if unsuccessful will pass you to the security team to reset your security questions for you.
      3.    If you are in a region that doesn't have international telephone support try contacting Apple through iTunes Store Support.

• Problem with Clean Access Agent and Windows Updater

  I have a problem with a laptop when using Cisco Clean Access Agent. The agent keeps directing the laptop to get updates from the Windows Update site, but when I have connected the laptop via cable, windows updates tells me there are no updates either essential or optional. The laptop is a Sony VIVO VGN-FJ270 running XP Home Edition SP2 and the Clean Access Agent is version 4.0.2.1
  Any help is appreciated!!

  Verify the allowed hosts in CCA agent.
  Try these link:
  http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html
  http://www.cisco.com/en/US/products/ps6128/products_qanda_item09186a00803b7a81.shtml