Checkpoint SecureRemote and Clean Access solution
I am trying to implement the Clean Access solution (NAC In-Band Real-IP) with Checkpoint SecureRemote VPN clients and wondering whether it is possible to setup single-sign-on? If yes, can I use VPNSSO or do I need to configure ADSSO?
Thanks for your time and help.
Please open a TAC case for a timely response on code versions and matrix compatability. We did not use clean access in our PCI Solution for Retail so I do not have a reference for you.
Similar Messages
-
Since Microsoft is saying that Windows 7 will be out for the Holiday season, I'm wondering when Cisco will have Clean Access ready to fully support Windows 7.
We will end up with lots of students coming back to campus with brand new computers running Windows 7 and expecting them to work.
Has anyone heard anything about Clean Access support for Windows 7?Yes, I know it doesn't support it (yet), but I wanted to get the discussion started now.
I haven't heard anything from Cisco regarding Clean Access and Windows 7 and I really don't want students/users showing up after the holiday season with Windows 7 computers that "don't work because Clean Access doesn't support Windows 7, yet". That's my fear anyway...
Mike -
Trouble with Leopard and Clean Access Agent
I just got Leopard yesterday. I loaded it to my computer and all went well. Except when I tried to get on the internet (on my college campus that requires Cisco Clean Access) it wouldn't let me. I realize this is a third party software problem, but I was wondering if anyone else is dealing with this and had found a way around it.
its the same situation at my school (OSWEGO STATE), after a long heated discussion with the CTS department i still had no answer.
however this morning i was notified that Cisco is in no rush to update and may, if we're lucky update by the end of November.
i've decided to try and run a cable modem through my TV service, my CTS on campus has just screwed over Mac users for the past few years, and they have no motivation to stop and help us out. -
NAC FRAMEWORK and Clean Access
could anyone please tell me whether cisco supports both of these now
Yes it supports these.
http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps8788/prod_qas0900aecd806bfe39_ps6128_Products_Q_and_A_Item.html -
Hello,
I'm implementing a Cisco clean access solution (Out-of-band VG).I've entred the license in the CAM after getting it from Cisco by entering the PAK number.
the problem is that I don't see the Switch management Tab in the menu, also when I want to add a CAS server there is no way to specify the Out-of-band option, there is only Inband and VG.
the problem is reselved temporarely by entering a 30 days license.
Is it a license problem?
how can I resolve this issue?
thanks/.The switch management will show when you add a CAS license for OOB to your CAM. Without a CAS license the switch management tabs don't get displayed.
You should have a separate PAK that came with the CAS. Use that PAK and the eth0 MAC address of your manager (NOT your server) to get the CAS license, upload that to your CAM and it should work fine. -
Open Text Invoice Management and Document Access
Our client wants to implement/integrate the open text management in SAP ERP for a procure to pay project for AP. Can someone suggest a training course to learn about this integration?
Please explain how the open text works with SAP and any good documentation would help.OpenText offers several courses on the Invoice Management, Invoice Capture Center and Document Access Solutions. Information on the schedule and location for the courses for these and other SAP Solutions is available on the OpenText web site:
Business Users
251 Vendor Invoice Management (VIM) for SAP® Business Users
Administrators
250 Vendor Invoice Management (VIM) for SAP® Solutions Consultant Bootcamp
252 Vendor Invoice Management (VIM) for SAP® System Administration
261 OpenText Invoice Capture Center (ICC) Consultant Bootcamp
760 Document Archiving for SAP® Solutions: Customizing SAP ArchiveLink
764 Data Archiving for SAP® Solutions: Customizing
766 SAP® Workflow Customizing
768 Archiving for SAP® Solutions: Consulting
769 SAP® Archiving Bootcamp Training Program
769 SAP® Archiving Bootcamp Training Program - Virtual - Part 1
769 SAP® Archiving Bootcamp Training Program - Virtual - Part 2
770 DocuLink for SAP® Solutions: Customizing
777 OpenText Extended ECM for SAP® Solutions
778 OpenText EFM for SAP® Solutions u2013 Consultant Bootcamp
Documentation is available in the OpenText Knowledge Center (Registration required):
Vendor Invoice Management 5.2
Invoice Capture Center 5.2 SP5
Archiving and Document Access 9.8
OpenText also offers a Supplier Information Management Solution that your client may find interesting. -
Mac OS X Leopard Fails with Clean Access Agent
Hey All,
I've had several students in my office saying that Leopard and Clean Access don't work together. I haven't seen a specific error, yet, but was wondering if anyone else is seeing this problem...?
I'm using the 4.1.2.0 agent for Macs.
MikeI am at Cal Poly SLO and we have this error "Agent user operating system is not supported" Part of our system has been changed back to allowing Mac users to Authenticate using the web browser instead of the agent. That should work until cisco updates the agent
-
802.1x (DOT1x) and Cisco Clean Access 3140
Hi,
We have about 300 remote sites and would like to implement an authentication mechanism to authenticate end-devices (Windows PCs) before allowing access to the network. We thought we could implement DOT1x on our Cisco 2960, 3750 and 4500 series switches and send the "PC-switch" access requests to our centrally located Cisco Clean Access 3140 NAC servers -back at the HQ sites. We understand the NAC servers will be used to authenticate (among other things) the end-users workstations to ensure each workstation is a company owned PC and all the security parameters are installed and up today. -RIGHT?
Can the Cisco Clean Access 3140 server perform the Authentication security checks from the 802.1x (DOT1x) enabled switches?
Does the Cisco Clean Access 3140 server have to be inline (on the users subnet) and/or be centrally located?
Is the Cisco Clean Access 3140 still usable?
Thanks
Frankunfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
What are using for a radius server? -
Cisco Clean Access (CCA) Agent and iPod Touch
Has anyone had any success in connecting an ipod to this type of wireless network?
In looking the post, I see there has been a problem with macs and CCA. Since I know nothing about CCA is this something that even works with and ipod?
The college, where my son attends, sent him this reply: Unfortunately, we are not able to get any iPods connected on campus at this time due to limitations of the iPod software. However, we are working on resolving this problem with the company that provided our Cisco Clean Access system and will keep students informed as a solution is reached.
Thanks for your input.The college where my boy goes has a person on in the IT department who supports Apple equipment. You need to find the IT person at your school who supports Macs. That will help a bunch.
I spoke with him about the problem, and in their case, the company that implemented CCA was going to fix the problem. I did send him the file from the link, iPhone Enterprise Deployment Guide, on the page you looked over. Go to that page again, click on "iPhone Enterprise Deployment Guide" then on "iPhone OS - Enterprise Deployment Guide" That should download a PDF which has information on how they can setup for iPhones so it should work for iPhone. A few weeks later it was working again.
I know nothing about how to do it, but from looking though the doc, if memory serves me, it wouldn't be that hard for the tech person who works with it everyday.
Hope this helps. -
Dear All,
I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). Plse give me any suggestion to solve that problem. All configuration is as below:http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/412_cam_book.html
-
Clean access rules and Windows service pack 3
I am having a small issue with our Clean Access Manager blocking any Windows XP computer that has service pack 3 installed. The main failure it is giving in the reports is this
Failed Checks:
pc_Windows-XP-SP2, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 2]
pc_Windows-XP-SP1, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]
The key that is there when sp3 is installed is this:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 3
I have verified that pc_Windows-XP-SP1 and pc_Windows-XP-SP2 are there as well as created a check for service pack 3 eric_pc_Windows-XP-SP3 and added the check to the rules governing windows updates for XP pro/home and windows media edition. But for some reason they are not taking effect. The CAM is running version 4.1.3.1 and the the CAA is version 4.1.3.2. Any assistance would be greatly appreciated.
Thank you,
EricHere is the configuration guide for the Clean Access Manager which will help you :
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_instal.html -
Clean Access and Windows 2003 Server
I am trying to install the Clean Access Client on a VM running Windows 2003 Server. When I connect to our customer's network the VPN client appears to connect properly and I see the Clean Access window. Then it all seems to fall over. My customer tells me I should see a blue window with a red OK button on it but I never see it. As a result I never get completely into the network. Is this because I am running this on Windows 2003 Server or should I be looking at something else? Can this run in a Virtual Environment and on 2003 Server?
I work it out partially by myself:
1)
(excuse me, I meant "kinit and Krb5LoginModule" not "kinit and kinit.exe").
Krb5LoginModule seems to work now (with TCP). The output is:
KRBError:sTime is Tue Jun 01 17:13:51 CEST 2004 1086102831000
suSec is 945761
error code is 52
error Message is Response too big for UDP, retry with TCP
realm is SSOTEST.RTC.CH
sname is krbtgt/SSOTEST.RTC.CH
KrbKdcReq send: kdc=rtcnt978.ssotest.rtc.ch TCP:88, timeout=30000, number of retries =3, #bytes=232
DEBUG: TCPClient reading 1496 bytes
KrbKdcReq send: #bytes read=1496
KrbKdcReq send: #bytes read=1496
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsRep cons in KrbAsReq.getReply sso_testuserCommit Succeeded
Which is what I want (it tries first with UDP, then the KDC says the TGT is too big for UDP and the client tries again with TCP)
2)
I still have the error :-( -
Confusion on Cisco clean access and Cisco NAC
Dear Pros,
I still confuse with the name mismatch as above. Please any one give me the correct NAC part number for both server and manager
swamyCisco Clean Access and NAC are the same.
NAC is just the new naming.
You can have NAC installed in two way, Framework or Appliance mode.
I think Framework is not available anymore (I may be wrong).
If you go with the appliance, you'll need a minimum of two. 1 for the CAM (Clean Access Manager) which manages the policies and 1 for the CAS (Clean Access Server) that is the "filter" between your authentication lan and your prod network.
Dominic -
I am trying to change my password, but not remember the security questions and not access recovery email. Please give me a solution.Ana Maria Cappatto Simoes/ F. 11.50414433
Welcome to the Apple Community.
1. Start here (change country if necessary) and navigate to 'Password and Security', reset your security questions using the link provided, you will receive an email to your rescue address, use the link in the email and reset your security questions.
2. If that doesn't help, you don't receive a reset email or you don't have a rescue address, you should contact AppleCare who will initially try to assist you with a reset email or if unsuccessful will pass you to the security team to reset your security questions for you.
3. If you are in a region that doesn't have international telephone support try contacting Apple through iTunes Store Support. -
Problem with Clean Access Agent and Windows Updater
I have a problem with a laptop when using Cisco Clean Access Agent. The agent keeps directing the laptop to get updates from the Windows Update site, but when I have connected the laptop via cable, windows updates tells me there are no updates either essential or optional. The laptop is a Sony VIVO VGN-FJ270 running XP Home Edition SP2 and the Clean Access Agent is version 4.0.2.1
Any help is appreciated!!Verify the allowed hosts in CCA agent.
Try these link:
http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html
http://www.cisco.com/en/US/products/ps6128/products_qanda_item09186a00803b7a81.shtml
Maybe you are looking for
-
Advice sought on external hard drives
Could somebody please suggest a good quality external hard drive to use with a Mac PowerBook G4, which would be compatible with OSX 10.3.9 and 10.5 (which I will be installing shortly)? Thanks!
-
How to change report query dynamically in Oracle APEX?
Hi, I want to dynamically change the where condition in APEX report query. Can anyone help me solve my this problem? (Just want to change the query which we change in Oracle Reports using lexical parameter to change &Where, &Order by etc. dynamically
-
How to Migrate/Transfer files (iPhoto Lib, iTunes Lib, and various other Docs) between an older G4 (10.4.6) to iMac (10.8.5)
-
Limited number of formula operators on InfoProvider level
Hello. I read in documentation that when you create the Calculated Key Figure on the InfoProvider level, there is less operators available, than if you create CKF (formula) on query level. I am a bit confused, because I can see exactly the same list
-
Can you stream files to your TV from your imac using a PS3 or Xbox?
Hello, I'm thinking of buying a mac and I want to know if you can stream media from your mac to a TV via a PS3 or Xbox 360. I currently have a PC and can do this with no problems, but I think my PC is on it's last legs and I've always wanted to swit