Cisco ISE with both internal and External RADIUS Server

Similar Messages

• ILife with both internal and external hard drives?

  I've been considering switching from a homebrew, multi-boot desktop to a MacBook for my primary computer, in part so I can hang out with my family in the living room rather than be exiled to the home office when I want to compute.
  But here's my concern: I have media. We have about 50 GB of iTunes; maybe 30 GB of iPhoto; and tons and tons of digital video that would be stored in iMovie. Obviously the libraries are all interlinked. And it's all growing. I also like to rip DVDs and re-encode them for my iPod and AppleTV. Right now, my desktop has 480 GB of internal storage and that's just about enough.
  I have discovered that the MacBook only comes with an option up to 250 GB. I absolutely need AppleCare, so I can't get an aftermarket hard drive. (All my Macs break - this one from the office that I'm on right now has a bum DVD drive, and my wife's has needed both fan and logic board replacements.)
  While I'm aware of the existence of external hard drives, I'm concerned about Apple's non-external-hard-drive-friendly way of storing iLife data. If I wanted to keep more recent or useful music and photos on the internal drive but older stuff on an external, and still be able to use iLife seamlessly, would that be possible? (I see myself editing recent video in the living room, but then hooking back into the external HD in the office if I need older stuff.)
  What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
  Thanks!

  Sascha Segan1 wrote:
  .. What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
  all iApps (iPhoto, iTunes, iM08) support usage of external drives as 'mass storage' devices.. you can tell all apps which drive to use for the Libraries.. there some tools out there, which even allow the usage of 2/many different Libraries in iTunes/iPhoto..
  for iM in detail: the Projects are small files, and should stay internal (allthough I'm discribing a 'hack' on my site: http://karsten.schluter.googlepages.com/im08tricks Project Library (and Events) on External Harddrive); the Events (=GBs) could be located on as much ext. HDDs as you want..
  but ...
  all iApps are single-user .. you can NOT 'share' Libraries to 2/many different users; the idea of a 'media server' which hosts/shares all kind of data to all kind of users is not 'on concept' of iLife ..

• Cisco Presence/Jabber both internally and externally

  We have installed the Cisco Presence server and intergrated it with our Microsoft Exchnage for ldap, Cisco Unified Communications Manager, and Cisco Unity Connection for phone and voicemail support.  It is all installed inside our corporate network and with my testing, I have found it to be available outside our Corporate network as long as I have a VPN configured and active from outside.
  However, management wants the enitre thing accessible from both within and from the outside without having to have a VPN connection. Does anyone know of a method for doing this or could point me to some good documentation as to what would be required?
  Thanks in advance.
  Gene

  If you are using Jabber onPrem with CUPS, the only way this will work (for now) is using VPN.  This will give the external using IM/Presence/CUCM.  You cant really open CUCM or CUPS via 5060 Ports and expect it to work.  The problem is the internal/external IPs are not proxied correctly and presence will not work.
  If your management really wants to have this seamless inside and out, the best solution right now is to use Jabber Cloud and use VPN back for CUCM call control on the client. (mobile or PC/Mac).
  Hopefully sooner than later we will see a "Presence gateway" that will sit in the DMZ and connect external IM clients to the internal CUPS server,

• Delivery report shows status of Pending for external address. Email sent to both internal and external addresses.

  We have an Exchange 2013 on-premise server and seem to have an issue with emails sent to internal and external users at the same time.
  The issue came to light because someone sent an email to 44 recipients, of which one was internal. None of the external recipients received the email. I checked the delivery report in the EAC and found the internal email marked as 'Delivered' and all of
  the external ones marked as 'Pending'. I checked the queues and there were none. I did some testing and sent an email to just one of the external addresses on the list, it arrived. I tried sending the email again to all of the recipients, the external ones
  all showed 'Pending'. I tried it again, but this time excluded the internal email address and all of the 43 external emails were immediately delivered.
  So it seems that the issue only arises when we are sending to both internal and external addresses.
  I then tried a test email to one internal address and one external address. The Delivery report says that the internal address was delivered immediately, while the external address is 'Pending' and gives more information saying: 'Message delivery is taking
  longer than expected. There may be system delays. For more information, contact your helpdesk.'. To add further mystery to this, the email was actually delivered.
  So, I have two concerns:
  First is seems that some emails sent both internally and externally are only arriving internally. This is a huge problem because I don't know how many have been affected. There may be many lost emails we don't know about.
  Second, it looks like I can't trust the delivery report. It says pending for some emails which didn't arrive, but it also says pending for some which did arrive. That is no good at all.
  For info the server is running Windows Server 2012. I have run a Microsoft Update to check if there are any to apply and the only Exchange one is a spam filter update, which I doubt has any bearing but I will apply when I get chance.

  Hi Neil,
  According to the description, I find a related KB on Exchange 2010:
  https://support.microsoft.com/kb/2694474?wa=wsignin1.0
  It has the similar situation as yours.
  This issue occurs because a function in a message tracking component tries to obtain the information for the recipient instead of the external recipient.
  Please try to upgrade to the latest Exchange update to check whether this issue can be solved.
  Also please check whether Throttling has been set.
  Please run "Get-TransportService | fl" to check the MaxOutboundConnections parameter value.
  More details to see:
  Message throttling 
  http://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• SiteMinder integration with the internal and external facing portals

  Hi ,
  We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
  and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
  If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
  I appreciate if anyone  can help me for my above query .
  Regards
  Tag

  Hey Tag,
  We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
  For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
  So each one of them is connected to 2 different LDAP Directories.
  I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
  You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
  Hope that helps.
  Regards,
  Keith

• Add account fails both internally and externally, but autodisover is working

  Recently our internal DNS zone was deleted on remote DC and the change propagated to all of our DNS server. I was able to make a copy of zone and restore it. The Exchange server is back online and working for existing machines, but when we attempt to add
  a users profile to a new machine or a remote machine the auto setup fails. I am not sure if it is DNS related, because our external DNS was not affected, but I wanted to mention it because I think it has something to do with problem. The following happens
  now:
  It finds the user.
  Fails to logon:
  Tells me I must provide the mail serve name
  When I click on check name it tells me the name cannot be resolved.
  I have been banging my head against the wall here, because both internal and external exchange connectivity test pass. Also,
   I cannot find anything in the event logs that looks related. Any ideas?

  Hi,
  Please refer to the following article to troubleshoot the issue:
  Outlook: Unable to perform a Check Name or connect to an Exchange mailbox
  To resolve this issue, import the User Shell Folders registry key from a working Windows User Profile.
  Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added
  protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Pictures on both internal and external HDs

  Hi -My iphoto libray pulls pictures from both my internal and external hard drives.  When the external is turned off or disconnected, I get a lot of outline/exclamation point errors.  I'd like to pull all the external photos onto the internal hard drive, have all the pictures in one place, and ensure the whole set is backed up in time machine.  But I can't tell which pictures need to be imported without going one at a time...through 30000 pictures.  Sigh.  Is there a better way to do this?  Thanks!

  If you use iPhoto Library Manager - http://www.fatcatsoftware.com/iplm/ -  to rebuild the library while the photos are available and the preference is checked it will create a new managed library - the old one will be intact in case you are not happy with the results of the rebuild
  LN

• ISE 1.2 Patch 2 External RADIUS Server Sequence Broken?

  Hi community,
  We have upgraded our proof of concept ISE 1.2 lab to Patch level 2.
  Our lab design includes the use of external RADIUS servers which we off-load certain authentication rules to.
  To ensure resiliency of the external RADIUS service, we have two of these which we add to a RADIUS Server Sequence, the idea being that if the first in the list is unavailable, ISE will try the second and all will be well.
  Now this worked for us in testing ISE 1.2, but I have noticed that after the upgrade to Patch 2 ISE is sending the majority RADIUS traffic to the first (failed) external RADIUS server, with only the odd RADIUS Access-Request to thte next in the list.
  Anybody else come across this??
  All helpful comments rated!
  Many thanks, Ash.

  I couldn't find any known issues with this feature. Could you please paste the screen shot of external radius sequence and configuration. Also, how are we determing that the first server in the sequence is DEAD?
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Problems with re authentications in a wireless with WLC working with web authentication and a radius server

  Hi everyone, im having problems in a wireless network, the SSID has security layer 2 WPA, layer 3 web authentication (internal default page), and external RADIUS.
  When a client makes a roaming from one AP to another one or when he has a idle time, he needs to re authenticate in the web login page. Somebody knows a solution to avoid this behavior?. Or somebody has a troubleshooting way to determine why the clients have this problems??

  A few things I can share that might help .. Your actually feet on the ground will be importnat to see this issue for yourself.
  I know when a client or if the AP sends a DEAUTH frame the client will need to reestablish its connection and it will 100% of the time require a new web auth. If a client loses connection while roaming and a DEAUTH is sent on either side you will get the page. If youre client isnt romaing cleanly this can be a problem.
  Another problem is your using EAP. Are you using CCK or a device that supports OKC. What does your radius server say when a client roams ?
  You could also simply your config and then reapply your security and see where it breaks. By this I mean. For testing, create a SSID turn off security and leave layer 3 web auth on. Roam and see what happens. If it works, then start to apply the security and see where it breaks.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• 2610 LAN configuration with devices on both internal and external IPs

  I am more than a bit rusty and reconfiguring a network due the arrival of a new SBS office server. The new office server (and clients) needs to connect to the Internet via our Cisco 2610 router. The server is say 10.1.1.10 and the FastEthernet0 interface on the router is set to 10.1.1.200. The 2600 has a Serial0 interface that is connected to a leased line with an external IP address. We also have our own class C IP range used for web, mail and dns servers.
  So:
  OfficeServer (10.1.1.10)<----->FastEthernet0(10.1.1.200)[2600 ROUTER1]Serial0(123.123.123.54)<---leased line--->ISP(Internet)
  However, I also have a webserver etc in our office, with an external IP address from our range, that needs to, and can, see the Internet.
  So, we also have, on the same router:
  WebServer (90.4.123.35)<----->FastEthernet0(90.4.123.254)[2600 ROUTER1]Serial0(123.123.123.1)<---leased line--->ISP(Internet)
  interface FastEthernet0/0
  ip address 10.1.1.200 255.255.0.0 secondary
  ip address 90.4.123.254 255.255.255.0
  ip nat inside
  speed auto
  full-duplex
  interface Serial0/0
  description Connection to NTL
  ip address 123.123.123.54 255.255.255.252
  ip broadcast-address 123.123.123.55
  ip access-group inboundfilter in
  ip access-group outboundfilter2 out
  ip nat outside
  encapsulation ppp
  no fair-queue
  The FastEthernet0 interface has both an internet and external IP address mapped to it. Currently the office PCs use the external IP address as their gateway address and this works, however the new server is more secure and won't allow this.
  There is NAT and access-lists running on the Cisco and each office PC has an internal IP address that is NATted to a dedicated external IP.
  At the moment the webserver can see the Internet, but the office server cannot. Office PCs can see the Internet if they use the external IP address mapped to FastEthernet0/0 direct as their gateway address (although you get a message suggesting that this is not the way to go). So I am trying to resolve this whilst also trying to set it up better/properly.
  What is the best way to do this (all assistance appreciated)?
  Do I need to NAT the internal office server IP to an external IP address for it to see the internet?
  Do I need to NAT the internal gateway address to an external IP address or will the router be able to route this anyhow?
  Could it be DNS, so should I set the DNS server on the office server NIC to the ISPs DNS server, or to the Cisco

  The best solution is to renumber the webserver to an internal ip address and configure a static nat on the router:
  ip nat inside source static
  http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/gt_ntsip.html
  regards,
  Leo

• Cisco ISE with EAP-FAST and PAC provisioning

  Hi,
  I have search with no result on this topic. So, Does anyone have implemented Cisco ISE authentication with EAP-FAST and PAC provisioning ?
  Since I have an issue with internal proxy, user required to authenticate with an internal proxy before granting access to the internet.
  If you have any documents, it would be appreciated for me.
  Thanks,
  Pongsatorn

  From what I understand a Internet proxy PAC and a eap-fast PAC are two different purposes.
  Is that what you are trying to get clarification on.
  Basically eap fast PAC provisioning is a PAC that s provisioned when a client authenticates successfully. The client provides this PAC for network authentication and not proxy authentication.
  Sent from Cisco Technical Support iPad App

• Dark displays, now both internal and external

  I've occationally had problems with the display on my 17" MacBook Pro 2008 (Model A1261): sometimes the screen would not turn on. It started the first year I had it, but at the Apple store (when I got a bad key fixed) the repair man just said "Yeah, I've that problem sometimes too" like it was nothing to bother about :[
  When I'd had the MBP for 2 years the problem became worse. Sometimes only my added display would light up, behaving as if it were my main display. But clicking on Detect displays would bring up MBP's display as well.
  But now I can't get any display on at all, neither internal nor external :[ :[ :[
  I've tried restarting several times. No response in either display.
  What can I do?? I've had the MBP for 2 and a half year now.
  Reset PRAM doesn't work - there's no regular upstart sound, but I can hear the hard disk running and the little white light in the front is on.
  And if I need to do a complete reinstall, is there any reasonable way to save the files? (Hard to see what I'm doing when the screen is black...)

  The only thing you have to do is to click the 'Reset' button in Preferences>Advanced>General.
  Your 'iTunes Music folder location' will be reset to the default location on the internal disk.
  All new imported music will be stored there.
  New added music will be stored there if you have the checked 'copy files to iTunes Music folder location when adding to library' in Preferences>Advanced>General.
  When your new Mac arrives and you want to transfer the library, first copy the entire 'iTunes' folder (in ./Users/YourUsername/Music) from your eMac to the exact same location on the new Mac.
  To transfer the iTunes folder, you can burn it on CD or DVD, but a lot easier is to put the eMac in Firewire target mode.
  This article tells you how to do that:
  How to use FireWire target disk mode
  After the transfer of the iTunes folder is completed, connect your external drive and run iTunes.
  The new Mac will have a newer iTunes version and it will take some time to convert the old library format to the new format.
  Once all works OK and If you want all your music on your new Mac, use the 'Consolidate Library...' command from the Advanced menu in the menubar.
  All music from the external disk will be copied to the internal disk.
  Hope this helps.
  M
  17' iMac fp 800 MHz 768 MB RAM   Mac OS X (10.4.6)   Several ext. HD (backup and data)

• Using files on both internal and external hard drive

  Hi,
  Could someone help me with (or point me to help on) the following questions:
  - i would like to use itunes where some of the music files are stored on my internal PC drive, and some are on an external drive. do you know how to have the library work with both, without copying over the ones on the external drive to the internal drive?
  - and on the external drive, what happens if the PC gives the external drive a different address (e.g. "G:/" instead of "H:/", since i have a couple of different external drives)?
  - lastly, can i move the files into different folders in windows, without itunes losing where the file is?
  With thanks in advance

  If you go to your iTunes preferences: Edit >>Preferences>>Advanced>>General and uncheck the box "Copy to iTunes music folder when adding to library", then you can add files to iTunes from your external drive without copying them across. I am assuming your have your iTunes Music folder on your c: drive.
  Note that any files you download from the store or rip from CD will automatically go into the iTunes Music folder. If you want files ripped from CD on the external drive, it is easier to rip them with another program. Then add to iTunes when they are in the correct location.
  If you want to have files on an extrenal drive, you must ensure that the drive letter does not change or iTunes will lose the files. Also you must not move files in your iTunes library with windows explorer or iTunes will loose them.

• Lync Implementation with different internal and external domain sync

  Hello Experts,
  Having Windows 2012r2 with Lync 2013 frontend and Edge 2012 server on Win2012. Internal domain name is test.local and Internet domain name is : tgroup.com. Internally all the clients are able to sync with frontend
  server using [email protected] or [email protected] Internal CA and External Digicert works fine. But only problem is with external clients who want to communicate through edge server. 
  Edge server has 3 LAN ip address (nat with public IP), 10.10.10.2, 10.10.10.3, 10.10.10.4 and another Internal network interface which has ip 10.10.20.3
  which uses that to communicate with front-end. 
  How to achieve this ?  We dont have reverse proxy configured and we have only two servers. 
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  The reverse proxy is used to publish URL's like the meet and dialin url, the address book url and the lync mobile client (smart phones and tablets) urls. This doesn't impact the external desktop user access as thats via the edge server. There is more to
  it than that but for the sake of keeping this simple lets stick to that for now.
  As far as SIP domains go. Think of your Lync users as having a SIP address similar to email addresses. You wouldn't have a user with an internal email address but with a different external email address. In fact best practice is to have the Lync SIP address
  match the email address.
  My reccomendation is to use the ttgoup.com as a sip domain and not the test.local
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Lync Sorted blog

• 12" won't read Cds, DVDs OK both internal and external optical drives WEIRD

  Very strange one.
  12" 1Ghz, 1.25gb RAM - Combo drive - 10.5.4; Great condition.
  No CDs mount, Audio, CDR all dyes. No mounto at all.
  DVDs mount and play fine, shop bought films data on DVD-/+R, all OK
  The above is true for the internal Matshita combo drive and for two other external Lacie d2s
  One Firewire and one USB both exhibit the same behaviour.
  Finder Preferences are ticked to mount both DVD and CD.
  Please solve this one, I am going slightly mad. It doesn't make sense to my mind
  Cheers all!

  Hello HankMossop,
  I would recommend taking a look through the following article for some useful troubleshooting steps that can help get your SuperDrive working.
  Apple Computers: Troubleshooting the slot-loading SuperDrive
  http://support.apple.com/kb/HT2801
  Cheers,
  Allen