Configuring ASA w/8.2(1) to work with ACS 3.3- enable issues.

Similar Messages

• Ipod doesn't work on speakers but headphones are fine and speaker works with iPhone. Possible connector issue? Any thoughts on how I can get the fixed?

  ipod doesn't work on speakers but headphones are fine and speaker works with iPhone. Possible connector issue? Any thoughts on how I can get the fixed?

  Try:
  - Reset the iOS device. Nothing will be lost
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Reset all settings
  Go to Settings > General > Reset and tap Reset All Settings.
  All your preferences and settings are reset. Information (such as contacts and calendars) and media (such as songs and videos) aren’t affected.
  - Restore from backup. See:       
  iOS: How to back up           
  - Restore to factory settings/new iOS device.

• Configuring Document Builder 3.0 (docB) to work with Adobe InteractiveForms

  Hello all,
  I'm wondering if anyone out there has any experience configuring docB 3.0 to work with Adobe Forms. I've been searching SDN and SAP and haven't been able to uncover any guides/documentation related to the configuration of this combination.
  Thanks in advance, your help is truly appreciated.
  -Blake

  Thanks for post
  h
  e
  l
  l
  o

• Cannot get restricted command set to work with ACS 5.5 and HP Procurve switches - Can anyone assist?

  I have AAA authentication working with no restrictions and I have TACACS working with command restrictions for my Cisco gear.

  Hi... I have created a shell profile in Policy Elements -> Authorization and Permissions -> Device Administration -> Shell Profiles which has a assigned privilege level of 15 and a max privilege level of 15.  Further to this I have added a new commands set via Policy Elements -> Authorization and Permissions -> Device Administration -> commands sets. 
  I have referenced the shell profile via Access Policies -> Access Services -> Default Device Admin -> Authorization. And this part of it seems to work fine, but the command set I am using to restrict the commands allowed is not being used...do I need to reference the command set somewhere else within the ACS platform as well?  The configuration I have added on to the Network Device is as follows: -
  aaa new-model
  aaa authentication login default group tacacs+
  aaa authentication enable default group tacacs+
  aaa authorization config-commands
  aaa authorization exec default group tacacs+ local
  aaa authorization commands 15 default group tacacs+ none
  Can you advise what it is I am missing?

• Anyone working with Ascential and has loading issues

  Hi,
  Is anyone out there working with Ascential? We are loading data using Ascential to BW ODS. We would get a log that saids "sending 0 rows in package..." from Ascential, but when it gets loaded to BW, it said there is 1 record and the record row has blank field values when I reviewed the PSA.
  Why is Ascential doing this? Is there any settings that I would have to set on the BW side? Would I have to add any code to the Update Rule routine to set the RETURNCODE? Please advise.
  Thanks,
  RT

  Hi Rob,
  I had faced some problems loading data using Ascential Data stage. Below mentioned are some of them:
  Make sure that all the parameters in the transfer structure are mapped correctly in Ascential, according to the specified business rule.
  (ii) Make sure that the number of fields in the transfer structure in BW are same as the mapped fields in Ascential.
  (iii) Make sure that the size of the all the fields in BW are same  as the mapped fields in Ascential.
  My assumption for your problem could have been with the mapping of the fields.
  Hope the answer was helpful!
  Please let us know if you were able to resolve the problem.
  Regards,
  S.P
  *****Assign points for helpful answers****

• How to configure correctly the Airport Base Station to work with windows PC?

  Hi Friends...
  I am having MacBook Air and Windows PCs with XP & Windows7.
  In MacBook I can use the internet through Airport Extreme Base Station.
  But In windows PCs I am unable to use. It is not getting the IP. And I am unable to configure DHCP also.
  Please help me out in this or let me know where i can get step by step instructions.
  Regards,
  Prakash

  If you temporarily disable wireless security on the AirPort, can both PCs now get their proper IP address information from the DHCP server in the base station?

• Can't get Typekit to work with localhost (also, another weird issue with copy+paste)

  Hi!
  I've searched through the other posts already, and I *think* I've tried all the solutions, but I still can't get the typekit fonts on my machine.
  I'm trying to use the "orator-std" font.  In the "kit editor", in the "kit settings -> kit settings" tab I have for name "localhost" (w/o quotes) and for domains just "127.0.0.1" (w/o quotes).
  Then (AFTER saving the settings from that tab), I go back into edge animate, I start a new font by clicking that + sign next to "fonts", in the "library" tab.  I set the "font fallback list" to ' "orator-std",sans-serif ' (w/ quotes, w/o single quotes), and then go back to the open browser and go to the "embed code", copy both lines of javascript, go back to edge animate, and... nothing.  It won't let me change ANY text in this box anymore after the window loses focus.  I have to press "cancel" and try again.  So this time, I just type in the orator-std... blah blah, same as last time, but paste in the code successfully as it was already in the clipboard and I didn't need to make the window lose focus.  Okay, so I click "Add font", and apply the font to my text.  Nothing happens.
  Huh... well the "Font's from T" picture is showing up in the bottom right of my screen, so that's odd.  I go to preview in chrome, still ugly old sans-seriff there, also with the "Font's from T" logo in the bottom right.
  I figure "okay, probably just takes a second... or a minute... or w/e like the message said."  Well this was at least an hour ago, so something is still wrong.
  I would love to just delete the font and start from scratch... maybe something got screwed up along the way and it would fix things to just start from scratch.  Well... "sorry" says edge animate... can't let you delete that!  In the "libarary" tab, there's only one font visible, it says "orator-std,sans-serif" (w/o quotes).  If I right click it, the only option is "delete" and it's greyed out.
  I tried doing one with arial instead of sans-serif just now, still not working, but everything shows up in arial now instead of sans-serif... so that's something I guess.
  Apologies if this is just a simple problem that I'm just somehow not grasping.  Please accept this legitimate bug report as payment... the er copy paste bug, I mean...
  Thanks!
  Trevor

  Hi Trevor,
  I'm sorry you ran into trouble here. Typekit can be used locally. However there are some necessary steps that if left out, will cause the fonts not to render. In order to use Typekit locally, you've got to:
  1. Be running a local server when testing your site in the browser. You can tell if you're running a local server by the URL of the local site. If it starts with: file:// then you are just viewing the local file in a browser and not running it from a local server.
  If the local URL starts with: http:// then you're running a local server.
  2. The domain of your local server has to be part of the domain list in your Kit. So, if your local server uses: localhost, you'll need to add this to your Kit's domains.
  I hope this helps. If you have any further questions, feel free to reach out to us directly: [email protected]
  Cheers,
  Benjamin

• ICloud Keychain - Works with iOS devices but having issues with Mavericks

  Has anyone had an issue where the iCloud keychain will sync normally to iOS devices but not in Mavericks? It worked fine up until a day or two ago when I was forced to recreate my user profile. (a completely seperate issue forced it) Since then I've been rebuilding my profile but did not use the original Library files so as to avoid a reoccurance of the other problem.
  Have tried multiple things including a complete reset (saving my keychain locally on an iPhone) and then reactivating. All passwords and CC information will sync normally to one of my other Macs and my iPad but my MacBook Air (with the new profile) won't cooperate. There are no errors or alerts and takes my security code to activate it. However, when I look in Safari it only pulls a few 'old' autofill passwords and no CC information.
  Actually just tried loading my iCloud settings (including keychain) in the Admin account on the computer and it worked fine. So the issue appears to be limited to my new profile. Wondering if there's a keychain/preference file associated with Safari that's intereing with it receiving a clean sync from the Cloud. Ideas?

  Just tried resetting my login.keychain and that did not fix the issue either.

• WebLogic Admin Console won't work with java security manager enabled.

  By just enabling the security manager on the command line with -Djava.security.manager and using the default weblogic.policy in the server/lib directory, the admin console will not work. I just see a blank page when I try to access the admin console with permission errors all over on the server console.
  In looking at the admin console's weblogic.xml it should have access to everything since it contains:
  grant {
  permission java.security.AllPermission;
  Are there known issues with this? If I add this permission to the weblogic.policy file everything works fine but then I might as well not turn on the security manager.
  Thanks,
  Dave

  David,
  I was glad to see your post regarding WLS 9.2 and the troubles with enabling Java Security Manager.
  Were you able to learn any more on things like - why doesn't the admin console work when the security manager is enabled with the default policy file. Also, why is it so difficult to add permissions for your own applications and get them to actually work.
  I'd be curious to see if you were able to get it to work or if you have any insights or resources that can help with this as we are really struggling to get a restrictive policy file that works.
  Thanks,
  D

• Does iMovie 11 work with iDVD 6? - sharing issue

  I recently upgraded from iMovie HD to iMovie 11 instead of purchasing the entire iLife 11 bundle in order to import AVCHD files from my Panasonic TM90. However, once I finished creating a project on iMovie 11 and shared it to my iDVD 6, the project would not show up in iDVD. iDVD does start up, but my project doesn't appear. iMovie 11, however, says that the import completes successfully and I can see it loading during the sharing process.
  So I'm wondering if my iMovie 11 is incompatible with iDVD 6. I've thought about using my imported video files from iMovie 11 in iMovie HD instead, and attempting to share it to iDVD from there, but I'm wondering if there are better solutions.

  It should work fine.
  I use iMovie 06 with iDVD 11 all the time. I also have iMovie 11 but I don't use it very often.
  There was a quality upgrade from iDVD 06 to iDVD 08 - 11, (and a quality downgrade from iMovie 06 to iMovie 08 - 11).   I like to use iMovie 11 when sharing movies on the web but for making DVDs I get better quality with iMovie 06 and iDVD 11.
  Starting with iDVD 08 an option called “professional quality” was added.  If you're making DVDs I would purchase iDVD 11.
  If you purchase on iLife 11 on disc, you will have the option of selling it in the future.  Presently, iLife 06 sells for about double the price it cost new.

• Novation Remote 25SL Not Working with Logic Pro (Logic Automap)

  Hi,
  I can't seem to get my new Novation Remote 25 SL to work in Logic Automap mode.
  I have the Remote SL in Logic AutoMap (template #39). When I launch Logic Pro 7, The Remote SL shows : "Logic AutoMap" on the Left LCD display, and nothing else happens, it seems to be frozen at this state. The Up/Down arrows on the Left side don't change anything.
  Any clues why this is happening ?
  I have read many posts on this and other forums of user issues in setting the Remote up properly, and have it work in Logic Automode. Tried many configurations, and settings, re-installed sw, OS 1.0.13, but no luck so far.
  I would like to hear from Logic Pro 7 users who have successfully setup their Remote SL with Logic Pro 7.2.1 in Logic Automode, and are working with this system without any issues.
  This will be very helpful in figuring out if there is something wrong in my settings, or if the unit itself is defective, or I am doing something wrong during the installation of the software ? I have been trying to get this thing to work for the past two days, with no success so far.
  The Remote SL should be a wonderful controller for Logic Pro 7 (once it works !) so, I'm being as patient as I can with this thing.
  I'm using Logic pro 7.2.1 on a Mac G5 2.5 Quad, Mac OSX 10.4.6
  Thanks.

  Hi Blaze,
  I tried your settings, but no change, the Remote SL is still frozen showing :
  "Logic Automap" on the left LCD .
  You mention setting "Mixer View 64" well the parameter I see is called :
  "Mixer View Fader" which I guess is the same one you are referring to. I set it to 64, it was set to 8, but has not changed anything. Still having the same problem. This problem is dragging into Day 3, what a bummer.
  Thanks.

• Issue getting Motorola 9060G scanner to work with 5508 WPA-TKIP

  All,
  We have a new 5508 controller that we are trying to get setup to use our Motorola 9060G handheld scanners. This device uses WPA-TKIP and has been working with a Symbol controller without issue. I need to retire this controller so started re-creating the SSID on the Cisco controller. I am having issues getting the scanner to connect with the new SSID. It looks like everything works fine with no security but once I start to enable WPA+WAP2 I get no connectivity. Laptops work fine just not the handheld. I have tried every combination I can think of for AES and TKIP under the WPA and WPA2 policies. I have also gone through the Cisco Best Practices guide for Motorola/Symbol Wireless Handheld Scanners and so far unless I have no security I cannot get things to work properly. I tried doing a debug client to see what or how the two are talking but I can only get results with security set to open. Just looking for other suggestions as to something that I might be missing. My controller is running 7.6.100
  Thanks ...
  Brent Berry

  We have a new 5508 controller that we are trying to get setup to use our Motorola 9060G handheld scanners. This device uses WPA-TKIP and has been working with a Symbol controller without issue. I need to retire this controller so started re-creating the SSID on the Cisco controller.
  Just be aware that the Wi-Fi Alliance has scheduled the "elimination" of TKIP.  What you are about to do is a "temporary" solution.  You can get the scanner to work now because you are using WLC firmwares that still support TKIP.  However, if (in the future) you need to upgrade your controller's firmware to support newer wireless access points, your scanners may not work any more.  
  Read HERE.

• Proteus X1 works with vista

  With new vista asio drivers Proteus X1 works with Vista. The only issue is that the initial authorisation of the Proteus X1 against the Proteus CD failed 5 times before it worked but thats a one off process at installation.

  Try this:
  download the FP uninstaller from http://www.adobe.com/go/tn_14157 (save to disk);
  download the FP installer
  for Internet Explorer http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_ax.exe (save to disk);
  for all other browsers http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player.exe (save to disk);
  close all browser windows, then run the downloaded uninstaller, followed by the appropriate installer.
  The installation is successful when you see the Flash animation on this page http://www.adobe.com/software/flash/about/

• Sblive not working with Cool n'Quiet, how about Audigy

  My SBli've will not work with Cool n'Quiet enabled. I tried moving it from slot to slot, I fumbled with the Bios (and every change made matters worse), memory is ok (at least according to memtest and prime95), kx drivers won't help either (but sound a lot nicer).
  Well, what gives, the card is a little over seven years old and has earned a retirement.
  I'm thinking about replacing it with an Audigy 4 (not pro) und would be very happy if someone could write about her or his experience with the card, esp. with Cool n'Quiet enabled.
  Btw. what kind of card is it anyway? Does it use a 0k2-Chip?
  thanks
  My System:
  AMD X2 3800
  Asus A8V (Via KT800pro, AGP)
  Nvidia 6600GT (AGP)
  024 Mbyte RAM (conservati've timing)

  I cant promize anything, but it should work. X-FI and Audigy 2 work just fine with C&Q enabled. So Audigy 4 should work fine too.

• How to configure Cisco ASA 5500 to work with the iPhone

  We have Cisco ASA 5510 (latest firmware version), and apparently, according to Cisco website it is compatible with new iPhone 3G's IPSec client:
  http://www.cisco.com/en/US/docs/security/vpnclient/cisco_vpnclient/iPhone/2.0/connectivity/guide/iphone.html
  We've setup our first iPhone properly. It connects fine to the network, shows VPN connection as active. Gets a private IP address. But does not let any traffic go to the internal network. We thought it might be DNS problem, but it cannot connect to Exchange server even when using IP address instead of DNS. No luck either.
  After checking ASA logs, we found that iPhone goes through Phase 1 authentication correctly. But then gives some kind of error, mentioning "Attribute 5".
  Has anybody been successful configuring ASA5500 series (in particular 5510) to be used with iPhone?
  I noticed that many people are having these problems.
  Please do not post to this topic if you have ANY OTHER Cisco device.
  Cisco specifies that iPhone is compatible only with Cisco ASA 5500 Security Appliances and PIX Firewalls. Neither Cisco IOS VPN routers nor the VPN 3000 Series Concentrators support the iPhone VPN capabilities.
  Let's keep this topic only for users of ASA 5500 series and PIX Firewalls.
  It would be extremely helpful for a large number of users if somebody posted a list of settings for ASA5500 or PIX firewall that DO work with iPhone 2.0
  Thank you!
  Oleg R

  We found the solution and a bug in Cisco firmware (seems to be a bug).
  First of all, thanks to our Chief Systems Architect Seb, here is a config that worked for us on a Cisco 5520 (latest firmware).
  access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
  access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set iphone esp-3des esp-sha-hmac
  crypto ipsec transform-set iphone mode transport
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set pfs
  crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 iphone
  crypto map outside_map 10 match address vpn
  crypto map outside_map 10 set transform-set ESP-AES-256-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEMDEFAULT_CRYPTOMAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto isakmp policy 20
   authentication pre-share
   encryption aes-256
   hash sha
   group 5
   lifetime 86400
  crypto isakmp nat-traversal 20
  group-policy iphone internal
  group-policy iphone attributes
   wins-server value <insert ip> <insert ip>
   dns-server value <insert ip> <insert ip>
   vpn-tunnel-protocol IPSec
   ipsec-udp enable
   ipsec-udp-port 10000
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value iphone_splitTunnelAcl
   default-domain value <insert domain name>
  tunnel-group iphone type remote-access
  tunnel-group iphone general-attributes
   address-pool VPN-Pool
   authentication-server-group ActiveDirectory2
   default-group-policy iphone
  tunnel-group iphone ipsec-attributes
   pre-shared-key <insert pre-shared key>
  For iPhone you have to be using IPSec tab for configuration.
  We tried to set up this config using the wizards, but it would not work.
  Later it turned out that wizards by default set this setting:
  "crypto isakmp nat-traversal 20"
  equal to zero and there is no way to change it from the GUI.
  Only after we changed it (increased the value from 0 to 20) through the command line the connection started working perfectly.
  Please let me know how it works out for you.
  Message was edited by: Rogik
  Message was edited by: Rogik