Configuring TACACs Server for Cisco VPN 3000

Similar Messages

• Can't Ciscoworks LMS 4.2.2 back up the configuration of Cisco VPN 3000 concerntrator?

  Hi All,
  In VPN 3000 concerntrator, I've enabled tftp, telnet, snmp. I've also successfully added the concerntrator into Ciscoworks LMS 4.2.2. All the ports are verified open to Ciscoworks. No question mark shows next to this device in the device management of LMS. However, when I run configuration Achive Job, I always get the following failed message. Can anybody tell me how to to back up the configuration of Cisco VPN 3000 concerntrator in Ciscoworks LMS 4.2.2? Thanks in advance.

  Sorry, but apparently not. Please see the supported devices table (here).
  That table states, among other things:
  The following features are not supported:
  Network Topology Layer 2 Services
  Fault Management
  Configuration Deploy Protocols: HTTPS, TELNET, SSH, SCP, TFTP, RCP
  Configuration Fetch Protocols: HTTPS, TELNET, SSH, SCP, TFTP, RCP

• Maximum number of local users on a Cisco VPN 3000 Concentrator

  Hi,
  Do you know if there is a specific maximum number of local users that can be created on a Cisco VPN 3000 Concentrator? If possible, we would like to know the number for the different models.
  Thanks in advance for your help!
  Harry

  Hi Harry,
  Please see table 13-1 for that information, and read Authentication Server Limits paragraph
  http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/Usermgt.html#wp1685274
  Pls rate any helpful posts
  Bst Rgds
  Jorge

• Certificate authentication for Cisco VPN client

  I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
  I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
  Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.                    

  Dear Doug ,
            What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
  With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
  1)  What is the AnyConnect Essentials License?
  The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers"  platform limit with AnyConnect.  Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device.  With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
  You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150      
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  Security Contexts              : 2        
  GTP/GPRS                       : Disabled 
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 750      
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          : Disabled 
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150      
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  Security Contexts              : 2        
  GTP/GPRS                       : Disabled 
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 750      
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          :  Enabled
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled
  Any connect VPN Configuration .
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

• AnyConnect for Cisco VPN Phone demo license

  I want to test VPN Phone in the ASA5520,but "show ver" find the "AnyConnect for Cisco VPN Phone : Disabled", www.cisco.com/go/license i didn't find register AnyConnect for Cisco VPN Phone demo license, how to apply for the demo license??
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled
  VPN-3DES-AES                   : Enabled
  Security Contexts              : 2
  GTP/GPRS                       : Disabled
  SSL VPN Peers                  : 2
  Total VPN Peers                : 750
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled
  AnyConnect for Cisco VPN Phone : Disabled
  AnyConnect Essentials          : Disabled
  Advanced Endpoint Assessment   : Disabled
  UC Phone Proxy Sessions        : 2
  Total UC Proxy Sessions        : 2
  Botnet Traffic Filter          : Disabled
  This platform has an ASA 5520 VPN Plus license.

  Hi there,
  Did you try
  https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
  Cheers!
  Rob
  "Why not help one another on the way" - Bob Marley

• How to configure SMTP server for osb 10.3.1

  Hi All,
  Can anyone share information on how to configure SMTP server for osb 10.3.1
  and then how to send an email from osb 10.3.1
  Thanks in Advance!!

  Thanks a lot!!
  I configured the same way. When I am sending email to an account on the same domain as my SMTP server is the sending of email is successful. But its giving error when I am trying to send an emain to an account which is on different domain. It giving error as "Operation has been cancelled"
  Please suggest something.

• Configuring Radius server with Cisco MDS - 9606 switch

  Need help in configuring Radius server with cisco MDS - 9606
  please let me know if any document available

  rtt min/avg/max/mdev = 0.260/0.327/0.468/0.077 ms
  IFCBCCEMCSW2# sh version
  Cisco Storage Area Networking Operating System (SAN-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software may be covered under the GNU Public
  License or the GNU Lesser General Public License. A copy of
  each such license is available at
  http://www.gnu.org/licenses/gpl.html and
  http://www.gnu.org/licenses/lgpl.html
  Software
  BIOS: version 1.1.0
  loader: version 1.2(2)
  kickstart: version 3.3(1c)
  system: version 3.3(1c)
  BIOS compile time: 10/24/03
  kickstart image file is: bootflash:/m9500-sf1ek9-kickstart-mz.3.3.1c.bin
  kickstart compile time: 5/23/2008 19:00:00 [06/19/2008 23:56:56]
  system image file is: bootflash:/m9500-sf1ek9-mz.3.3.1c.bin
  system compile time: 5/23/2008 19:00:00 [06/20/2008 00:26:51]
  Hardware
  cisco MDS 9506 ("Supervisor/Fabric-1")
  Intel(R) Pentium(R) III CPU with 1028596 kB of memory.
  Processor Board ID JAB094300ER
  bootflash: 250368 kB
  slot0: 0 kB

• AnyConnect for Cisco VPN Phone Spanless recording?

  I'm looking to add this to my existing ASA5520.
  Does AnyConnect for Cisco VPN phone support spanless recording?
  If not what options are there?
  Thanks,
  Mike

  Hi there,
  Did you try
  https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
  Cheers!
  Rob
  "Why not help one another on the way" - Bob Marley

• Support for Cisco VPN "mutual group authentication"

  Hi,
  Does anyone know of support plans for Cisco VPN mutual group authentication in the built-in VPN client on MacOSX?
  Thanks,
  John

  I would like to know the answer to this as well.
  Thanks,
  Josh

• Can't configure tacacs-server port

  We're unable to configure a specific port, which is required for our customer for the tacacs-server.   One of the devices is a 7604 router running this image -
  c7600rsp72043-adventerprisek9-mz.122-33.SRD6.bin.  The other device is a 2960 switch with the following image - c2960-lanbasek9-mz.122-35.SE5.bin.
  We don't get the option to add a port after the tacacs-server host x.x.x.x command. 
  Any ideas would be greatly appreciated!
  Regards..

  Hi
  Please go through this link, this will be helpful regarding TCSACS Authentication and Fortigate configuration:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/acsuserguide.html

• Migrating from Linux based Tacacs+ server to Cisco ACS 1113 appliance

  I'm trying to migrate my configuration from a Linux based Tacacs+ server to the Cisco ACS 1113 appliance. Does anyone have any recommendations.
  Thanks.

  Hi
  We (extraxi) offer migration and general consultancy for ACS if you need professional help.
  www.extraxi.com/contact.htm

• TACACS+ Authentication For Cisco NAM

  Hi All,
  I have an cisco ACS v5.1 and also a cisco NAM. Currently, I have configured TACACS+ on the NAM and the ACS v5.1 however when I try to access the NAM, the ACS v5.1 has an error message of "TACACS+ authentication ended with error" and I am not able to access the equipment.
  For your information, I have no problem with others equipment TACACS+ authentication with the same ACS.
  Please advise.
  Thks and Rgds

  Steven
  I would first suggest that you verify that your ACS has an appropriate and correct entry configured for the NAM as a client. Assuming that is correct then I would suggest that you check and verify that the NAM is originating its TACACS requests from the address that you configured for the client on the ACS and that the shared secret is the same on both devices.
  If those are correct then I would suggest to look in the Failed Attempts report of ACS and see if it provides a better identification of the problem.
  HTH
  Rick

• How to configure mail server for subscription

  Hi,
  I want to test subscription. My problem is how to configure the mail server.
  As to my understanding, we need first configure mail server, then the user can choose "Subscribe" in the Details screen of a folder.
  My steps are:
  1. In KM - CM - Utilities - Channels, specify SMTP server, userId and password.
  2. In KM - CM - Utilities - Channel originators, set the Original address for notificator.EMAIL.
  3. In KM - Collaboration - Groupware Transport - Mail Transport, specify SMTP server and sent message folder.
  After that, when I choose a user and click "Send email", it failed saying "Failed to communicate with SMTP server when sending the email.".
  Could anyone tell me what's wrong with my configuration, or what should I do to make subscription work?
  Thanks,
  Ray

  Hi Vineeth,
  Thanks for help.
  According to your steps:
  1. set up a mail transport and making notification and mailing service active.
     In System admin - KM - CM - Global services, I've enabled Inbox, Mailing and Notification services.
    In KM - CM - Collaboration - Groupware Transport, I've set up a mail transport:
    Name: JavaMailTransport
    SMTP Server: smtp.yahoo.com
    Sent message folder: /documents
    System alias name: mytransport
  2. Give everyone read permission on notifications in KM.
    Where can I set user's permission on notifications? I think you mean folder /etc/notifications, but I don't know how to set permissions.
  3. Check if proper id's are maintained in users profile.
    How to do this?
  Thanks for help~~
  Regards,
  Ray

• QoS for Cisco TelePresence 3000

  What are the QoS requirments for the Cisco TelePresence 3000 connected to a Cisco 6500 running CAToS?
  Thanks in Advance.

  This doc should help you:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800c65c9.html

• Configuring Mavericks Server for AUSST 3.0

  Could someone please explain to me how to configure an OSX 10.9 server to host updates?  I have downloaded all the updates and am now having trouble configuring the server to share out my updates folder.  The instructions that Adobe provides are more geared towards Windows servers.  Any help would be much appreciated.

  Anyone?