Does Cisco ASA support android ?

Dear all,
Does Cisco ASA 5505 support android ? for smartnet phone and other systerm use anddroid.?
Best Regards,
Rechard

Rechard,
Just adding my two cents:
ASA and Native L2TP-IPSec Android Client Configuration Example
Android and L2TP/IPsec Clients
AnyConnect Mobile License
HTH.
Message was edited by: Javier Portuguez

Similar Messages

  • Does ASA Support Android Hybird RSA Authentication ?

    Dear all
    Does ASA Support Android Hybird RSA Authentication  ?
    I should be such as to set the ASA firewall, let him support Android VPN Hybrid mode under my settings
    tunnel-group IPsec_Hybird_Tunnel general-attributes
    default-group-policy Android_Hybird
    authorization-required
    tunnel-group Android_Hybird_Tunnel ipsec-attributes
    ikev1 pre-shared-key **********
    chain
    ikev1 trust-point CA
    ikev1 user-authentication hybrid
    tunnel-group Android_Hybird_Tunnel ppp-attributes
    authentication ms-chap-v2
    crypto ikev1 policy 10
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    when i debug find this message
    %ASA-7-713906: IP = 1.1.1.1, All SA proposals found unacceptable

    I've managed to configure IPSEC hybrid(Mutual group Authentication) with the Cisco VPN client, which uses a pre-shared key and CA certificate as well as Xauth. When using "IPSec Hyrbid RSA" on an an Android device, my attempts to configure it on the ASA have failed.
    Log message:
    3
    Jul 25 2013
    20:39:54
    713048
    IP = 192.168.7.76, Error processing payload: Payload ID: 1

  • Does Cisco ASA understand every Sun RPC applicactions?

    We have a customized program using Sun RPC. The server is located on lower security interface, client on higher security interface (sorry, have to do this)
    If we give IP any any rules on lower security interface, by examine all relative packets by wireshark, this program seems do all normal Sun RPC activities: client use a ephemeral port call server's 111 port, get portmap, end TCP session. Then client start a new TCP session and talk to server using this negotiated ports.
    However, if we remove the ip any any rules on lower security interface (server side), we can only observe the port negotiation TCP session. The firewall seems forgot the negotiated ports and blocks all server to client (low to high) packets.
    When we test this for NFS which is also using Sun RPC protocol, with the same interfaces and settings (client interface(security level 100) - ip any any, server interface (security level 0) - deny all), everything works fine. All packets pass the firewall and connection is stateful. All works good.
    I don't really understand why this is happening, since all connection initialized by client side (higher security level) using only TCP, every thing should pass through and stateful.
    The ONLY ABNOMORMAL thing about our customized program is: it using random port from 600-1000 as source negotiate port to talk to server ephemeral ports (32000-61000) for transfering data. And, the connection is through VPN. (there is no special rules or inspections used for VPN connection, without deny all on server side (low security interface), every thing works fine)
    Is Cisco ASA 5510 doesn't support our Sun RPC application or is there anything I did is wrong?
    Thanks for any help!

    Just find out: It is because of VPN. VPN will not automatical allow TCP packets coming back. Is there any solution for that? Or any options I can tune wiht VPN settings?

  • Does Cisco NAC support Wireless LAN?

    Hi There
    I know Cisco NAC supports Wireless LAN. I have deployed this myself with various brands of Autonomous APs. These works fine only in in-band mode, not in out-of-band mode.
    However, Cisco did mentioned for Cisco AP, with Cisco NAC and Cisco switches, out-of-band is supported. I tried this today, and it's either Cisco is wrong, which is highly unlikely, or I did not configure either the NAC portion or the Cisco AP correctly, which is most likely? I wonder where did I go wrong? Please somebody, advice me on this?
    Regards,
    Ram
    +6012-2918870

    Hi Ramraj,
    You can do out-of-band with Wireless deployments now, however you must have a Wireless Lan Controller managing your APs. You cannot do it with standalone APs.
    The guide below goes through most of the configuration:
    http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a138cc.shtml
    Thanks,
    Nate

  • Does Cisco ASA 5500 can protect DDos Attack - Sync Flood?

    Dear All,
    Anyone do you know Cisco ASA 5510 or 5520 can protect DDos attack ans sync flood ?
    I have problem on this, so how can i protect on this, some time i saw on my log like this
    "sync flood " or "ddos to xxx.xxx.xxx.xxx" the ip address random .
    Please help me to solve this issue?
    Best Regards,
    Rechard

    Hi Rechard..Those are tcp connection values
    ip inspect max-incomplete high value (default 500)---------------->embryonic connection upper threshold value
    ip inspect max-incomplete low value (default 400)-------------------->embryonic connection lower threshold value
    ip inspect one-minute high value (default 500)------------------------>total connection  in 1 minute, upper threshold
    ip inspect one-minute low value (default 400)--------------------------->total connection in 1 min, lower threshold
    ip inspect tcp max-incomplete host value (default 50) [block-time minutes (default 0)]
    Therefore by implementing IOSFW in your router and tweaking these values you may protect your internal servers from being bombwarded by SYM flood or any DOS flood, keeping in mind if there is a trrue attack then your router will proctect your internal servers however router itself will take a toll on itself, ideally to mitigate an attack the thumb rule is to mitigate by going as close to the source of the attack as possible
    you may also want to read:
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd804e5098.html

  • Cisco ASA support for PBR

    Does anyone know if Cisco has the PBR feature road mapped for future IOS releases or if they are building in new feature sets to load balance 2 different ISP connections much like F5. It seems more and more customers are asking for all in one functionality from their NextGen firewalls and the ASA seems to fall short in this category.

    As of right now, you can do PBR on the ASA when the ASA is in a cluster.  I am uncertain if there will be support for PBR or loadbalancing on a standalone ASA in the future.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html#pgfId-1943033
    Please remember to select a correct answer and rate helpful posts

  • Does cisco router support "tcp reset" mesg when the traffic blocked by access lit ?

    hi ,
    im trying to know if i  blocked a destination with an access list on cisco.
    can i make "tcp-rest " to that connection instead on dropping it ??
    i belive it supported on ASA appliance , but not sure if supported on cisco routers.
    im trying to migrate from linux router to cisco router and apply the same config , one of the challenging task is , i have 
    "reject-with=tcp-reset"
    im wondering if i can do it on cisco router
    waiting ur responce
    regards

    One of the things that keeps me engaged with these forums is that they challenge me and give me opportunities to learn new things. My initial reaction to your question about IPS on IOS router was to say that this is not supported. But I did some research and find that apparently IPS functionality is now supported on some (but not all) of Cisco IOS routers. See this link for additional detail:
    http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html
    HTH
    Rick

  • Does Cisco NAC Support Continuous Posture Assessment ?

    Hi all,
    Cisco does not seem to support continuous posture assessment when running out of band or in band ? What I mean is after authentication during authorization phase I ve been assigned to a role and according to that role I receive a posture result, if that posture result is pass then Ive been evaluated as a healthy end point and receive a Certificate. Then the switchport that I am connected to gets assigned to the corporate VLAN. Afterwards till my certificate expires system will always think that I am healthy.
    Ive gone through 4.8 release notes, it still does not seem to be supported ?
    Any comments are appreciated.
    Dumlu

    I think this is mentioned in the release notes; did you check the following section?
    http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/48/48rn.html#wp1105597
    Regards
    Farrukh

  • Does Cisco NAC support for HP Switches

    Dear all,
                         the existing network has HP switches , is there any way i can deploy Cisco NAC solution here ?
    Pls revert .
    thanks ,

    Cisco NAC has lots of limitations, and surly this is one of them. But while I respect the fact that cisco will not support NAC on HP switches. It can work. And it will perform just fine, once you understand “Cisco NAC” and able to configure it for the first time, you will be able to support it without the need of TAC.
    The idea is that Cisco NAC sends commands to the switches on the network to apply specific access list or Vlan changes, since Cisco can only speak Cisco, it does not know how to tell other switches to do that. . The work around is that you would have the NAC running in in-line mode on your network, yes this will introduce a bottleneck, but that is the only way to do it. The NAC then will look at the traffic based on the MAC or IP and apply set of policies depending on the source or the destinations.
    Please do your research and look at other NAC solutions before you decide the best vendor to go with.

  • Cisco asa support bandwith up to 30Mb

    Dear team
    what type of part number support bandwith up to 30Mb
    thanks

    Hobbe is correct but I would recommend at least going with the newer X series since the older 5510/20/40/50 etc. are soon end of sales. (Announcementt)
    The 5512X is the entry level in that series. Data sheet is here. You need to consider licensing (VPN users, high availability features etc.) and whether you want to do IPS or Context aware security (CX module).
    Your local reseller should be able to help you with these choices.

  • Does Cisco 7600 Support QPPB with QoS?

    Hi,
    The BGP routes can successful marks an IP precedence values by QPPB. But the QoS seems is not working when match the IP precedence. 
    Any help is much appreciated!
    class-map match-all Prec-3
     match access-group 20
     match precedence 5
    class-map match-all allow
     match access-group 20
    policy-map Meter
     class Prec-3
     class allow
    interface GigabitEthernet9/0/0
     ip address 20.20.20.1 255.255.255.0
     media-type rj45
     speed 1000
     no negotiation auto
     bgp-policy destination ip-prec-map
    interface GigabitEthernet9/0/1
     ip address 10.10.10.1 255.255.255.0
     media-type rj45
     speed 1000
     no negotiation auto
     service-policy output Meter
    router bgp 100
     table-map QPPB
     bgp log-neighbor-changes
     network 200.200.200.0
     neighbor 10.10.10.2 remote-as 200
    ip forward-protocol nd
    ip as-path access-list 100 permit 200$
    access-list 20 permit 200.200.200.1
    route-map QPPB permit 10
     match as-path 100
     set ip precedence critical
    Router# show ip bgp
    BGP table version is 3, local router ID is 20.20.20.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
                  x best-external, a additional-path, c RIB-compressed,
    Origin codes: i - IGP, e - EGP, ? - incomplete
    RPKI validation codes: V valid, I invalid, N Not found
         Network          Next Hop            Metric LocPrf Weight Path
     *>  100.100.100.0/24 10.10.10.2               0             0 200 i
     *>  200.200.200.0    0.0.0.0                  0         32768 i
    Router#show ip route 100.100.100.0
    Routing entry for 100.100.100.0/24
      Known via "bgp 100", distance 20, metric 0
      Tag 200, precedence critical (5), type external
      Last update from 10.10.10.2 1d06h ago
      Routing Descriptor Blocks:
      * 10.10.10.2, from 10.10.10.2, 1d06h ago
          Route metric is 0, traffic share count is 1
          AS Hops 1
          Route tag 200
          MPLS label: none
    Router#show policy-map interface
     GigabitEthernet9/0/1
      Service-policy output: Meter
      Counters last updated 00:00:01 ago
        Class-map: Prec-3 (match-all) 
          0 packets, 0 bytes
          5 minute offered rate 0000 bps
          Match: access-group 20
          Match:  precedence 5
        Class-map: allow (match-all) 
          0 packets, 0 bytes
          5 minute offered rate 0000 bps
          Match: access-group 20
        Class-map: class-default (match-any) 
          3908 packets, 261198 bytes
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: any
    Router#

    Command Accounting is a TACACS+ feature so not for ISE....yet.
    However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory.  The notify syslog is what sends it via syslog.
    conf t
    archive
    log config
    logging enable
    logging size 200
    hidekeys
    notify syslog
    end
    wr mem
    Remember, syslog is clear text  :-)  log away from user traffic when possible.  Or use TLS based syslog when possible.
    I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
    Please rate post you consider useful.
    -James

  • Does apple iphone 4s support android

    does iphone 4s support android

    If by "support" you mean can it run android, the answer is no. It only runs iOS. iOS is a great operating system though with tons of great features. http://www.apple.com/iphone/ios/

  • CISCO ASA RECOMMENDATION

    Dears,
    Please provide a recommendation for CISCO ASA as below
    Firewall + Licenses with function below:
    - Work as proxy server
    - Load Balancer
    - Router with support at least 4 server.

    Anyone? ??
    Sent from Cisco Technical Support Android App

  • Cisco ASA - Web Server Publishing

    My requirement is I need to publish 2 Web Servers to internet behind Cisco ASA.
    The users will be using secure https acccess to the Web Server.
    I have only 1 Public IP Address assigned to access both the Web Servers.
    Wanted to know what are the things required in the Cisco ASA firewall.
    1. What type of licenses ?
    2. What type of certificates ?
    3. How can i use a single Public IP to access to both the Web servers. Does the Cisco ASA supports this.
    I dont want any client software on the end users PC.....

    ThanksI do have 2 Public IP address for my 2 servers.That is clear.
    I thought you said you just have 1 Public IP in your first post. Anyways, if you do have 2 Public IPs for each server, then use Static NAT instead of PAT. Use the same commands but without the port information.
    Prior 8.3:
    static (inside,outside) public_ip1 web_server1 
    static (inside,outside) public_ip2 web_server2
    8.3 or later:
    object network web_server1_real
    host web_server1
    nat (inside,outside) static public_ip1
    object network web_server2_real
    host web_server2
    nat (inside,outside) static public_ip2
    Because Application1 will be published to the web server and the web server will be published to internet, the web server is the one to be published through ASA. I am not sure how you use Application1 and how you will publish it to the web server internally so this is out of the scope of my help.
    About Application2's security, the question is, how do you want to achieve security for App2? We have several types of security. Having the ASA infront of Application2, using NAT and using ACLs, this will achieve Access Control. However, if you want to achieve data encryption between internet clients and App2, then you have to consider PKI (or certificates) to achieve this. You also can consider IPsec remote access vpn for the App2 server. It all depends on what security flavor do you like.
    Regards,
    AM

  • Does the Cisco3745 Support TBCT on E1's ?

    Hi, The Cisco 3745 Product documentation states that TBCT supports the National ISDN-2 (NI-2)standard for T1 only. It is unclear whether E1 interfaces are supported.
    I would like to know what the case is. i.e. Does Cisco now support TBCT on E1's on the Cisco 3745.

    I think it is a IOS based limitation and not the Hardware based as TBCT is a standard, it should also be supported in the E1 card.
    Check the below URL for the IOS support.
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_chapter09186a008017cee3.html#1085519

Maybe you are looking for

  • Install CD says my computer can't install Snow Leopard, yet it seems to meet all the requirements

    Hi, I have already checked to see that I meet the requirements in the instructions (and answers on similar questions). I am using a CD direct from Apple of the software (a copy of a 10.6.4 CD). Yet the install CD says it can't be installed on my comp

  • How to enlarge the text in the "email subject/header plane"

    in Thunderbird email, the subject of the email and the email message are in to different planes. No problem enlarging the "message text, words" in the "body" of the email. How to enlarge the "text, font or words" of the "subject" in the subject/heade

  • Crystal Reports 2008 and WebElements

    Hi. It's possible to use "WebElements" with "Crystal Reports 2008"? I try to do want is in the user guide but can´t make it work. Even HTML Preview is not working. Can anyone help me? Thanks in advance. Best regards, Sérgio Martins

  • Make link in e-mail

    Hello, Haven't posted here in a long time because my mac has been trouble free....however, can somebody please tell me why I can't make a link in my e-mails anymore. I used to just copy and paste and then highlight and right click and it gave an opti

  • Error in WP Trace files

    Hi, We are getting the below error in our work process trace files for our SCM 5.1 system Tue Dec 30 17:35:51 2008   ***LOG Q0I=> NiPGetHostByName: hostname 'OPTSERVER' not found: gethostbyname [niuxi.c 1470] At same time, we have system log entries