I Want Buy Cisco ASA Firewall Supporting SIP
Hello Guys I want to buy cisco ASA Firewall , that support SIP and Session Border Controller (SBC) So please can any one tell me the most power full that support this protocols ,, Than you guys
Hi Vijay,
If can be done but you need any network management software. I personally dont think you can ask your ask to send mails. ASA can trigger alert to a SNMP configured server which will intern send mail to you
HTH,
Similar Messages
-
Configure our own Public IP pool on Cisco ASA firewall
Hey everyone,
I need some assistance on the below requirement...Today we have only one internet circuit connected with our external firewall where we are using /26 public IP address for all external traffic. Now we managed to obtain our own subnet (/24) from ARIN and would like to configure on the firewall/internet router for all external services. Is my approach right in order to configure our own subnet on the firewall?
1. Create a dedicated interface on the Cisco ASA firewall for new public pool...if there is no free interface; then virtual interface also should be fine.
2. Make sure an appropriate route towards Internet router ( or create default route towards OUTSIDE interface)
3. Speak to Internet service provider and explain that you are planning to use this specific public IP address on your n/w and ask them to publish in their BGP world with proper prefix#
4.Implement one external static NAT and make sure everything works as expected.
Thanks in advance Network Experts!!!
Regards
VGSYou have the basics. but I do have a couple comments / questions
1. What ASA are you running? If you do not have a free interface and plan to create subinterfaces, you will need to remove the configuration of one of the interfaces, then create subinterfaces and then re-apply the configuration you removed to one of the subinterfaces there...So, why not just overwrite the existing external interface? Also, keep in mind that the ASA does not support two default routes. (though I have heard some rumours that this might be added to the 9.3 release, but I have not had this confirmed)
4. You don't really say what you are going to use this new setup for, but if you are using it for internet then adding just a static NAT will not be enough, you will also need a dynamic NAT.
Please remember to select a correct answer and rate helpful posts -
Hi, I am getting the following error while booting up cisco asa firewall .
Hi,
I'm getting the following error form console when booting up Cisco ASA firewall...
How do we determine the issue if its hardware or software related?
ERROR: Type:2; Severity:80; Class:1; Subclass:3; Operation: 3Dear Ravi,
You are getting the message of time out because you must be loading huge volume of data and BW runs for a specific peroid of time and then it gives a dump with message as processing is overdue.what you can do is first you should drop the indexes of the cube and then you should manually load the data-packets.I think you can again load the failed data package.select the failed data package in the monitor screen.then go to edit(on upper left next to monitor).In Edit select Init update then select "settings for further update" now select that process should be run in the background.Now right click on the failed datapacket and select Manual update.
Hope this works for you.
With Regards,
Prafulla -
Difficulty of moving from Meraki MX to Cisco ASA firewall / IDS
Maybe a region thing. I have had excellent support from my Fortigate re-seller here in the UK. I used Cisco TAC once and have vowed to never use them again. It took them a month to sort out a single CME issue that when I showed it to a colleague took 10 mins to figure out the solution and pretty much showed the TAC solution was just about the worst way to go!
Fortigate also come out ahead of Cisco in the Gartner analysis, so they can't be all bad.
Horses for courses I guess...I'm running a Meraki MX60 and find it underwhelming. It's expensive for what it is, performance isn't great, and I want an SSL VPN.
Would like to move to Cisco ASA, maybe something like a 5512-X.
How difficult is this going to be? I'm technical and know more than nothing about networking, but I'm not a Cisco person. Not afraid to read/learn and use a CLI though.
This topic first appeared in the Spiceworks Community -
Problem Packet Flow through Cisco ASA Firewall
I have a Cisco ASA 5540 8.2(1), with permit ip any any rules
packet-tracer input inside tcp 10.56.149.129 871 10.40.170.10 3003
show
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 1374599592, using existing flow
Result:
input-interface: inside
input-status: up
input-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
if you change the source or destination port, the packet is successfully
clear conn did not help
please tell me how to solve the problem?Hi,
I would suggest sharing the firewall configuration (except for any sensitive information they might have) so troubleshooting this would be easier.
It would seem to me that during your "packet-tracer" test there is already an existing traffic flow through the ASA with the same information that you entered in the command.
I don't know however why the connection would be blocked according to the "packet-tracer". In my own test this seemed to work. Output was otherwise the same but the "connection" wasnt dropped.
- Jouni -
Hi community
Does anybody know which version of TLS is supported on release 8.4?
Thank you all.
Regards
JoseWell, saying 7.0 is supported and 8.0 is recommended is not contradictory, right? :)
If you do spot any real contradictions let me know (or use the "provide feedback" link on the page where you find it).
BTW the you sentence you quote is from the section "Apple IPsec and L2TP/IPsec Clients" so it does not apply to SSL/TLS. Having said that, I would personnaly recommend 8.0 or later indeed (for anything really ).
Herbert -
Dynamic Routing Protocol Support in Cisco ASA Multiple Context Mode
Dear Experts,
Wold like to know whether dynamic Routing Protocol Support in Cisco ASA Firewall Multiple Context Mode. If yes then please provide OS version and Hardware Model of Cisco ASA Firewall. Appreciate the quick response. Thanks.Hi,
Check out this document for the information
http://www.cisco.com/en/US/docs/security/asa/roadmap/asa_new_features.html#wp93116
Its lists the following for software level 9.0(1)
Multiple Context Mode Features
Dynamic routing in Security Contexts
EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing are not supported.
Seems to me you would need some 9.x version to support the above mentioned Dynamic Routing Protocols.
I don't think its related to the hardware model of the ASA other than that it requires a model that supports Multiple Context Mode. To my understanding the only model that doesnt support that is ASA5505 of the whole ASA5500 and ASA5500-X series.
Hope this helps
- Jouni -
Cisco IOS Version to Support SIP Trunking on AS5400 Routers
Hi all,
Kindly help .Can anyone tell me which Cisco IOS Version Supports SIP Trunking on AS5400 Routers ?
Regards,
Cliff .Hi,
Please look at:
http://www.cisco.com/en/US/products/hw/univgate/ps505/products_data_sheet09186a0080091e51.html
http://www.cisco.com/en/US/docs/routers/access/as5350/software/feature/guide/UPfeapu.html
HTH
Jorge Armijo
Please remember to rate helpful responses and identify helpful or correct answers. -
Does Cisco ASA support android ?
Dear all,
Does Cisco ASA 5505 support android ? for smartnet phone and other systerm use anddroid.?
Best Regards,
RechardRechard,
Just adding my two cents:
ASA and Native L2TP-IPSec Android Client Configuration Example
Android and L2TP/IPsec Clients
AnyConnect Mobile License
HTH.
Message was edited by: Javier Portuguez -
Please confirm.. Whether Cisco CCM support SIP trunking !
Hi,
We r in the process of VoIP implementation nd during that phase came to know that Cisco doesn't support SIP trunking at gateway level.. Can anyone suggest me whether it's true or not??? Cisco says its support SIP then what is the meaning of that?? I m really confused with the twisting of words in different docs...Thanks to all of you for your reply...When you say SIP trunking is supported then whether I can use SIP at gateway level towards making outward call.. Sorry if I am getting confused myself but when one says SIP trunking is supported what's the mean of that?? If I have a trunk line(PSTN) and a T1 line acting as a gateway, is it possible to design a network only depending upon SIP protocol using CISCO UNIFIED Components and call manager 5.0 ??
Sorry once again if my question sound something ..... but it just to clear my confusion too as I am listening so many stuff from different people when it comes to SIP overall implementation for a Enterprise network using CISCO Unified communication equipments...
With best regards,
Mani -
Cisco ASA - Web Server Publishing
My requirement is I need to publish 2 Web Servers to internet behind Cisco ASA.
The users will be using secure https acccess to the Web Server.
I have only 1 Public IP Address assigned to access both the Web Servers.
Wanted to know what are the things required in the Cisco ASA firewall.
1. What type of licenses ?
2. What type of certificates ?
3. How can i use a single Public IP to access to both the Web servers. Does the Cisco ASA supports this.
I dont want any client software on the end users PC.....ThanksI do have 2 Public IP address for my 2 servers.That is clear.
I thought you said you just have 1 Public IP in your first post. Anyways, if you do have 2 Public IPs for each server, then use Static NAT instead of PAT. Use the same commands but without the port information.
Prior 8.3:
static (inside,outside) public_ip1 web_server1
static (inside,outside) public_ip2 web_server2
8.3 or later:
object network web_server1_real
host web_server1
nat (inside,outside) static public_ip1
object network web_server2_real
host web_server2
nat (inside,outside) static public_ip2
Because Application1 will be published to the web server and the web server will be published to internet, the web server is the one to be published through ASA. I am not sure how you use Application1 and how you will publish it to the web server internally so this is out of the scope of my help.
About Application2's security, the question is, how do you want to achieve security for App2? We have several types of security. Having the ASA infront of Application2, using NAT and using ACLs, this will achieve Access Control. However, if you want to achieve data encryption between internet clients and App2, then you have to consider PKI (or certificates) to achieve this. You also can consider IPsec remote access vpn for the App2 server. It all depends on what security flavor do you like.
Regards,
AM -
Cisco ASA 5505 Site to Site VPN Problem
Hi All,
We have a site to site VPN with a cisco asa 5505 on one end and a Checkpoint firewall on the other end.
We can establish the vpn tunnel and all users in the remote office are working great. However at a random point during the day or it may even be after 2 weeks of working, the tunnel between the sites automatically fails.
When I dial into the modem which is connected to the firewall I see the following messages in the logs:
Sep 14 2011 16:40:02: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, QM FSM error (P2 struct &0x42314d8, mess id 0xa18dcb12)!
Sep 14 2011 16:40:02: %ASA-1-713900: Group = *.*.*.*, IP = *.*.*.*, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Sep 14 2011 16:40:02: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, Removing peer from correlator table failed, no match!
Sep 14 2011 16:40:14: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, QM FSM error (P2 struct &0x426b988, mess id 0xf0160f94)!
Sep 14 2011 16:40:14: %ASA-1-713900: Group = *.*.*.*, IP = *.*.*.*, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Sep 14 2011 16:40:14: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, Removing peer from correlator table failed, no match!
Sep 14 2011 16:40:02: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, QM FSM error (P2 struct &0x42314d8, mess id 0xa18dcb12)!
Sep 14 2011 16:40:02: %ASA-1-713900: Group = *.*.*.*, IP = *.*.*.*, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Sep 14 2011 16:40:02: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, Removing peer from correlator table failed, no match!
Sep 14 2011 16:40:14: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, QM FSM error (P2 struct &0x426b988, mess id 0xf0160f94)!
Sep 14 2011 16:40:14: %ASA-1-713900: Group = *.*.*.*, IP = *.*.*.*, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Sep 14 2011 16:40:14: %ASA-3-713902: Group = *.*.*.*, IP = *.*.*.*, Removing peer from correlator table failed, no match!
There is nothing in the Checkpoint logs. To solve the issue I have to reload the firewall.
I have checked both firewalls for any mis-matched parameters and do not see any.
Any help is very much appreciated as it is very frustrating for myself and the users in the remote office.
Thanks!Also to note, PFS is enabled on both firewalls. Config on Cisco ASA firewall as follows:
hostname
domain-name
enable passwordpasswd names
interface Vlan701
nameif inside
security-level 100
ip address 10.65.0.69 255.255.255.252
interface Vlan999
nameif outside
security-level 0
ip address ****** 255.255.255.248
interface Ethernet0/0
description Link to Internet
switchport access vlan 999
interface Ethernet0/1
description
switchport access vlan 701
interface range Ethernet0/2 - 0/7
switchport access vlan 2
shutdown
ftp mode passive
dns server-group DefaultDNS
domain-name******
access-list 101 extended permit ip host ****** 172.25.0.0 255.255.0.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 172.25.0.0 255.255.0.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 172.28.0.0 255.255.0.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 172.26.0.0 255.255.0.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 172.16.0.0 255.248.0.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 10.72.0.0 255.255.0.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.224 10.68.2.0 255.255.255.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 10.151.10.0 255.255.255.0
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 host ******
access-list 101 extended permit ip 10.65.0.64 255.255.255.192 ******* 255.255.255.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 172.25.0.0 255.255.0.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 172.28.0.0 255.255.0.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 172.26.0.0 255.255.0.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 172.16.0.0 255.248.0.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 10.72.0.0 255.255.0.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.224 10.68.2.0 255.255.255.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 10.151.10.0 255.255.255.0
access-list nonat extended permit ip 10.65.0.64 255.255.255.192 ******** 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap warnings
logging asdm informational
logging host outside *****
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside) 0 access-list nonat
route inside ******
route outside 0.0.0.0 0.0.0.0 ********
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
snmp-server location **:
snmp-server contact **
snmp-server community shortkey
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set 3desmd5 esp-3des esp-md5-hmac
crypto map CASGMAP 50 match address 101
crypto map CASGMAP 50 set pfs group1
crypto map CASGMAP 50 set peer ********
crypto map CASGMAP 50 set transform-set 3desmd5
crypto map CASGMAP 50 set security-association lifetime seconds 3600
crypto map CASGMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet **** inside
telnet timeout 5
ssh **** inside
ssh **** outside
ssh timeout 5
console timeout 30
management-access inside
dhcpd ping_timeout 750
priority-queue outside
ntp server **
username ***
tunnel-group ******** type ipsec-l2l
tunnel-group ******** ipsec-attributes
pre-shared-key ***
class-map VoIP
match dscp ef
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map General-purpose
class VoIP
priority
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
service-policy General-purpose interface outside
prompt hostname context -
In Cisco ASA Firewall 5510 does the feature content filter come built in?
Posted by WebUser Allyson Buscemi from Cisco Support Community AppHere is a number of Cisco Press book for ASA:
http://www.ciscopress.com/search/index.asp?query=ASA
Cisco ASA, PIX, and FWSM Firewall Handbook, 2nd Edition
Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, 2nd Edition -
LDAP Authentcation on Cisco ASA 8.2(1)
Dear Security Experts,
i am facing an issue while trying to configure LDAP integration on Cisco ASA firewall. The requirement is allow the remote access VPN to specific group defined on AD. When i checked the debug logs " debug ldap 255" , it shows that the authenication is sucessfull with the LDAP server , but the ldap attribute is not getting mapped and because of this reason , the tunnel-group default group policy of "NOACCESS" is getting applied ( vpn simultanous set to zero) that results zero connection.
I confirmed this by changing the value of NOACCESS from zero to one and found that the VPN is getting connected
The name of user account is testvendor that belongs to the group of Test-vendor.
Could you kindly advice me what i am missing in this configuration.Highy appreciated the help on this .
The configuration and debug output is shown below.
SHOW RUN
ldap attribute-map ABC-VENDOR
map-name memberOf Group-Policy
map-value memberOf CN=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
aaa-server ldapvend protocol ldap
aaa-server ldapvend (INSIDE) host 10.1.141.7
ldap-base-dn DC=abc,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=ldapvpn,OU=ServiceAccounts,OU=Abc,DC=abc,DC=local
server-type microsoft
ldap attribute-map ABC-VENDOR
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
group-policy Allow-Vendor internal
group-policy Allow-Vendor attributes
vpn-simultaneous-logins 10
vpn-tunnel-protocol IPSec
dns-server value 10.1.141.7
default-domain value abc.org
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_acl
tunnel-group ABC-AD-VENDOR type remote-access
tunnel-group ABC-AD-VENDOR general-attributes
address-pool vendor_pool
authentication-server-group ldapvend
default-group-policy NOACCESS
tunnel-group ABC-AD-VENDOR ipsec-attributes
pre-shared-key *
Note : I tried the below map-value under the ldap attribute ABC-VENDOR as part of troubleshooting
map-value memberOf CN=Test-vendors,CN=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
map-value memberOf CN=Test-vendors,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
map-value memberOf CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
DEBUG LDAP 255
[454095] Session Start
[454095] New request Session, context 0xb1f296b0, reqType = Authentication
[454095] Fiber started
[454095] Creating LDAP context with uri=ldap://10.1.141.7:389
[454095] Connect to LDAP server: ldap://10.1.141.7:389, status = Successful
[454095] supportedLDAPVersion: value = 3
[454095] supportedLDAPVersion: value = 2
[454095] Binding as ldapvpn
[454095] Performing Simple authentication for ldapvpn to 10.1.141.7
[454095] LDAP Search:
Base DN = [DC=abc,DC=local]
Filter = [sAMAccountName=testvendor]
Scope = [SUBTREE]
[454095] User DN = [CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local]
[454095] Talking to Active Directory server 10.1.141.7
[454095] Reading password policy for testvendor, dn:CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local
[454095] Read bad password count 0
[454095] Binding as testvendor
[454095] Performing Simple authentication for testvendor to 10.1.141.7
[454095] Processing LDAP response for user testvendor
[454095] Message (testvendor):
[454095] Checking password policy
[454095] Authentication successful for testvendor to 10.1.141.7
[454095] Retrieved User Attributes:
[454095] objectClass: value = top
[454095] objectClass: value = person
[454095] objectClass: value = organizationalPerson
[454095] objectClass: value = user
[454095] cn: value = testvendor
[454095] givenName: value = testvendor
[454095] distinguishedName: value = CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local
[454095] instanceType: value = 4
[454095] whenCreated: value = 20111019133739.0Z
[454095] whenChanged: value = 20111030135415.0Z
[454095] displayName: value = testvendor
[454095] uSNCreated: value = 20258545
[454095] uSNChanged: value = 20899179
[454095] name: value = testvendor
[454095] objectGUID: value = ).u>.v.H.6>..u.Z
[454095] userAccountControl: value = 66048
[454095] badPwdCount: value = 0
[454095] codePage: value = 0
[454095] countryCode: value = 0
[454095] badPasswordTime: value = 129644550477428806
[454095] lastLogoff: value = 0
[454095] lastLogon: value = 129644551251183846
[454095] pwdLastSet: value = 129635050595360564
[454095] primaryGroupID: value = 513
[454095] userParameters: value = m: d.
[454095] objectSid: value = ...............n."J.h.0.....
[454095] accountExpires: value = 9223372036854775807
[454095] logonCount: value = 0
[454095] sAMAccountName: value = testvendor
[454095] sAMAccountType: value = 805306368
[454095] userPrincipalName: value = [email protected]
[454095] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=abc,DC=local
[454095] msNPAllowDialin: value = TRUE
[454095] dSCorePropagationData: value = 20111026081253.0Z
[454095] dSCorePropagationData: value = 20111026080938.0Z
[454095] dSCorePropagationData: value = 16010101000417.0Z
[454095] lastLogonTimestamp: value = 129638228546025674
[454095] Fiber exit Tx=719 bytes Rx=2851 bytes, status=1
[454095] Session EndThankyou Jennifer for the responds.
Could you please help me on how to enable "memberOf" attribute on AD to be pushed to ASA for the OU matching.
i have already set the "Remote Dialin" property of user account name "testvendor" in AD as "Allow Access" .It can be shown in the debug output as below.
[454095] sAMAccountName: value = testvendor
[454095] sAMAccountType: value = 805306368
[454095] userPrincipalName: value = [email protected]
[454095] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=abc,DC=local
[454095] msNPAllowDialin: value = TRUE
[454095] dSCorePropagationData: value = 20111026081253.0Z
[454095] dSCorePropagationData: value = 20111026080938.0Z
[454095] dSCorePropagationData: value = 16010101000417.0Z
Is their any other settings that i need to do it on AD ?
Kindly advice
Regards
Shiji -
Tacacs+ access issue with ASA firewall after integrating with RSA SecureID
Hi,
In my earlier post, I raised the same question but let me rephrased it again. I have configured TACACS+ in cisco ASA firewall and able to access . But when I integrated it with RSA secure ID , I am not able to enter in enable mode. It is not accepting enable password nor RSA passcode. I have created enable_15 in ASA , ACS and RSA server but no luck.
Did any one face similar issue with ASA access ?
Rgds
SiddheshHi Siddesh,
In order to help you here, I need to know few things:
1.] Show run | in aaa
2.] When you enter enable password on ASA CLI, what error do you see on ACS > Monitoring and reports > AAA protocols > tacacs authentication > "look for the error message"
3.] Turn on the debugs on ASA "debug tacacs" and "debug aaa authentication" before you duplicate the problem.
~BR
Jatin Katyal
**Do rate helpful posts**
Maybe you are looking for
-
How to use a property in a formula?
Hello I want to use this formula to calculate an account: [F_Fi.H1].[As07]/StrToValue([TTime.H1].CurrentMember.properties("NBMONTH")),SOLVEORDER=200 When processing the dimension, I get an error : [F_Fi.H1].[H1].[#SMM1] an mdx expression was expected
-
Error while opening and creating HFM application (11.1.2.2)
Hi All, I am getting below error message while opening and creating the HFM application in workspace (11.1.2.2). Error while opening Application: An error has occurred in the application. Details The following exception has occurred in ApplicationInt
-
[Solved]output of `watch` doesn't show non-english characters
Using `watch`, the output can only show English characters in Archlinux, but in Ubuntu, it works well. I've googled webs and searched the ArchWiki but to find nothing. Following is the result in my laptop with Archlinux. [six@localhost /tmp]$ uname -
-
INTEGRATED MIC ARRAY RECORDS ONLY NOISE
My laptop is hp dv6 2164 TX. The integrated mic has been working very fine for almost 2 years now. I use it to chat in yahoo messenger. But suddenly it has stopped working. I ve the latest updates, the dafault devices are all correct. The mic doesnt
-
Integrationevent wsdlLocation java client
Hi All, I've read the webservice on demand guide but, I don't have a clue how to do this with the integrationevent webservice. I was able to connect to the pod and get the session id with java (client generated with jdeveloper) but now i struggle how