Manually start RADIUS, Authentication and groups for Cisco ASAs

Similar Messages

• – Enable high availability and redundancy for Cisco WAAS

  How this is available
  – Enable high availability and redundancy for Cisco WAAS appliances in data centers.
  Thank you.

  Hi,
  You can serially cluster two WAE devices with the Cisco WAE Inline  Network Adapter installed to provide higher availability in the data  center if a device fails. If the current optimizing device fails, the  inline group shuts down, or the device becomes the overloaded, the  second WAE device in the cluster provides the optimization services.  Deploying WAE devices in a serial inline cluster for scaling or load  balancing is not supported.
  More deatils here: Clustering Inline WAEs
  Hope this helps.
  Regards.
  PS: Please mark this as Answered, if this answers your question.

• Interactive Commands in NetConfig for Cisco ASA

  Hi,
  Maybe anyone knows, does CiscoWorks LMS supports this feature for Cisco ASA or I'm doing something wrong? I've sent interactive command "copy tftp: flash: <R>ip_address<R>asa841-k8.bin<R><R>"  to my ASA using netconfig tool and recived error "Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: copy tftp: flash: ." For Cisco Catalyst it works fine. I have a last version of CiscoWorks 4.0.1.

  No, SWIM doesn't support ASDM upgrades, but what you're doing here is a system software upgrade.  What you might try doing is to increase the telnet timeout for this device.  Unfortunately, that feature is hidden in LMS 4.0, but see this document on how to do that:
  https://supportforums.cisco.com/docs/DOC-15162
  The document talks about inventory collection, but the interface to adjust the telnet timeout is in the same location as the SNMP timeout.  You'll want to time the transfer to know how long to make the timeout.

• How we archieve configuration for Cisco ASA 5500 series appliances

  Hi,
  We need to archieve configuration for Cisco ASA 5500 series appliances.
  We have Cisco works LMS 3.0.1.
  Device package installed is 4.2
  Any help would be appricated.
  Thanks in advance.
  Samir

  Hi ,
  Thanks for your answer.
  Right now we are using TACAS to login in to the ASA. That means we need single username and password to login via
  Cisoworks. Am I correct ?
  Waiting for your reply.
  thanks,
  Samir

• Is it recommend to have a vulnerability scan for Cisco ASA device.

  Dear everyone. 
  I have a doubt on vulnerability scan for Cisco ASA device. Currently we have a vulnerability for network devices include firewall. But after run the vulnerability scan for cisco ASA, found nothing show in the scan report. 
  Is it recommend to have a vulnerability scan for Cisco ASA and will it be defeat the purpose of firewall?

  Do I understand are you asking can you configure the ASA to allow an external user run a scan against the internal network?
  If so, the answer is generally no. The ASA will, by default, not allow any inbound connections (or attempted connections) that are not explicitly allowed in an inbound access-list (applied to the outside interface). In most cases there would also need to be network address translation (NAT) rules configured.
  If you had a remote access VPN, you could allow the external scanner to log in via that, Then they would then have the necessary access to scan the internal systems (assuming the VPN granted access to all the internal networks)

• Security monitoring tool for Cisco ASA

  Please suggest a checp and best security monitoring tool for Cisco ASA devices.

  You can use ossec, open source tool installed on linux:
  http://www.ossec.net/

• What's the difference between 8.0 and 9.3 Cisco ASA software?

  Is anyone show me the link with features of 8.0 and 9.3 Cisco ASA software? And what's the catch?

  9.2(2.8) is what is known as an interim release of the software. Per Cisco interim release notes:
  "They contain bug fixes which address specific issues found since the last Feature or Maintenance release.  The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
  Important:  These images were not fully regression tested.  Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality.  Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available."
  Interim release notes are not generally published on the general product support page but if you go to the downloads page, there is usually a link to the release notes specific to the interim release.
  Here is a link to the ASA 9.2(2.9) interim release notes. They describe the individual bug fixes rolled up in that release.

• Maximum number of connection profiles and group policies for Cisco ASA

  Hi,
  We have a Cisco ASA 5520 running 8.0(2) that we use only for Remote Access VPN.
  Does anyone know how many connection profiles and group policies that are supported on the box? I have not been able to find this in the manual.
  Thanks in advance for your help!
  Best regards,
  Harry

  There is no limit for connection profiles or group policies that can be configured on ASA. However the numbers do depend upon the memory available in the device as the profiles are stored in memory during execution.

• Active Directory Authentication and permissions for user group in APEX 4.0

  Hello,
  I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
  These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
  Help with Authentication (APEX_LDAP.AUTHENTICATE)
  Re: LDAP Authentication Via Groups
  Thanks,
  Tony

  You need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.

• Snow Leopard Finder's Get Info fails to show Owner and Group for some files or folders which reside on a Shared Volume, hosted by G5 Server w/ OS 10.4 - why?

  Frustrations with file permissions abound, as certain co workers are unable to manually determine their level of permission or who to ask to make changes to files and folders belonging to others. Users of Snow Leopard desktop OS get unhelpful feedback via Finder's Get Info, seeing only the permissions listed for "Everyone" and a statement that "You have custom access".  The custom message exists, presumably, because ACL's are employed on the shared volume in an attempt to give managerial control over these volumes to specific users, even if all users can create files and folders on those volumes.
  Shared volumes are partitions of an external RAID which are set up as sharepoints on a G5 tower running Server 10.4.  Other persons in the office, using machines that are running desktop OS 10.5, can correctly see the assigned Owner and Group permissions (although the "custom access" still shows).  This at least lets the 10.5 user know who created a given file or folder, so that they can resolve permissions-restricted issues if they come up (i.e. User A wants to delete file X, but as it was created by User B, A must contact B and have them delete it.  In 10.6 it appears that A cannot determine who B is).
  I know that ACL's are functioning (enabled on the drive) since we have been making use of ACL-granted write privileges for quite a while (and the custom access seems to be evidence too).
  An error I encountered, pertaining to this, is that I used a 10.6 machine to create a working folder, then generated and saved several files in this location.  Expected permissions thus would be Owner = me (i.e. the user I was logged in as), R/W, Group = staff, R only, Everyone = R only.  However, immediately the permissions shown in Finder / Get Info consisted only of Everyone = R only, with no entry for Owner or Group.  Moreover, clicking + to add either an Owner or a Group resulted in error message that I had entered an invalid user or group, even though I typed in correct info (such as trying to add "staff" as a group).

  Frustrations with file permissions abound, as certain co workers are unable to manually determine their level of permission or who to ask to make changes to files and folders belonging to others. Users of Snow Leopard desktop OS get unhelpful feedback via Finder's Get Info, seeing only the permissions listed for "Everyone" and a statement that "You have custom access".  The custom message exists, presumably, because ACL's are employed on the shared volume in an attempt to give managerial control over these volumes to specific users, even if all users can create files and folders on those volumes.
  Shared volumes are partitions of an external RAID which are set up as sharepoints on a G5 tower running Server 10.4.  Other persons in the office, using machines that are running desktop OS 10.5, can correctly see the assigned Owner and Group permissions (although the "custom access" still shows).  This at least lets the 10.5 user know who created a given file or folder, so that they can resolve permissions-restricted issues if they come up (i.e. User A wants to delete file X, but as it was created by User B, A must contact B and have them delete it.  In 10.6 it appears that A cannot determine who B is).
  I know that ACL's are functioning (enabled on the drive) since we have been making use of ACL-granted write privileges for quite a while (and the custom access seems to be evidence too).
  An error I encountered, pertaining to this, is that I used a 10.6 machine to create a working folder, then generated and saved several files in this location.  Expected permissions thus would be Owner = me (i.e. the user I was logged in as), R/W, Group = staff, R only, Everyone = R only.  However, immediately the permissions shown in Finder / Get Info consisted only of Everyone = R only, with no entry for Owner or Group.  Moreover, clicking + to add either an Owner or a Group resulted in error message that I had entered an invalid user or group, even though I typed in correct info (such as trying to add "staff" as a group).

• Calendar View: Unable filter Recurring Event by Start/End Time and Group by Recurring Event View

  Hi All,
  I have just found several issues with Calendar View from WSS 3.0:
  Unable to filter by [Start Time] and [End Time]
  I am not sure why these 2 columns doesn't appear in the Filtering column in the View Settings. The workaround found in the internet is to create calculated column for Start Time and and End Time. However, it doesn't work for Recurring Event, the calculated column will show only first recurring event Start Time.
  Unable to use "Group By"
  When I create new view in Calendar using format: "Standard View, with Expanding Recurring Events", there is no option to specify "Group By". Anyone knows how to show all recurring event in List view and grouped by Start Time (or any other column).
  Thank you and apprecate for any idea.

  Hello,
  I got this from a colleague of mine so I can't take credit for it but here might be a possible workaround:
  1. Create two new Columns called Start Filter and End Filter.  Make these columns Calculated Columns with formulas of [Start Time] and [End Time] respectively.  The columns should be of the Date and Time\Date and Time type and should not be displayed on the Default View.
  2. Click Advanced Settings and choose Yes to the question "Allow management of Content Types" in the Content Types section.  Click OK.
  3. Click on the Event Content Type.  Open the two columns created in step 1 and select "hidden" for both of them.  Click OK.
  4. Back at the list settings create a new view or edit an existing view.  When you get to the filter section choose "Show items only when the following is true" and select the following:
  Start Filter
  is less than or equal to
  [Today]
  And
  End Filter
  is greater than or equal to
  [Today]
  5. Click OK to save the view.
  6. Open the List view web part that is displaying the recently changed calendar and change the view to the newly created or newly edited view.  Click Apply, OK.
  -Aseem Nayar
  This posting is provided "AS IS" with no warranties, and confers no rights

• Authentication and authorization for a custom connector

  I have the following problem: I have a software which tries to connect with the server through its own custom RMI connector.
  So I have the  RMI Connector deployed via Mlet-Service. I have written a small TestClient and can get a RemoteMBeanServer  with RemoteMBeanServer rs = getRemoteMBeanServer(), but if I try to call something like  rs.getMBeanCount() I get :
  com.sap.engine.services.jmx.exception.JmxSecurityException: Caller Guest not authorized, only role administrators is allowed to access JMX
  So the WebAS considers someone who tries to connect with this connector as guest. How do can I get authentication  and autorization to access the JMX parts? The manual seems only to cover JSP and webapplications, where it is possible to configure a role for them. I only have this connector.jar, configuration and mlet-file.
  I still have the option to use JAAS authentication with  this connector, then I have to configure it differently and, the more difficult, to implemend
  a method "public Subject authenticate(Object credentials)" where credentials are two Strings with user and passwd. But I am not quite sure how to fill the Subject with useful information.
  Thanks in advance
  Nils

  Jmx is secured resource and only administrator role user
  can access it.
  If your code is running in a servlet you can define
  the servlet to run as administrator
  1. Add in the web.xml
  <security-role>
     <role-name>AnyName</role-name>
  </security-role>
  2. Add in the web-j2ee-engine.xml
  security-role-map>
     <role-name>AnyName</role-name>
     <server-role-name>administrators</server-role-name>
  </security-role-map>
  If you are runnig from a remote client you just have to
  Properties connectionProperties = new Properties();
  connectionProperties.setProperty(
  Context.INITIAL_CONTEXT_FACTORY,
  "com.sap.engine.services.jndi.InitialContextFactoryImpl");
  connectionProperties.setProperty
  (Context.PROVIDER_URL, "<host:p4port>");
  connectionProperties.setProperty
  (Context.SECURITY_PRINCIPAL, "<ADMIN USER>");
  connectionProperties.setProperty
  (Context.SECURITY_CREDENTIALS, "<PASSWORD>");
  MBeanServerConnection mbsc =
                      JmxConnectionFactory.getMBeanServerConnection(
                           JmxConnectionFactory.PROTOCOL_ENGINE_P4,
                           connectionProperties);

• EIGRP SHA Authentication for Cisco ASA

  Hi,
  I was just wondering if anyone knew if Cisco was going to implement EIGRP SHA authentication in to the ASAs? My organization is migrating from classic to named EIGRP for SHA authentication and right now I'm stuck at the ASA's. Static routing everything just to remove MD5 authentication doesn't sound very fun, if you know what I mean. :)
  Thanks!

  Hello Mohammad,
  I would recommend you to advertise them via EIGRP, better funcionality, escalability,etc,etc,etc.
  Regards

• User Name and Password for Cisco Prime Infrastructure 2.1

  Hi all:
  I am stuck at the login page of Cisco Prime Infrastructure 2.1.
  I have tried using the user name root and its password (when log in with root at Vsphere Client) and also the login user name "before" get into the appliance infrastructure, all cannot work.
  Anybody knows what is the default username or password or any way to set the username and password for this Cisco Prime Infrastructure 2.1 website?
  Thanks!
  tangsuan

  Hi Tangsuan,
  Following is the documented procedure for password recovery..
  In order to modify the GUI root user password, you will need to login to the NCS CLI
  as an admin user, and enter the command
  "ncs password root password <new password>" (without the quotes)
  This should set the web interface root user password :
  http://www.cisco.com/en/US/docs/wireless/ncs/1.1/configuration/guide/manag.html#wp1268889
  If you have lost your CLI password , try the default logging that is  ,
  CLI user is admin and not root, so please try logging in as admin with
  the password that was set during setup. If that does not work , you need
  the install disk that came with the appliance to recover that password.
  Follow these steps:
  Recovering a Lost Admin Password
  If you lose or forget the admin password for NCS appliance, follow these steps.
  Step 1 Reboot the NCS appliance with the ISO DVD inserted. The Cisco Prime Network Control
  System Welcome screen appears:
  ISOLINUX 3.11 2005-09-02  Copyright (C) 1994-2005 H. Peter Anvin
               Welcome to Cisco Prime Network Control System
  To boot from hard disk, press <Enter>.
  Available boot options:
     [1] Network Control System Installation (Keyboard/Monitor)
     [2] Network Control System Installation (Serial Console)
     [3] Recover administrator password. (Keyboard/Monitor)
     [4] Recover administrator password. (Serial Console)
  <Enter> Boot existing OS from Hard Disk.
  Enter boot option and press <return>.
  boot:
  Step 2 Select the desired recovery option, 3 or 4, depending on how you
  are connected to the appliance and then follow the prompts.
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ****

• How do we fetch the top-level users and groups for a particular resource

  Hi Experts,
  I need to fetch the top level users and groups (permissions) for a particular resource, Currently i am able to fetch the effective users list.
  Thanks.

  To elaborate...
  Here we need the users and groups who have direct access to the resource. We dont want to resolve groups.
  Please help us with the apis to use in our java code to fetch the users and groups.