Multiple Cisco Security Notice posted in ISC Diary

Similar Messages

• Multiple Cisco Security Manager Servers

  Hello ...
  We have a CSM implementation in Europe to manage European firewalls and are getting ready to install a second unit in the U.S. to manage U.S. firewalls. Is there any capability to connect these two implementations to provide any level of backup or failover? What do we do when the Asia Pacific folks want CSM for their firewalls?
  -Bob

  This reference configuration guide will give you details about the CSM failover.
  http://www.cisco.com/en/US/products/ps6498/products_installation_guide_chapter09186a00806c399c.html

• Deleting multiple devices in Cisco Security Manager

  I imported 200 devices from configuration files in cisco security manager which I need to remove again due to updates in the predeployed configurations...
  Does anyone know how to remove devices without selecting every single one and clicking "delete" or restoring the database? :)
  Thanks!

  Maybe from the common services webpage you could select multiple devices at a time ?

• Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

  Hello Experts,
  I need to rule out that we have affected openSSL version 1.0.1 running on our devices. I need to know what is the version of openSSL that is current on the following platforms:
  Cisco PIX
  Cisco FWSM
  Cisco ISR
  Cisco VPN Concentrator
  I know ASA runs 0.9.8f and I know that PIX and Concentrator are very old, and they might run an older version, however for a security assessment I need to rule those out too.
  Does anyone know what is the version for these platforms?
  Thanks in advance.

  The definitive source is and will continue to be the Cisco Security Advisory. It has already been updated several times today. Please keep checking back to it at the following URL:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
  That said, the Pix and VPN Concentrator development and code release ended prior to the release of openssl with the vulnerability so I would hazard an educated guess that you won't have any problems with respect to this particular vulnerability. THAT said, if you're concerned about security vulnerabilities why are you running products with associated code that has not had other documented bugs and vulnerabilities patched for at least several years?
  The ISR G2 will almost certainly depend on the IOS level and whether you are using any of the ssl-related features.

• Remote desktop connection blocked by cisco security agent

  Hi,
  I have a deployment of a Management Center for Cisco Security Agents 6.0.2 and i just noticed that the agent is blocking the remote desktop connection to the hosts, the agent installed on the server shows me the event but i'm not able to see it logged on the Management Center (i can see logged any other events), i'm not sure what rule should i enable in order to allow this connection.
  Do you have any ideas???
  Thanks in advance...

  Hi,
  Remote desktop connection uses the highest possible security level encryption method between the source and destination.
  In Windows Vista or later versions of Windows, the remote desktop connection uses the SSL (TLS 1.0) Protocol and the encryption is Certificate-based.
  TS Gateway can also make the connection more secure, enhance security, see detailed information in this link
  http://technet.microsoft.com/en-us/library/cc731264(WS.10).aspx
  Don't forget some known offical antii-virus software, they can also protect the connetion from network attack.
  Yolanda Zhu
  TechNet Community Support

• Link does not work for-End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4

  Link does not work for
  End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4
  How do we get Cisco to fix?
  see attachment

  Give it a couple of days - it looks like they just sent out the notification before the notice was published on the public page.
  Once the ACS 5.4 EoS/EoL notice is published you should see it linked from this page.

• Upgrade path for Cisco Secure ACS 4.X Solution Engine 1113 Appliance.

  Hello,
  I am having Cisco Secure ACS 4.X Solution Engine 1113 Appliance, and is running on version Cisco Secure ACS Release 4.1(1) Build 23 and now want to upgarde it to the latest version. Need to know the upgrade path for the same. As per my information ACS 4.1(1) runs on windows server and releases post to 5.X uses Linux. Please guide how can i upgrade Appliance 1113 from 4.1 to 5.x

  Hi,
  Cisco ACS 1113 appliance doesn't support ACS 5.x version. 1113 appliance supports till ACS 4.2.1 version.
  Cisco ACS SE 1120/1121 appliance models are required for ACS 5.x
  The upgrade path for ACS 4.1 to 4.2.1 version can be found in the following link :
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1237189
  Regards,
  Karthik Chandran
  *kindly rate helpful post*

• Cisco Secure ACS

  Hi all,
  With the Base license, a Cisco Secure ACS 5.6 appliance or software virtual machine can support the deployment of up to 500 network access devices (NADs) such as routers and switches. These are not authentication, authorization, and accounting (AAA) clients. The number of network devices is based on the number of unique IP addresses that are configured.
  So, when i have 1 firewall for vpn gateway, and using acs as an aaa server, how much network access device which is counted ? 1 or as many as vpn client connected to the firewall ?
  500 network access device means concurrent connection or not ?

  ACS is based on the number of NADs (Network Access Devices) like switches, routers, ASAs, etc. So in your example, your Firewall will consume 1 license regardless of the total number of VPN sessions. 
  With ISE, the licenses are based on the total number of endpoints. So in your example, each VPN session will take a license. 
  I hope this helps!
  Thank you for rating helpful posts!

• Cisco Security Manager logging

  Hello Experts,
  Can anyone help me, how can i configure CSM 4.0 to capture its logs.
  I want to read logs of Cisco Security Manager itself, so how can i do that & in which location it captures it log file.

  There are multiple server logs (47 of them on my CSM 4.4 setup) all stored on the server itself and accessible from Windows Explorer.
  You will need to RDP to the server and look at the log directory under the path where you installed CSM.

• Cisco Secure Access Control Server Solution Engine OR Cisco Secure Access Server ?

  Which product is really affected, the Cisco Secure Access Control Server Solution Engine which is a hardware applliance with software from 3.2 to 4.2 or the Cisco Secure Access Control Server Software appliance available for installing as a virtual machine into VMware ESX/ESXi 5.0 with 5.X software ?
  Thank you for clarifying
  Best regards
  Marco

  Hi Thomas,
  You can download ACS for windows 4.1 or 4.2 from the below listed link:
  http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval
  For ACS 5.x, please visit cisco.com
  Download software > Security  > Cisco Secure Access Control System 5.x  > Secure Access Control System Software
  HTH
  Regards,
  Jatin
  Plz rate helpful posts-

• Cisco Secure ACS license question.

  On the Cisco ACS server under the internal identity stores… is “users” and “host” counted against the "base server license" or “network device license”?          

  Guess you are running ACS 5.x
  With  the Base license, Cisco Secure ACS 5.3 appliances or software virtual  machines can support deployments of up to 500 network devices  (authentication, authorization, and accounting [AAA] clients). The  number of network devices is based on how many unique IP addresses are  configured. This is not a limit for each individual appliance or  instance, but a deployment-wide limit that applies to a set of ACS  instances (primary and secondary) that are configured for replication.
  The  optional Large Deployment add-on license allows a deployment to support  more than 500 network devices. Only one Large Deployment license is  required per deployment as it is shared by all instances.
  For more info:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/product_bulletin_c25-689829.html
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Cisco Secure ACS v4.x

  Hi
  I am trying to delete all users that belong to a specific ACS group.
  Does anybody know how to delete the entire group (both group settings and all users that reside on this group)?
  Now, I have to delete users one by one.
  BR

  This cannot be done directly from the ACS GUI. To delete users from the ACS server, we have to create a "import.txt" file and then import
  the file through CSUtil on ACS server. The procedure is given below :
  1. Create a "import.txt" file.
  OFFLINE
  DELETE:
  DELETE:
  DELETE:
  DELETE:
  [ username : which you want to delete ]
  2. Save this file in C:/program files/cisco secure ACS v4.2/Utils folder.
  3. Go to the windows command line and issue:
  $BASE\utils\net stop csauth
  $BASE\utils\csutil -i import.txt
  $BASE\utils\net start csauth
  $BASE is the directory where the software is installed.
  Regards,
  Jatin Katyal
  - Do rate helpful posts -

• Cisco Secure ACS 4.0 Solution engine problem

  Hi,
  I have a probleme with a Cisco Secure ACS 4.0 Solution Engine (CSACSE-1113-K9).
  I try to power up the engine, but the light in the power button stay blinking all the time. Anyone have a idea why ?
  Last week, I boot it for the first time (It's brand new), every things goes fine.
  I made " shutdown " then wait the message to press 4 seconds power button to turn it off. This morning, nothing come up.
  I see one thing in the console "Press <SpaceBar> to update BIOS." after that, blank. No bios detection, no harddrive dectection, no windows boot.
  Any idea ?
  Thank you

  No, I'm sur.
  Then we have version 1113 of ACS.
  See: http://www.cisco.com/application/pdf/en/us/guest/products/ps6731/c2001/ccmigration_09186a008068f7bd.pdf
  Page 32(1-8) #2.
  I let the engine off about 6hours after my first post, then I try back. The engine start.
  What can cause this problem ?

• Cisco Secure ACS 4.2 for Windows web-based Admin Console log in problems

  To Whomever Can Assist,
        I am running two deployments of Cisco Secure ACS for Windows 4.2 and I can login into the admin web-console just fine.  However, when I create a new or test user that mirror my configuration that user cannot login to the admin web-console.  The user can login it to devices with the appropriate privileges, but can't administer his/her account within ACS.  This has proven very problematic and needs a remedy.  Thanks for the assistance.

  Bradbryant.dhs,
  Where are you creating the new admin user who should have access to ACS web gui under internal users or administration.
  Internal user and ACS administrator accounts are completely different. 
  Adding administrator account
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/user/guide/ACS4_2UG/Admin.html
  Regards,
  Jatin Katyal
  ** Do rate helpful posts **

• Unauthorized device logging in via Cisco Secure ACS 3.2

  We have the Cisco Secure ACS v 3.2. There is a devices that we recently discovered is not added into the network configuration on the ACS. This device running IOS 12.2(29) does have all of the correct tacacs settings that should allow it to authenticate via Tacacs.
  So basically, the ACS is allowing users to use this device to login, even though it's not in the Network Config.
  When we look at the Logged-in Users report, it show the host name as "Tacacs+ Default". We aren't sure what that is supposed to mean, and why it's allowing it.
  Thank You for your time,
  Andrew

  Andrew,
  Make sure that you not using any Wildcards inplace to IP address in network configuration. Eg using 192.168.*.*
  This will open tacacs request from whole network 192.168
  Also check the passed attempts and check the NAS IP address from the where the request is coming. Search for that IP in network configuration and see if that IP belong to that switch in question. L3 switch can have multiple ip address.
  If that IP belong to that swtich , then you need to take that out from network configuration.
  Regards,
  ~JG
  Do rate helpful posts