Secure Network Servers (SNS) in ISE version 1.1.4

Similar Messages

• Cisco Identity Services Engine (ISE) Version 1.2: What's New in Features and Troubleshooting Options

  With Ali Mohammed
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about what’s new in Cisco Identity Services Engine (ISE) Version 1.2 and to understand the new features and enhanced troubleshooting options with Cisco expert Ali Mohammed.
  Cisco ISE can be deployed as an appliance or virtual machine to enforce security policy on all devices that attempt to gain access to network infrastructure. ISE 1.2 provides feature enrichment in terms of mobile device management, BYOD enhancements, and so on. It also performs noise suppression in log collection so customers have greater ability to store and analyze logs for a longer period.
  Ali Mohammed is an escalation engineer with the Security Access and Mobility Product Group (SAMPG), providing support to all Cisco NAC and Cisco ISE installed base. Ali works on complicated recreations of customer issues and helps customers in resolving configuration, deployment, setup, and integration issues involving Cisco NAC and Cisco ISE products. Ali works on enhancing tools available in ISE/NAC that are required to help troubleshoot the product setup in customer environments. Ali has six and a half years of experience at Cisco and is CCIE certified in security (number 24130).
  Remember to use the rating system to let Ali know if you have received an adequate response.
  Because of the volume expected during this event, Ali might not be able to answer each question. Remember that you can continue the conversation on the Security community, sub-community shortly after the event. This event lasts through September 6, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Ali,
  We currently have a two-node deployment running 1.1.3.124, as depicted in diagram:
  http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_010.html#ID89
  Question 1:
  After step 1 is done, node B becomes the new primary node.
  What's the license impact at that stage, when the license is mainly tied to node A, the previous primary PAN?
  Step 3 says to obtain a new license that's tied to both node A & node B, as if it's implying an issue would arise, if we leave node B as the primary PAN, instead of reverting back to node A.
  =========
  Question 2:
  When step 1 is completed, node B runs 1.2, while node A runs 1.1.3.124.
  Do both nodes still function as PSN nodes, and can service end users at that point? (before we proceed to step 2)
  Both nodes are behind our ACE load balancer, and I'm trying to confirm the behavior during the upgrade, to determine when to take each node out of the load balancing serverfarm, to keep the service up and avoid an outage.
  ===========
  Question 3:
  According to the upgrade guide, we're supposed to perform a config backup from PAN & MnT nodes.
  Is the config backup used only when we need to rollback from 1.2 to 1.1.3, or can it be used to restore config on 1.2?
  It also says to record customizations & alert settings because after  the upgrade to 1.2, these settings would change, and we would need to  re-configure them.
  Is this correct? That's a lot of screen shots we'll need to take; is there any way to avoid this?
  It says: "
  Disable services such as Guest, Profiler, Device Onboarding, and so on before upgrade and enable them after upgrade. Otherwise, you must add the guest users who are lost, and devices must be profiled and onboarded again."
  Exactly how do you disable services? Disable all the authorization policies?
  http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4EFE5E15B9854A648C9EF18D492B9105
  ==================
  Question 4:
  The 1.1 user guide says the maximum number of nodes in a node group was 4.
  The 1.2 guide now says the maximum is 10.
  Is there a hard limit on how many nodes can be in a node group?
  We currently don't use node group, due to the lack of multicast support on the ACE-20.
  Is it a big deal not to have one?
  http://www.cisco.com/en/US/customer/docs/security/ise/1.2/user_guide/ise_dis_deploy.html#wp1230118
  thanks,
  Kevin

• 10.5.3 Update causes problems saving to networked servers

  From the first paragraphs of an article in ComputerWorld
  Users of Adobe Systems Inc.'s popular design software, including Photoshop and InDesign, have reported that after updating their Macs to the latest version of Leopard, files get corrupted when saved to network servers.
  Apple Inc. had no immediate explanation, but a spokesman pointed to a year-old Adobe warning of potential problems when saving files to network drives.
  On Wednesday, Apple released Mac OS X 10.5.3, an update that fixed more than 100 security vulnerabilities and other problems.
  By the next morning, users were complaining on both Adobe's and Apple's support forums that files created by its CS3 suite applications -- Photoshop is the best known in the bundle -- were being corrupted.
  "Essentially, Photoshop doesn't recognize the files after saving edits on an existing X server, thus ruining your file," said a user named Kevin Moran in a message posted to an Adobe support forum Thursday.
  The complete article is at:
  http://tinyurl.com/52hn8d

  MacWorld reports the same:
  http://www.macworld.com/article/133691/2008/05/adobe.html

• ISE version 1.2 patch 6 release notes

  Hi Everyone,
  I notice that Cisco has released patch 6 for ISE version 1.2 yesterday. 
  I am trying to locate the all the "resolved" issues for patch 6; However, when I look at the ISE release notes
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html#wp407339
  It only shows resolved issues up to patch 5.
  Where can I find the list of "resolved" issues that comes with patch 6?
  Thanks in advance.

  Due to the high demand for patch 6, it was released prior to the release notes.  The Release Notes will be updated within 24 hours.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Satellite A300 - won't connect to WPA secured network

  Help please.... new Toshiba Satellite A300 - running XP professional with atheros AR9281 wireless network adapter (driver 7.6.0.200) won't connect to WAP secure networks, but seems to be fine with WEP and unsecured networks?
  I can connect to my WAP secure network using LAN cable and also if I use an external Netgear wireless adapter, so the problem is definitely with this adapter or driver. I have update bios and tried updating driver, but no luck. Current driver is (I think) most up to date?
  Would be grateful for your help.
  Thank you.

  On the Toshiba website is a newer driver version available (7.6.1.149.1)
  So I would try the new driver.
  Check the Toshiba website:
  http://eu.computers.toshiba-europe.com => Support & Downloads => Download Drivers

• Error on start up - Internal failure - A secure network communication has not been cleaned up properly

  when i start with firefox 4 beta 6 an error message pops up saying internal failure. A secure network communication has not been cleaned up properly. Please explain what does it mean and how can a secure network be established.

  That is [https://bugzilla.mozilla.org/show_bug.cgi?id=588511 Bug 588511]
  You should only get that alert once after you start the 4.0 beta version.<br />
  Be sure to use a separate profile for that 4.0 beta version if you still use the regular 3.6.x version as well.
  See:
  * http://kb.mozillazine.org/Testing_pre-release_versions
  * http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows
  * http://kb.mozillazine.org/Using_multiple_profiles_-_Firefox

• I'd a error message about a security network connection that has not been correctly cleaned up each time I open the browser

  Every time I open the browser an error message pops up, it says:
  "The operation can bot be completed because of an internal failure. A secure network communication has not been cleaned up correctly."
  The main difference I saw is that my home page, a customize igoogle one that needs login, is redirected to the main igoogle page because login is not successful and I had to manually do it. Even if I state to remember me, it doesn't work once I close the browser.

  This is a known bug that will be fixed in beta 7. You should only get that error message the first time after updating Firefox. If you are getting it all the time, are you switching between different versions of Firefox?
  Do you still have an earlier version of Firefox installed, and if you do does it use the same profile as the beta version. If you do that can cause problems since Firefox 4 handles extensions in a different way than earlier versions of Firefox. If you do have 2 versions of Firefox installed, you need to use 2 different profiles.

• GSS API library required to set up a Secure Network Connection (SNC)

  We are working in a project to connect Microsoft ILM to SAP CUA. The goal is to manage Identities in
  SAP CUA by Microsoft ILM.
  The requirement is to make use of an encrypted network connection between the two systems.
  Due to our investigation it looks like that we need to use a SNC (Secure Network Connection).
  To set up a SNC we need a third party GSS API library. Before we can order this GSS API library we need to
  test this in a test environment.
  Our question if there  is a possibility that we can use a trial version of a GSS API library, to set up a test environment?
  Is there another way to setup a SNC in a test environment?
  We are looking for a GSS API Library?
  If you need more information please contact me.

  Hi AndrZegers ,
  This is Supply Network collaboration (SNC) forum and your query looks like more of security.
  You can post your query in security forum.
  Security
  Regards,
  Nikhil

• Spiceworks on a secure network

  I would REALLY like to use Spiceworks to maintain baseline device information on my secure network, but it cannot have any connections to the Internet.  Is there any plan to offer a version that can be installed and run without an Internet connection, even if there is fee to help offset the cost of not having ads?  My company would be quite interested in such a product.
  This topic first appeared in the Spiceworks Community

  Hi,Having problems receiving emails from mailchimp, they're often being blocked as spam, I opened up a support case with Microsoft who initially created a rule which allowed anything from ourdomain.com to bypass the filters... which obviously let lots of dodgy emails through,I got back onto them and they modified the rule to set the SCL to -1 from any of mailchimps IP addresses in the form 205.201.128.0/20198.2.128.0/18
  I've had reports that this still isn't working and looking into it further is seems you can't use CIDR as low as /20 in office 365 rules. I've modified the rule to cover the ranges 205.201.128.1-205.201.143.255 but they're still being blocked.
  Any one got any suggestions on how I can get these emails to stop being blocked ?
  The fail reason says 'Reason: [{LRT={;{LED=550 4.3.2 QUEUE. TransportAgent; message deleted by...

• Cannot connect to the secure network but can to the guest network

  I have three computers in my home, all Apple. One is an iMac with 10.5 installed, another is a powerbook g4 17" with 10.5 installed and the third is an old titanium powerbook g4 15" with 10.4 installed. All of them have the newest versions of software.
  I just bought a new time capsule and that has the newest firmware upgrade installed. I set the time capsule up with a secure WPA Personal network and a guest network with no password. I can connect to the secure network on the iMac and the 17" powerbook but the titanium powerbook cannot even see the secure network or connect to it if I enter it and put in the correct password. However the titanium powerbook can see and connect to the guest network.
  Please help, I need to be able to print from the titanium powerbook to an ethernet printer connected to the time capsule.
  I've tried adding a wireless client with no password in airport utility thinking I could connect the titanium powerbook that way and that does not work either.

  Actually I have figured it out. I guess the titanium powerbooks cannot do WPA encryption, only WEP but I cannot choose WEP in the airport utility nor do I want to. I did find a work around though.
  In airport utility I went to the base station menu and clicked on "equivalent network password" and it shows the WPA password and then something called "WPA Pre-Shared Key". The key is a 64 character password but I tried it on the titanium powerbook and it worked!

• How to unshare /Network/Servers/users-computer.local ?

  Hi
  are there any security issues on /Network/Servers/users-computer.local ?
  Everytime I delete it :sudo rm -rf /Network/* removes the shared stuff.
  But when I log back in I see /Network/Servers/users-computer.local is there again.
  Are who can access my users-computer.local? is it shared via network?
  How do i delete it permanently?
  thanks
  Kilopopo

  You can't. Your single machine is on its own Network, with you as the local user. What you're seeing is normal behavior. There's nothing to worry about.

• Cannot access my own secure network with G4 iBook

  I set up a WPA secure network with a AirPort Extreme Base Station. No problem using it with my G4 iMac. However, when I try to access it with a second computer, a G4 iBook laptop, using the same WPA password I use to access it with my iMac, I get an error message.
  Using the Setup Assistant with the iBook gives me an "invalid password" message. I know it is the correct password. I set it up and I use it with the iMac!
  When the network is unsecured (no password needed) the iBook can access it, no problem.
  Please tell me what I need to do to be able to access my own secure network with my iBook. TIA!

  The only thing I can think of is the firmware for the AirPort card in the iBook, which is version 9.52. I could not find anywhere in Apple's website how to upgrade this. Does anybody know how to upgrade this firmware?
  If there is any firmware update to the card it is done automagically whenever the corresponding AirPort software update is applied. There is no user notification and no way for the user to make updates diretly.

• Data Federator: Access Text file from secured Network Share or Sharepoint?

  Hi,
  I am using BusinessObjects Data Federator Designer XI 3.0 Service Pack 2 - 12.2.2.0 (Build 1002172322) and I'm new to DF.
  I am trying to use the Text File Datasource type to connect to a file on a secured Network Share and from a Sharepoint 2010 document repository. Is this possible?
  I am currently able to use the Text File datasource to read a file from a public network share (
  share\public\folderpath\file) or on the local federator machine using the "Local File" connection but cannot put in a username/password for accessing a secure network share. Is there a built in DF username/password that should be granted access to the share?
  Neiher the FTP File System or SMB Share seemed like it would work here either.
  For the Sharepoint connection, I know that I can make a webservice on a list and connect DF to the webservice, but I want to just connect to the document repository. I was unable to get this to work even with Sharepoint repositories using WebDav since the Local File method did not accept the url string (http://mysite.<org>.com/personal/<user>/Shared Documents). Is there any way to do this without having to change the way the file is exposed on the Sharepoint side?
  How is this normally handled? Put the files on a unsecured network share or on the DF server? Import the files into a DB and just use DB connections?
  Finally, is there a way to import XLS/XLSX files in DF or only CSV files?  I saw DI has an Excel Adaptor but didn't see anything for DF and when I tried it either could not retrieve the XML schema or reading the file's data failed.
  Thanks alot for the help.
  Kerby

  Bump, any help here with Data Federator usage?  Sharepoint, XLS files, or using secured network share?

• How Do I find My Secured Network I Created?

  I have a WUSB54G Router v4.  (hope I am saying this right)
  I had to do a partial sytem restore and now I lost my secured network I created. 
  It is not listed in the available networks on the viewer of site survey.
  Do I need to create a NEW one?  Is there a way to find the one I created?
  I have all the information from when I created it but cannot find it listed.
  Everytime I have to restart my computer I have trouble getting an internet connection.  I have to try several times to find access. 
   Hopefully I am making myself clear
  Thanks

  Usually you can just display the available networks, and your network will be listed, then highlight it, and click on "Connect".
  In some cases, especially if you set "SSID broadcast" to disabled, your network might not be listed as an available network.
  To fix this, do the following:
  First of all, in the router, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
  Also, in the computer, go to your wireless software, and go to "Preferred Networks" (sometimes called "Profiles" ). There are probably a few networks listed. Delete any network named "linksys". Also delete any network that you do not recognize, or that you no longer use.  Also, delete your current network (this will remove any old settings).  Reboot computer.  Return to "Preferred Networks" and re-enter your current network info (SSID, encryption (if any), and key (if any) ). Then select your current network and make it your default network, and set it to automatic login. You may need to go to "settings" to do this, or you may need to right click on your network and select "Properties" or "settings".  Reboot computer.  You should connect automatically.  If you still have trouble, in the computer, temporarily turn off your software firewall, and see if that helps.
  If the above does not fix your problem, download and install the latest driver for your wireless card.

• IPad 2 can only connect to unsecured Wireless network.  It won't connect to my secured network at home or at work

  Two days ago my ipad 2 with (wifi only) will not connect to my secured network even though it show's up as available with a strong signal.  It keeps rejecting my password.  I brought the Ipad to work and the same issue.  However I am able to connect to an unsecured wireless network with no issue.  Is this a network/router issue or an ipad issue?  If it's a network issue what is the fix? calling my internet provider to change router settings?

  - I've used the correct pw (it worked till 2 days ago)
  - I use road runner from Time warner, not sure of the mac address filtering
  -Security is WPA PSK.
  I called road runner to request they remove my pw and see if i can access my wireless if that works which i believe it will then it has to be a security issue.  I'm using a 802.11n wifi access point, if that means anything.