Trustsec question
Hello community,
I was wondering if someone can shed any light on this...
We have two buildings which we intend to connect via two different providers (probably metroethernet links). The two buildings will be on the same VTP domain (vlan extension from one building to the other - the providers will implement .1Q tunnelling). The links will be bundled, using etherchannel on 4507 switches - one on each location.
In order to encrypt traffic we were thinking of implementing trustsec between the two switches. As I understand trustsec can only be configured on physical interfaces. As stated above we want to use etherchannel. Is that a problem?
Since the providers' switches are in the physical path between the two sites, do those too fall into the equation? Do they have to be macsec capable or since the traffic will be already encapsulated (.1Q tunneling) they don't care?
Any ideas will be really helpful!
Thank you in advance,
Katerina
MacSec operates on a hop-by-hop basis, therefore in order to implement macsec all the equipment in the path must be managed by us.
So, since we will be going through the providers' metroethernet, macsec seems to be out of the question.
VPLS must be the answer!
Similar Messages
-
This is an opportunity to learn and ask more questions about Cisco Trustsec solution. The Trustsec solution is designed to flatten the network regardless of the access method but still provide fully distributed and differentiated access control no matter whether you are coming from wired or WiFi or remote access, the Trustsec solution provides a consistent access control policy.
Ankur Bajaj is a customer support engineer from the AAA team at the Cisco Technical Assistance Center in Richardson, Texas, USA. He has 14 years of total experience. He has worked on a wide range of Cisco Security Technologies such as Cisco ASA, VPN deployments, NAC solution, ACS and ISE deployment. Ankur has CCIE # 22135 in Security.
Mrinal Jaiswal has been with Cisco since 2007 with previous experience as a software developer. He works with AAA and Wireless Technical Assistance. Mrinal holds a CCIE in security #31389, MCSA in 2003 track, MCAD in .net, GNIIT from NIIT.
Beau Wallace is an engineer for the RTP AAA TAC team, supporting multiple solutions including ISE, TrustSec, 802.1x, ACS, NAC, etc. He attended East Carolina University and lives in Raleigh, NC. He holds CCNP, RHCSA, and Security+ Certifications
This Discussion starts Dec 16th through Dec 19th, 2014
Remember to use the rating system to let the exerts know if you have received an adequate response.
The experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Security community, sub-community, AAA, Identity and NAC discussion forum shortly after the event. This event lasts through December 19, 2014. Visit this forum often to view responses to your questions and the questions of other community members.Hi Marvin, first, you would want to ensure the router or switch you use has support for SG-ACLs and enforcement via:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html
One you know that works, you can configure SG-ACLs with a source or destination on "unknown". This keyword indicates traffic where we cannot discover what SGT should be assigned to that traffic, or in other words, outside the trustsec domain. We use a relatively common command-set on enforcement supporting platforms, take a look at the following link for command syntax:
http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sgacl_config.html
Let me know if the unknown tag was what you were looking for!
Edits: Spelling. -
SGT TrustSec Implementation for Wifi Clients
Hello Experts,
I am in ordering process of new equipments for a project where we need Wireless-PCs connected to Cisco-APs---->Cisco WLC--->Cisco Switch-->>FW Gateway
We also have Cisco ISE for AAA, and SGT assignment
My question is: To be able to assign/classify SGT for wireless-pcs and to further propagate the SGTs to the peer Switch and FW. what exact WLC series I should get ? I have chosen Cisco WLC-2500, is that a correct ITEM ?
Can you please also give me alittle details what really (Inline-SGT-Tagging) means. WLC-2500 does not support that feature, is that really needed for this project implementation ??
Thanks for advices
WaheedNo it won't support Inline SGT tagging
Cisco TrustSec Platform Support Matrix
System Component
Platform
Solution Minimum Version
Solution-Level Validated Version
Security Group Tag (SGT) Classification
SGT Exchange Protocol (SXP) Support and Version
Inline SGT Tagging
SGT Enforcement
Cisco Wireless Controllers
Cisco 5500 Series and 2500 Series; Cisco Wireless Services Module 2 (WiSM2); and Cisco Wireless LAN Controller Module for Integrated Services Routers G2 (WLCM2) (WLC 7500, 8500 and vWLC do not support Cisco TrustSec)
Cisco AireOS 7.4
Cisco AireOS 7.5.102
Dynamic
S v2
No
No
http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html -
TrustSEC - Wired deployment on SGA
Hi Forumers'
I would like to do the POC on TrustSEC Wired deployment.
After review cisco trustsec 2.0 design and implementation guide, i found C6500 at least needed 12.2 (33) SXI7.
My question is current my 2 units C6500 core switch with different IOS version (i have constraint to migrate both to 12.2 (33) SXJ1, because there's legacy MTRJ blade and ACE-10 attach to Device A), in this situation am i still entitle to do SGT Exchange Protocol (SXP)?
Second question for C6500 to support MACsec switch-to-switch, what's the hardware / software requriement to support on this?
Thank
NoelI have deployed ISE in the past with static IPs and did not have any issues as long as the VLAN that was being assigned to the port matches the VLAN that the subnet of the static IP resides in.
What is the behavior of the endpoint and what issues are you seeing?
Thank you for rating helpful posts! -
Trustsec Mac Encryption Between Sites
Hi,
See attached - might make question more clear
we have a layer 2 connection between sites using a local provider for the link. On the remote side is a 3750-X and on the Main Campus side is a 2960. The link is connected via a VLAN. The VLAN interface exists on the Main Campus 5548, core switch
From What I understand, Trustsec cannot be configured on a logical interface but, if we were to configure the logical interfaces as a physical interfaces could we encrypt traffic between the 5548 and the 3750-X?
Even though it would also have to traverse through the 2960 as well?
And traverse the Layer 2 WAN link?
Any other suggestions for accomplishing this?
Thank you, PatNo, it is not supported on the 2960 series. Also, if you want to encrypt traffic between sites, a better solution is to use IPsec tunnel, but you need a firewall or a router in each location.
It doesn't have to be anything expensive if you don't need a lot of bandwidth.
I use these and they work really well.
have a look:
http://www.amazon.com/Juniper-SSG-5-SB-Security-Services-Gateway/dp/B000IZDN88
HTH -
Questions on Print Quote report
Hi,
I'm fairly new to Oracle Quoting and trying to get familiar with it. I have a few questions and would appreciate if anyone answers them
1) We have a requirement to customize the Print Quote report. I searched these forums and found that this report can be defined either as a XML Publisher report or an Oracle Reports report depending on a profile option. Can you please let me know what the name of the profile option is?
2) When I select the 'Print Quote' option from the Actions drop down in the quoting page and click Submit I get the report printed and see the following URL in my browser.
http://<host>:<port>/dev60cgi/rwcgi60?PROJ03_APPS+report=/proj3/app/appltop/aso/11.5.0/reports/US/ASOPQTEL.rdf+DESTYPE=CACHE+P_TCK_ID=23731428+P_EXECUTABLE=N+P_SHOW_CHARGES=N+P_SHOW_CATG_TOT=N+P_SHOW_PRICE_ADJ=Y+P_SESSION_ID=c-RAuP8LOvdnv30grRzKqUQs:S+P_SHOW_HDR_ATTACH=N+P_SHOW_LINE_ATTACH=N+P_SHOW_HDR_SALESUPP=N+P_SHOW_LN_SALESUPP=N+TOLERANCE=0+DESFORMAT=RTF+DESNAME=Quote.rtf
Does it mean that the profile in our case is set to call the rdf since it has reference to ASOPQTEL.rdf in the above url?
3) When you click on submit button do we have something like this in the jsp code: On click call ASOPQTEL.rdf. Is the report called using a concurrent program? I want to know how the report is getting invoked?
4) If we want to customize the jsp pages can you please let me know the steps involved in making the customizations and testing them.
Thanks and Appreciate your patience
-PC1) We have a requirement to customize the Print Quote report. I searched these forums and found that this report can be defined either as a XML Publisher report or an Oracle Reports report depending on a profile option. Can you please let me know what the name of the profile option is?
I think I posted it in one of the threads2) When I select the 'Print Quote' option from the Actions drop down in the quoting page and click Submit I get the report printed and see the following URL in my browser.
http://<host>:<port>/dev60cgi/rwcgi60?PROJ03_APPS+report=/proj3/app/appltop/aso/11.5.0/reports/US/ASOPQTEL.rdf+DESTYPE=CACHE+P_TCK_ID=23731428+P_EXECUTABLE=N+P_SHOW_CHARGES=N+P_SHOW_CATG_TOT=N+P_SHOW_PRICE_ADJ=Y+P_SESSION_ID=c-RAuP8LOvdnv30grRzKqUQs:S+P_SHOW_HDR_ATTACH=N+P_SHOW_LINE_ATTACH=N+P_SHOW_HDR_SALESUPP=N+P_SHOW_LN_SALESUPP=N+TOLERANCE=0+DESFORMAT=RTF+DESNAME=Quote.rtf
Does it mean that the profile in our case is set to call the rdf since it has reference to ASOPQTEL.rdf in the above url?
Yes, your understanding is correct.3) When you click on submit button do we have something like this in the jsp code: On click call ASOPQTEL.rdf. Is the report called using a concurrent program? I want to know how the report is getting invoked?
No, there is no conc program getting called, you can directly call a report in a browser window, Oracle reports server will execute the report and send the HTTP response to the browser.4) If we want to customize the jsp pages can you please let me know the steps involved in making the customizations and testing them.
This is detailed in many threads.Thanks
Tapash -
Satellite P300D-10v - Question about warranty
HI EVERYBODY
I have these overheating problems with my laptop Satellite P300D-10v.
I did everything I could do to fix it without any success..
I get the latest update of the bios from Toshiba. I cleaned my lap with compressed air first and then disassembled it all and cleaned it better.(it was really clean insight though...)
BUT unfortunately the problem still exists...
So i made a research on the internet and I found out that most of Toshiba owners have the same exactly problem with their laptop.
Well i guess this is a Toshiba bug for many years now.
Its a really nice lap, cool sound (the best in laptop ever) BUT......
So I wanted to make a question. As i am still under warranty, can i return this laptop and get my money back or change it with a different one????
If any body knows PLS let me know.
chears
Thanks in advanceHi
I have already found you other threads.
Regarding the warranty question;
If there is something wrong with the hardware then the ASP in your country should be able to help you.
The warranty should cover every reparation or replacement.
But I read that you have disasembled the laptop at your own hand... hmmm if you have disasembled the notebook then your warrany is not valid anymore :(
I think this should be clear for you that you can lose the warrany if you disasemble the laptop!
By the way: you have to speak with the notebook dealer where you have purchased this notebook if you want to return the notebook
The Toshiba ASP can repair and fix the notebook but you will not get money from ASP.
Greets -
Question regarding NULL and forms
Hi all, i have a survey that im working on that will be sent via email.
I'm having an issue though. if i have a multiple choice question, and the user only selects one of the choices, all the unselected choices return as NULL. is there a way i can filter out anytihng that says "NULL" so it only shows the selected options?
thanks.
here is the page that retrieves all the data. thanks
<body>
<p>1) Is this your first visit to xxxxxxx? <b><%=request.getParameter("stepone") %></b>
</p>
<p> </p>
<p>2) How did You Learn About xxxxxxx?</p>
<p><b><%=request.getParameter("steptwoOne") %></b>
<br>
<b><%=request.getParameter("steptwoTwo") %></b>
<br>
<b><%=request.getParameter("steptwoThree") %></b>
<br>
<b><%=request.getParameter("steptwoFour") %></b>
<br>
<b><%=request.getParameter("steptwoOther") %></b>
</p>
<p> </p>
<p>3) What was your main reason for visiting xxxxx?</p>
<p><b><%=request.getParameter("stepthreeOne") %></b>
<br>
<b><%=request.getParameter("stepthreeTwo") %></b>
<br>
<b><%=request.getParameter("stepthreeThree") %></b>
<br>
<b><%=request.getParameter("stepthreeFour") %></b>
<br>
<b><%=request.getParameter("stepthreeOther") %></b>
</p>
<p>4) did you find the information you were looking for on this site?</p>
<p><b><%=request.getParameter("stepfour") %>
<br>
<b><%=request.getParameter("stepfourOther") %></b>
</b></p>
<p>5) Do you plan on using this website in the future?</p>
<p><b><%=request.getParameter("stepfive") %></b></p>
<p>6) What is your gender</p>
<p><b><%=request.getParameter("stepsix") %></b></p>
<p>7) What is your age group</p>
<p><b><%=request.getParameter("stepseven") %></b></p>
8) Would you like to take a moment and tell us how we can improve your experience on xxxxxxxxxx?
<p><b><%=request.getParameter("stepeightFeedback") %></b></p>i was messing around and came up with this. it doesnt remove the null, but if it is null it adds ABC beside it. so i think i might be getting close. i just need to figure out how to replace the null.
code]
<b><%=request.getParameter("steptwoFour") %></b>
<% if (request.getParameter("steptwoFour") == null ) {
%>
<% out.print("abc"); %>
<% }
%> -
How do I remove Overdrive books from the library that were downloaded onto my computer then transferred to my iphone? The problem is that they do not show up in iTunes.
I see this question asked a lot when I google, but they always give answers that assumes you can find the books in iTunes either under the books tab, or the audio books tab or in the music. They do not show up anywhere for me. They do not remove from the app like the ones I downloaded directly onto my iphone.the related archived article does not answer it either. I even asked a guy working at an apple store and he could not help either. Anybody...?
Thanks!there is an app called daisydisk on mac app store which will help you see exactly where the memory is focused and consumed try using that app and see which folders are using more memory
-
Hello, i have a basic question. if i have defined 2 fields in a cube or a dso:
Name Quantity
and from the external flat file i get some characters for my quantity field. would my load fail? for standard dso and for write optimized?
NOTE: quantity field is a keyfigure defined as numeric.
and the load coming in has "VIKPATEL" for Quantity field and not numbers.
thanksHi Vik,
Yes, the load will fail.
May be you coud first load this data into BW (into PSA) and set both fields as characters fields. Then you can create DSO, do transformation from this PSA to the DSO, and put your logic as to what do you want to do with those Quantity that is not number (e.g. convert to 0, or 'Not assgined', etc).
You can use transfer rule, or a clean up ABAP code in the start routine.
Hope this helps. -
Mid 2010 15" i5 Battery Calibration Questions
Hi, I have a mid 2010 15" MacBook Pro 2.4GHz i5.
Question 1: I didn't calibrate my battery when I first got my MacBook Pro (it didn't say in the manual that I had to). I've had it for about a month and am doing a calibration today, is that okay? I hope I haven't damaged my battery? The calibration is only to help the battery meter provide an accurate reading of how much life it has remaining, right?
Question 2: After reading Apple's calibration guide, I decided to set the MacBook Pro to never go to sleep (in Energy Saver System Preference) and leave it on overnight so it would run out of power and go to sleep, then I'd leave it in that state for at least 5 hours before charging it. When I woke up, the light on the front wasn't illuminated. It usually pulsates when in Sleep. Expectedly, it wouldn't wake when pressing buttons on the keyboard. So, what's happened? Is this Safe Sleep? I didn't see any "Your Mac is on reserve battery and will shut down" dialogues or anything similar, as I was asleep! I've left it in this state while I'm at work and will charge it this afternoon. Was my described method okay for calibration or should I have done something different?
Question 3: Does it matter how quickly you drain your battery when doing a calibration? i.e is it okay to drain it quickly (by running HD video, Photo Booth with effects etc) or slowly (by leaving it idle or running light apps)?
Thanks.
Message was edited by: Fresh JFresh J:
A1. You're fine calibrating the battery now. You might have gotten more accurate readings during the first month if you'd done it sooner, but no harm has been done.
A2. Your machine has NOT shut down; it has done exactly what it was supposed to do. When the power became critically low, it first wrote the contents of RAM to the hard drive, then went to sleep. When the battery was completely drained some time later, the MBP went into hibernation and the slepp light stopped pulsing and turned off. In that state the machine was using no power at all, but the contents of your RAM were still saved. Once the AC adapter was connected, a press of the power button would cause those contents to be reloaded, and the machine would pick up again exactly where you left off. It is not necessary to wait for the battery to be fully charged before using the machine on AC power, but do leave the AC adapter connected for at least two hours after the battery is fully charged. Nothing that you say you've done was wrong, and nothing that you say has happened was wrong.
A3. No, it does not matter. -
Jabber/WebEx Connect SSO Questions
I've got a few questions around exactly what needs to be done to get SAML working for our Connect accounts to successfully authenticate from Jabber for Windows, Mac, iPhone, and Android.
We have both a Meeting Center and Connect account under WebEx using Loose Coupled Integration. Just this past week I enabled SAML for our Meeting Center accounts which went off without a hitch with the exception of Meeting Center integration with Jabber, which is now broken with a message about SSO enabled Meeting Sites not being supported (I think this would maybe be fixed if we had Tight Coupled Integration with our two account?).
Anyway, my questions are...
For Windows, I understand all clients will need to be reinstalled with the MSI argument for the SSO_ORG_DOMAIN switch I've read about, is that correct? Are there any other switches needed for the reinstall?
How will this work with the Mac and mobile clients? There's obviously no command line options to specify for the installations here, will they just know to kick over to my IdP for authentication once they see an email address that falls under an org with SSO enabled? If so, why does the Windows client need to be completely reinstalled and not just know to find the IdP from the Cloud Connect service like Meeting Center does with the Productivity Tools?
We're just doing this for our Connect Web IM accounts, not attempting any sort of SSO with the phone accounts/UC integration yet.
Any ideas on getting the Meeting Center integration into Jabber working again?I'd suggest posting your question over on the Jabber Pilot forum, as this forum is specific to Jabber Guest questions:
https://supportforums.cisco.com/community/4551/jabber-pilot-support
-jim -
Every time I try to download an app it tells me I need to update my security questions, but once I click to make the questions the box goes white. So I'm not sure how to fix it
The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.
-
Hi All
The question is pretty simple. I can successfully connect to my ASA 5505 firewall via cisco vpn client 64 bit , i can ping any ip address on the LAN behind ASA but none of the LAN computers can see or ping the IP Address which is assigned to my vpn client from the ASA VPN Pool.
The LAN behind ASA is 192.168.0.0 and the VPN Pool for the cisco vpn client is 192.168.30.0
I would appreciate some help pls
Here is the config:
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password J7NxNd4NtVydfOsB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.0.11 EXCHANGE
name x.x.x.x WAN
name 192.168.30.0 VPN_POOL2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address WAN 255.255.255.252
interface Ethernet0/0
switchport access vlan 2
<--- More --->
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa724-k8.bin
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list nk-acl extended permit tcp any interface outside eq smtp
access-list nk-acl extended permit tcp any interface outside eq https
access-list customerVPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 VPN_POOL2 255.255.255.0
access-list inside_access_in extended permit ip any any
access-list VPN_NAT extended permit ip VPN_POOL2 255.255.255.0 192.168.0.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_POOL2 192.168.30.10-192.168.30.90 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (inside) 10 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 10 access-list VPN_NAT outside
static (inside,outside) tcp interface smtp EXCHANGE smtp netmask 255.255.255.255
static (inside,outside) tcp interface https EXCHANGE https netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group nk-acl in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
snmp-server host inside 192.168.0.16 community public
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd dns 217.27.32.196
dhcpd address 192.168.0.100-192.168.0.200 inside
dhcpd dns 192.168.0.10 interface inside
dhcpd enable inside
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy customerVPN internal
group-policy customerVPN attributes
dns-server value 192.168.0.10
vpn-tunnel-protocol IPSec
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value customerVPN_splitTunnelAcl
default-domain value customer.local
username xxx password 8SYsAcRU4s6DpQP1 encrypted privilege 0
username xxx attributes
vpn-group-policy TUNNEL1
username xxx password C6M4Xy7t0VOLU3bS encrypted privilege 0
username xxx attributes
vpn-group-policy PAPAGROUP
username xxx password RU2zcsRqQAwCkglQ encrypted privilege 0
username xxx attributes
vpn-group-policy customerVPN
username xxx password zfP8z5lE6WK/sSjY encrypted privilege 15
tunnel-group customerVPN type ipsec-ra
tunnel-group customerVPN general-attributes
address-pool VPN_POOL2
default-group-policy customerVPN
tunnel-group customerVPN ipsec-attributes
pre-shared-key *
tunnel-group-map default-group DefaultL2LGroup
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:a4dfbb82008f78756fe4c7d029871ec1
: end
ciscoasa#Well lots of new features have been hinted at for ASA 9.2 but I've not seen anything as far as an Engineering Commit or Customer Commit for that feature.
Site-site VPN in multiple context mode was added in 9.0(1) and I have customers have been asking for the remote access features as well.
I will remember to ask about that at Cisco Live next month. -
New to Apple, questions about using Windows, and other things
Hello all,
Today is my first day as an Apple owner. It's funny because I'm also a MCSE, MCSA, and MCP.
I purchased a 24" iMac, 2.8GHz, 4GB RAM, and 1TB Hard Drive.
I want to use Windows on my Mac so that I don't have to keep switching over to my PC. My main reason for using Windows is so that I can continue to enjoy my PC Games... mostly racing and D&D games.
So my question is... how does Windows run on bootcamp? Can I still use all of my USB controllers (like my steering wheels, joysticks, etc?)
I really havent even turned on my iMac... been too amazed at just looking at it for the first day (and also rearranging my home office).
I really just want to know from those of you who have PCs AND Macs, if you still find yourself having to go back to your PC because of incompatibilities or performance issues on the iMac?Using BootCamp, your Windows experience is no different than if running it on a similarly configured PC. If you went with a VM running under Mac OS X (like VMWare or Parallels), there are a number of differences. However, using BootCamp you have a Mac-branded PC.
I'd point out that people have been dual-booting operating systems in this fashion for decades. Windows has no obvious in-built support for doing so, but other operating systems (like Linux, FreeBSD, etc.) have always very clearly and explicitly supported dual-booting (on Macs and regular PCs) from the get go.
Maybe you are looking for
-
Badi for contact person creation of isa user admin
Hi fnds, I am creating a new custom field on isa user admin app of b2b. Now when i create a contact, the FM CRM_ISA_UA_IUSER_CREATE is been called. I am planning to pass this custom value to extension table of this FM. Now can u tell me a badi which
-
I see that my Thunderbird account listings (in the leftmost column) are alphabetical. I want to move the bottom listing to the top. Is this possible? I'm using Windows 7. Oh, and did I mention Happy New Year?
-
My Quicktime 7 is No longer able to play HD trailers online, or D/L them
Please Help OK, so, I have always been an avid user of my Quicktime Pro to watch the HD (720p & 1080p) off-line. Actually it was the only way to watch them. Recently, any trailer on the trailers.apple.com site, Will NOT play or d/l when I click on "W
-
I can see my stbeehive workspaces so that it is easier to manage the moving of documents between one folder and another. But I am not able to configure beehiveonline content. Can someone help? Thank you Chiara
-
hey guys. hopefully someone can help me out here. I have an iPad mini that I've had for a year now. Up until about 3 months ago everything was working fine, now for some reason my iPad intermittently disconnects from wifi while streaming. a little a