Upgrade for NAC to ISE - Config Changes

Similar Messages

• CPP - NAC agent upgrade issue - NAC to ISE migration

  Hi,
  I am currently working on a project to migraate NAC to ISE. Existing version of NACagent running on client macine is 4.8.2.1. CPP is pushing upgarde to required version 4.9.4.3. I can't locate upgrade matrix for this version. Could anyone guide me on this?

  You can directly download the nac agent 4.9.4.3 from the below download link
  http://software.cisco.com/download/release.html?mdfid=283801620&softwareid=283802505&release=1.2&flowid=26081

• SIP stops when upgrading from ASA from 8.4.1 to 8.4(2)8 w/ out config change? Why?

  I have to be missiong something small in my config.
  If I upgrade my ASA 5510 which I am routing and NATing off of, from 8.4.1 to 8.4.2.8, SIP stops. All phones go dead.
  If I roll bck to 8.4.1, SIP comes up.,... Go bck to 8.4(2)8 nd SIP goes down..... 
  This is without mking any config changes.
  I have looked at it so long, I must be overlooking something simple, simple, simple...

  Have spent sIx hours in past 24 w/ Cisco TAC and they have a tin of caps as have I but can't figure out why there is a denial of SIP from inside outside and outside inside to/from sip providers three IP addresses. Have created new access lists, new access groups to allow all 3 ip's in & out, increased timeout, bypassed IPS, have both sip UDP & tcp allowed in/out, specified inspection to approve any any for all sip protocols in/out to/from Lync & mediation and nada.
  To answer another question, yes I'm certain config doesn't change... I reloaded tge same running config from a bkup just to make sure.....
  What I see in the logs coming in/out is the call does make it all the way through the SSM to the ASA..
  What happens there is the head scratcher...
  SiP even though allowed and even though I've specified it to push through inspection On ASA side is denied based on inspection rule...
  I also tried using another one of my (unused) public IPs for only SIP thinking that maulybe there was a core conflict with multiple services NATd to the same public IP but that also did nothing.
  On topology I only have a single location so I'm using my 5510 to route as well...
  Have 1 IIS web server l, SQL, (ports clised except to obe vendor and am allowing via access list by their IP and ipsec,) Exchange, Lync, Ironport, Endpoint and everything else is 80/80...
  Everything is on Server 08r2 w/ exception of web server and two boxes ( one stand-alone & one VM on hyper-v)  I am running Server8 for Microsoft TAP engineering / validation airlift. Neither of those are attached to UC/UM at all...
  I'm using dynect from dyndns for outside network web services and just piggybacking on time Warner metro e for internal (no physical DNS server)
  When I look at caps everything is identical in the tcp and UDP trace even on sip except for the denial...
  Which caps/logs would 'y'all like to see and I'll post em when I get home....
  Is there a link to bug notes Jullio? Is it sip specific? Any possibility of it being just a name/cosmetic big I can force a work around to?
  I recall when Asa first was released I had to specify port 25  allow instead of being able to simply say allow smtp .. That took 2 weeks but it allowed for a work around so whatever I can do/try I'm willing!! Someone may wanna tell TAC if it's a bug because after 6 hours yesterday they are saying there's not a bug... :)
  Thanks all!!!!

• I can't get FaceTime or iMessage to connect, I enter valid password (tested and works for Apple account) and it won't connect. I have checked all settings, upgrades iOS to 8.3 rebooted, changed Apple acount PW still wont connect. My internet connecti

  I can't get FaceTime or iMessage to connect, I enter valid password (tested and works for Apple account) and it won't connect. I have checked all settings, upgrades iOS to 8.3 rebooted, changed Apple acount PW still wont connect. My internet connection is fine Safari works and I can access all sites. I have an iPad 2. Any help on this will be greatly appreciate.  iPad 2, iOS 8.3

  This is an ongoing problem as you will see by searching the forum. 
  Out of curiosity, do you have 2 step verification enabled?  It was recently extended to include iMessage & FaceTime & I'm wondering if it might be causing some of the issues that some users are experiencing.

• I have just upgraded to the iphone 5 and now when I send a text message it says its from astrogirl36@*** instead of my name, that is my name for icloud how do I change this

  I have just upgraded to the iphone 5 and now when I send a text message it says its from astrogirl36@*** instead of my name, that is my name for icloud how do I change this
  <Email Edited By Host>

  You are only as young as you feel......
  This is an example of how you can select the exact content that you want to sync to your device. You do not have to sync the entire iTunes library. You can pick and choose the music, apps, books and so on that you want to sync. This is using music as an example.
  Connect the iPad to the PC and launch iTunes.
  Click on the iPad name on the left side under devices.
  Click on the Music Tab on the right.
  Click on only the albums or playlists that you want to sync.
  Click on the Sync Music Heading.
  Click on Apply in the lower right corner of iTunes
  You can do this with apps, books, movies .... Whatever .... You have the freedom to sync whatever you want.

• I've upgraded my app via iPhone and already paid for it but noting have changed. Who am I suppose to contact with. and how

  I've upgraded my app via iPhone and already paid for it but noting have changed. Who am I suppose to contact with and how?

  Contact the developer of the App.
  Just because an app is updated does not mean it should visually change, the update could simply be bug fixes.

• HT4847 iOS8 uses more space on iCloud for backup than before without changing anything other than upgrading to iOS8... why?

  iOS8 uses more space on iCloud for backup than before without changing anything other than upgrading to iOS8... why?

  Hello westbrkk,
  this is an user-to-user forum, so unfortunately we won't be able to tell you why.

• Upgraded from 3.6 to 7 - changed nothing else - now takes 50-60 seconds to for the browser to start - works OK after that as long as I keep a window open. I then diabled all plug ins and extenstions - still 60 seconds to load browser.

  I upgraded from 3.6 to 7 - changed nothing else - now takes 50-60 seconds to for the browser to start - works OK after that as long as I keep a window open. I then disabled all plug ins and extensions - still 60 seconds to load browser. I also keep getting a high memory warning from AVG with mem usage up to 600,000 k

  I upgraded from 3.6 to 7 - changed nothing else - now takes 50-60 seconds to for the browser to start - works OK after that as long as I keep a window open. I then disabled all plug ins and extensions - still 60 seconds to load browser. I also keep getting a high memory warning from AVG with mem usage up to 600,000 k

• Adding failover ASA back after config changes on "primary" ASA?

  I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time.  Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer.  I disconnected the failover cable because it was complaining about version mismatches constantly.
  Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?

  Hi,
  There should be no problem adding another ASA back to the network.
  Here is what I just did (and what happened) on a rather big customer
  A power fault broke Secondary ASA and it never booted up
  A replacement device was aquired
  The replacement device was 
  Updated to matching hardware setup (mainly memory)
  Updated to same software (OS and ASDM)
  Configured with its physical interface up with "no shutdown"
  Configured with ONLY "failover" configurations (exact configuration ofcourse depends on your setup)
  It was attached to the rack and powered up.
  After boot every interface BUT "failover" was attached to the network (Dont necesarily have to do it in this order) and I checked that every single one was up.
  After everything above was done I connected the failover interface and watched as the devices "noticed" eachother and the Active firewall copied its configuration to the new Secondary unit.
  This was done in a factory environment and all went fine.
  There should be no problems doing this though I personally still prefer doing the replacement by attaching a "blank" ASA with only Failover configurations.
  EDIT: Beeing that I am always paranoid when doing anything like this, I had ofcourse saved the configurations to flash on a separate file for worst case scenario and was ready to boot the original primary unit incase it took in something it wasnt supposed to.
  EDIT 2: In the case where you think the Secondary unit doesnt have the exact configuration of the Primary unit, you can issue the command write standby on the Primary unit to save/copy the COMPLETE configuration of the Primary unit to the Secondary. Think the "write mem" on the Primary unit only updates some changes you have made to the Secondary unit
  - Jouni

• SNMPv3 config changing after reboot

  Whenever one of my C2960's reboot, our Solarwinds monitoring stops working.  I found that this is due to one line of SNMPv3 config changing by itself.  This used to be in the config:
       snmp-server group XXX v3 priv access permit-snmp
  (permit-snmp being the access-list defining ip addresses allowed to query)  After the reboot, snmpv3 stops working and this line shows up in the config instead of the one above:
       snmp-server group XXX v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F
  Is this a bug?  (I did check the bug database, without success.)  I have upgraded the IOS to 12.2(53) SE2 without any success.  The switch is a C2960-24TC-L.

  I had the same problem and believe the issue is that you probably have a trap server configured and are using the same snmp-server group for the trap server and your queries. I created another group for SNMPv3 queries and the configuration no longer seems to get overwritten. Here's what I did.
  Go into config mode and create a group just for the trap server - let's call it TRAPS. I used priv and it looks like that's what you use. Don't worry about defining any MIB views as this group will automatically populate the notifyview once the trap servers below are added to the config. (...and will remove the readview and writeview entries after reboot - that's why a second group is needed). Remove your old trap server entries and set up the new trap server using the new group called TRAPS.
  snmp-server group TRAPS v3 priv
  snmp-server host version 3 priv TRAPS
  Now create another group for queries only - (let's call it QUERIES but you could just use your current group XXX since it's already set up) - I like the v1default MIB view for both reads and writes but you can limit the MIBs with the snmp-server view command. I am using md5 and des56 here - your case may be different - and set up the user (or keep the one you already have configured)
  snmp-server group QUERIES v3 priv read v1default write v1default access
  snmp-server user QUERIES v3 auth md5 priv des56
  Exit and check the config.
  The group TRAPS should have the notifyview set. The group QUERIES should have the readview and writeview set to v1default (or whatever view you chose to enter here). The two SNMPv3 groups should look like this:
  #sh snmp group
  groupname: TRAPS                            security model:v3 priv
  readview :           writeview:
  notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
  row status: active
  groupname: QUERIES                          security model:v3 priv
  readview : v1default                        writeview: v1default
  notifyview:
  row status: active      access-list: 4
  The old trap server entry using the old group XXX should have been removed already. Verify that the user: entry says TRAPS
  #sh snmp host
  Notification host: xxx.xxx.xxx.xxx      udp-port: 162   type: trap
  user: TRAPS     security model: v3 priv
  Finally make sure the user is in the correct group (QUERIES):
  #sh snmp user
  User name:
  Engine ID: xxxxxxxxxxxxxxxxxxxxxxxxxx
  storage-type: nonvolatile        active
  Authentication Protocol: MD5
  Privacy Protocol: DES
  Group-name: QUERIES
  If all is well - write the config. You should now be able to perform a coldstart without losing your SNMPv3 config.
  Please, let me know if this worked for you.

• Using a family upgrade for AT&T.

  So, I'm wanting to get an iPhone and the 4 is $50 cheaper at Best Buy, so I'd love to get it there. However, I'm using my sister's upgrade. I know you can use it at the AT&T store, but can I also use her upgrade for myself at Best Buy?
  Solved!
  Go to Solution.

  When you are going through the upgrade process the screens list what lines you have and what ones are available for upgrades. All you do is tell them what lines upgrade you will be using and they will just use that lines eligibility to upgrade your phone.
  All secondary retail stores such as Best Buy are connected to the carriers systems. Best Buy sees exactly what the carrier sees on their systems. Interfaces may be different but the information is the same. So any changes to the account made at Best Buy is making a direct change on the carriers computers in this case ATT.

• Can i use another storage flash for my apple air mackbook(change from current 128Gb to 256GB without any issue)

  Can i use another storage flash for my apple air mackbook(change from current 128Gb to 256GB without any issue)

  There are some upgrade options available from do it yourself sites.
  See the MBair SSD upgrades on mid way down this page:
  http://eshop.macsales.com/shop/SSD/OWC/

• Blank screen after CPU upgrade for CQ60-119 series

  Hi all.
  The model:
  I recently decide to upgrade my Compaq Presario CQ60-119TU purchased in 2008.
  The upgrades:
  My son will use it to play some games on it. Yes I know - it only has an integrated 4500M graphics chip - but this should be fine for Spore.
  Apart from changing from 2 to 4Gb of Ram I will swap out the 250Gb to a 640Gb hard drive.The CPU is also being swapped out.
  Existing CPU: Intel Celeron T1600 (1M Cache, 1.66 GHz, 667 MHz FSB)
  Replacement CPU: Intel Core 2 Duo T9600 (6M Cache, 2.80 GHz, 1066 MHz FSB)
  The laptop manual states this CPU as the best spec'ed replacement CPU I can put in the laptop.
  Prior to this I upgraded to the lated bios which is F.65. All was working well with the T1600 at this time.
  Problem:
  After replacing the CPU and pressing the power button the laptop boots up briefly for a couple of seconds and then powers off for a couple of seconds. It reboots and stays on (CPU fan is running) but there is nothing on the screen at any time.
  If I replace the old CPU and the machine boots up with the screen displaying text  so video  appears not to be the issue (well ...not broken at least)
  Any suggestions on how to get this CPU to work or is the CPU defective? Thanks in advance.

  Have a look here and you'll see that having the wrong mobo northbridge chipset (not compatible with the FSB of the processor) will cause the T9600 not to work. If you have the GL40 chipset forget trying to get this processor to work with your existing motherboard. If you have the GM45 chipset then your issue is probably something else.
  Don't know what your chipset is? Download the free utiliy CPU-Z and run it.
  FYI - The same model motherboard with the GM45 chipset is a 485219-001. 

• Firmware upgrade for zen mi

  <DIV align=center><FONT color=#ff3300>firmware upgrade for creative ZEN MICRO. HOW ?
  <DIV align=center><FONT color=#ff3300>
  <DIV align=center><FONT color=#ff3300>i have downloaded the creative software upgrade program but didnt know how to us it. Can any one teach mi how to use the program so that i can update my zen micro software. Currently my zen is using the old software just thinking of changing to the new software as my friend say it is better then the old one . Help mi please !! thankxz....:robotsad:

  The upgrade process is listed on the download page (click "show details"). Does this help, and if not what specific problem do you have?

• Firmware Upgrade for Actiontec GT704WG Rev. B Router

  How do I find the firmware upgrade for the Actiontec GT704WG Rev. B Router?  Almost everytime I try to get onto the internet, I have to run the troubleshooter because there is no connection and the final diagnosis is that "The default gateway is unavailable."  Googled and found that it is due to the need for a firmware update for the router but cannot find one on the internet.  Help!!!

  Hi Funrunner
  You didn't say which version of the firmware you are currently running, however the latest firmware for that router is Version
  3.20.3.3.5.0.9.2.14
  Thank you,
  Peter
  Peter_VZ
  Verizon Support
  Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.