Network Access Control

Hi.I would like to see a log summary, in ACS Advanced Administrator there is an icon to display summary and password expired information. But when I push on this icon I receive this message:Server:Accounting request get failedThanks for your help

We have loaded a Windows 2000 Member Server in an NT domain with CiscoSecure ACS 3.0. The CS services are all started with an NT domain admins ID.This system is used to authenticate Internet users (outbound) using TACACS through a PIX firewall.The A...

Hello all,I have a router 2500 running ios version c2500-i-l_112-16.the router is configured as follow to allow telnet session :...enable password *****!line vty 0 4 password ******login...I added the command line "aaa new-model" to check the aaa com...

Can I use a MS certificate server to authenticate PCs going through a 3015 VPN concentrator? The need is to ensure that we only allow approved PCs through the link. Using a shared secret is not enough because an end user that knows the shared secre...

We use the PIX AAA Authentication possibilities to authenticate users.Using virtual Telnet seems to be possible to Log out and more important to change the password on the ACSDoes anybody know if there is a way to do this also via http. Virtual http ...

Hi:I want to use aaa in a pix 525 with tacacs+, my tacacs+ server is a unix server with ACS 2.3.3 ; I had already configured the pix with this commands.aaa-server prueba protocol tacacs+aaa-server prueba (inside) host 192.168.49.151 testkey time...

In a VPN 3000 Concentrator config, what are the ramifications of an unauthorised user knowing the group username and password?I have a situation where a proposed solution has a single group defined, which all users are part of. The group username and...

I have a CVPN3015 and now I want to setup VPN client to authenticate with my AD. Can it be done?CVPN3015 with NT domain (NT4)is OK!

I've seen it mentioned in the install guide that for full TACACS & Radius functionality IOS 11.2 should be installed, but I'm looking for the official, minimum IOS version that is tested and supported with CS ACS NT 3.0. I'm looking for that data as ...

Hi,How to configure an AAA server for PIX VPN remote access? I saw a entry in a sample configuration:"aaa-server partnerauth (dmz) host 192.168.101.2 abcdef timeout 5"Please advise.Thanks,Roger

We face a strange scenario with a VPDN setup. We hold an ACS v2.6 and a c3660 router at the end-point.We need to activate a method to define the "interesting traffic" that will reset the idle-timeout.Let's assume that a remote-user sees A and B.When ...

We have Pix 515E firewall configured to use RADIUS authentication.We need to be able to exclude one website from being authenticated. This website access is only allowed from one trusted source address (see access list below).We use access group to ...

In PIX OS version 6.1, the "aaa authentication" command does not have the option to configur for either inbound or outbound. Is this mean when I configure the aaa authentication command, it's for both inbound and outbound??If it is for both is ther a...

Hi,I just read that downloadble ACL's do not work for VPN users and that it only helps in passthrough authentication. The workaround solution was to define the ACL on the pix and send down the ACL number on the ACS server. I have been lookking throu...

Scenario: Currently have a ACS (3.02) for Win2K, we recently purchased another server (faster) to act as a secondary AAA server.Question:1) Once the initial replication occurs between the old server (primary) to the new server (secondary), are there...