Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
What is the status of the Cisco Secure Desktop, product-wise? When I search for it on the web, 90% of the results are security vulnerability sites. On CCO, I see it in the product support pages, but no longer see in the product pages. I also am no...
Do the password encryption aes and key config-key commands only encrypt IKE keys? It would be useful if it encrypted other type 7 strings, e.g. tacacs/radius encryption keys.
I am trying to figure out the best place to use NAT in our network. We currently do NAT on the firewall, but I am considering putting it on the network edge in our new design. The main impetus to move it to the edge is ISP redundancy. We are not l...
I have two ACS 1112 Appliances running the latest software (Release 4.0(1) Build 42). Each appliance seems to run fine on its own. However, after setting up and successfully performing replication, the second ACS will not fully reboot. It says CSA...
I am configuring aaa accounting on a Catalyst 3750 running 12.2(25)SEE, but not have the wait-start option; I only have start-stop and stop-only. So I go to univercd and the wait-start option is in the IOS documentation for 12.0 and prior, but does ...
This problem went away after I upgraded to 4.1. If you do upgrade, be sure you apply 4.1.1.23. It includes: CSCsg97429 - TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23, among other things.
We do this by using two network cards. The NIC connected to the SPAN port does the monitoring and a second NIC--connected to a 'regular' port does the blocking. This is also in the Quick Start Guide for Network Agent: "If a switch that supports bi...
Each ISP would have its own router, so the NAT for that ISP's address space would be configured correctly on its router. We would then set the routers up using VRRP or HSRP, so if it failed over, the second router would take over, and it would use t...
Well, forget about the remote agents. The primary appliance has a very basic config. The only things in the network device table are itself and the other ACS. They each have the correct settings and the same key. The backup ACS has no configurati...
