Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, i have a query about access lists. When an access-list is removed from a VLAN should all packets from that VLAN then be blocked ? I tried this yesterday but a tcp session continued, however when I tried the same thing on another vlan the tcp sess...
hi,I have 2 cisco and I want to make all requests go to ccs1 contnet vip address unless it is unavailable.I have configured dnsbalance preferlocal under the owner of ccs1 and no dnsbalance under the owner on css2. However nslookup still returns the v...
Hi, I have implemented RSA secure ID with our remote access setup and I cannot get the VPN client to prompt for next tokencode. It always prompts for username/password so the user doesnt know they are in next token mode. We are using vpn client 4.8/p...
Hi, currently our cisco vpn connections to our pix are authenticated by our TACACS server. I am trying to implement RSA secure ID by using the ACS as an agent. This part works fine, when I did a test authencation with rsa it asked to me create a pin....
Hi thanks for your reply and your example. When I telnet to my pix I dont get the new pin prompt, the VPN client 4.8 does though which is weird ? What version of vpn client are you using ?thanksNicky
I have just upgraded my testpix to 722 and looks like this has resolved the issue. I did a telnet and got the pin prompt, yehh!! cant test the vpn yet though as this is on a live pix which i cant upgrade.thanks for your help with thisnicky
good news is, the tactest worked exactly as it should with the new pin prompt. Thanks for that.not sure what to do now, my telnet to my pix is also not displaying the correct prompt. Just username and password (the password works once I have created ...
Thanks very much for the reply. I will try following your steps. Howvever, I have now configuring my pix vpn to authenticate directly to the rsa server instead of tacacsaaa-server testrsa-native protocol sdi reactivation-mode timedaaa-server testrsa-...
