Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm setting up multiple profiles on the Clean Access Manager but I now need to select many (100+) plugins per user role and also change the 'vulnerable if' settings. Is there a way to make a bulk of changes at once (ie: not clicking all plugins but ...
Hi,I'm trying to regulate access of ACS groups to a concentrator: 1 group should only have WebVPN access, another should be able to also use Ipsec. I've tried using user-assigned filters, access-times, group-locking, all to no avail.I don't think I c...
Hi, I'm running two Radius clients (a C3005 and a web-server, i.e. an IETF client) and I want to restrict access of users/groups to them. The problem I have is that when I'm using 'Ip based AR', no matter what I enter (permitted/denied, All Clients o...
I'm trying to set up Radius authentication on a 3015 with an ACS 3.1 server.When testing the authentication, I'm receiving THE FOLLOWING LOG:Authentication rejected: Reason = Group password is not configuredhandle = 27, server = 10.16.10.14, user = t...
Yes, this should be possible. After initial setup you can add additional ACS servers in the CSAgent.ini file.Add the additional ACS servers to the PermitedClients optionMore details can be found at http://www.cisco.com/en/US/products/sw/secursw/ps533...
Not sure if this changed recently, but as far as I'm aware the vpn-domain can not be specified in terms of ports. The line 'permit tcp 10.22.22.0 0.0.0.255 172.16.2.0 0.0.0.255 eq www' is simply invalid.
Hi, the problem is that in this config acl 100 is used to define the vpn-domain ('vpngroup zh01 split-tunnel 100') and can therefore not contain port definitions (ie: "permit/deny ip" is ok, "permit/deny tcp eq x" is not).You can resolve this by doin...
Hi,Thanks for the follow-up, but it's still unclear to me which option I should choose. What could be the defining factor that enables me to permit/deny groups to use either WebVPN or IpSec
Did you find a working solution? I think I'm experiencing the same problem: interface is active but line protocol is down, regardless of pix setting (1000basesx,1000sxfull, 1000auto), while switch-switch config has no problems.Grtz, Joost
