Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,Was wondering of somebody could help me. I have deployed NAC for a customer, however some users that are to access the network remotely (behind ASA remote access) use an Anti-Virus unsupported by NAC.What is the best way to build a rule to policy...
Hi,Was wondering if someone could help me - I have a customer with 2 x 6500 / sup 720's (single sup in each). They have both recently started to display the following errors in the log and then reboot:4d22h: %CPU_MONITOR-SP-6-NOT_HEARD: CPU_MONITOR ...
Hi,I'm trying to get ACS to force users into a particular group when they authenticate on a VPN Concentrator. I have set the Class IETF attribute 25 and set OU=<groupname>;However when i try to authenticate the debugs on the VPN3K say 'OU=<groupname...
Hi,I was wondering - is there any way when configuring ACS for Radius Proxy into Vasco that particular usernames in Vasco can be mapped to ones in ACS in order to apply attributes to only certain people?My understanding so far is that if ACS cannot f...
Hi,I'm having a little trouble getting a DMVPN up using a host that is behind a NAT device. It looks as though with my version of IOS i need to use IPSec tunnel mode, but the NHRP registeration on the hub shows the Real address of the spoke and not t...
Hi Mohammed,No, it will deny only the single connection from the host. But the host will then create a new connection and that will then be blocked (if it fires a signature rule). if the connection to the internet is legitimate this will not be bloc...
Hi Mohammed,Ideally your customer needs to check his machines. The signature can be disabled purely for these hosts, but i wouldn't recommend that as it defeats the point of having the IPS in place.He ideally needs to check his hosts for viruses Th...
Hi Mohammed,Ok - and so what is the source address of the attacker? Is it the internal hosts? one host or many and where are they trying to scan?Thanks
Hi Mohammed,This requires a bit more information.Are thee users based on the inside network and they are browsing the internet?Can i ask which signatures the IPS is firing?ThanksAndy
