About hwknight53

hwknight53 · 07-31-2008

We are authenticating our systems through dot1x. I also need to be able to authenticate our Cisco admins using the same ACS server. I see how to configure a switch to do both TACACS+ and RADIUS, but I don't see how to setup ACS to allow a switch to u...

hwknight53 · 07-31-2008

Thanks. I started to try that, but I didn't think that it would let me use two different names. That works great. Thanks,Wes

hwknight53 · 12-21-2007

I shouldn't try to answer questions when I'm in a hurry. Sorry.I can't get to our equipment know, so this is off the top of my head. You are right. Only one nat0 is allowed. Rename the second nonat acl. So it should look like:access-list vpn permit i...

hwknight53 · 12-21-2007

No, I don't.Sorry,Wes

hwknight53 · 12-21-2007

Yes, it conflicts. Name the acl "access-list nonat permit ip 10.10.10.0 255.255.255.0 192.168.2.0 255.255.255.0 " to something else.You can use which ever DH group you want as long as both ends support it. Some of the Cisco clients and devices don't ...

hwknight53 · 12-20-2007

Your other problem is that access list 101 is incorrect. You have applied it to the outside interface, so the addresses used must be the global addresses. You have used the local address (10.0.0.1)for the FTP server. The access list is evaluated befo...

Member Since	‎11-27-2007 04:42 AM
Date Last Visited	‎08-18-2017 03:56 AM
Posts	23
Total Helpful Votes Received	17

User Statistics

User Activity

RADIUS and TACACS+ Authentication

Re: RADIUS and TACACS+ Authentication

Re: PIX and ASA VPN question

Re: Cisco switches and 802.1.x

Re: PIX and ASA VPN question

Re: FTP on a nonstandard port