Hi I need to create a ASA asdm user who can do read only but also manage an acl from the ASDM interface i.e. role based users with a mainly read only setup but also ideally to be able to just enable/disable (manipulate) acl entries i think this is doable using command privilege levels but so far have not managed to do it can anyone help please? thanks dave
... View more
i have same problem for a C891 ISR router all i can find so far is this:- BUT no part numbers or prices etc THANKS for any help Ordering Q. What products are required for Cisco ISR Web Security with Cisco ScanSafe? A. There are three components required: ● Cisco ISR G2 platform as listed in Table 1 ● Security SEC K9 license bundle for Cisco ISR ● Cisco ScanSafe Web Security service subscription <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<??????????????????????? Q. How is the Cisco ScanSafe service priced? A. The Cisco ScanSafe Web Security service, as a subscription, is priced per user, per month. The price per month varies on pricing bands based on the number of users and the subscription term (12, 24, or 36 months). The number of users is the total number of users across the entire organization, not per site. The pricing calculation is as follows: (Number of users) * (Number of months) * (Cost per month) = Total for subscription Q. How is the user count calculated? A. The user count is the total number of Internet users within the global organization as a whole. A user is defined as an identity that exists within authentication directories. Licensing is not defined per device. There is no per site license subscription.
... View more
Hello http inspection working; but https gets me to the page i am trying to hide.. i can block http://xxx.whatever.com/somewhere_i_want_to_hide/page.html using the documents referenced above owever; if i prepend the url with https:// this bypasses the http inspection on the ASA (V9) now i understand "deep packet" inspection is not possible due to encryption under SSL but why cant the ASA block the access to the page seeing as the top level url is not actually anything but clear text? this is my code snippet that works ok to block the http with "webservices" in it i need to do the same for https:// {blah-webservices-blah} regex blockex1 ".*webservices.*\.svc" class-map inspection_default match default-inspection-traffic class-map type inspect http match-any block-url-class match request uri regex blockex1 ! policy-map type inspect http block-url-policy parameters class block-url-class drop-connection log policy-map global_policy description inspect and block specific http URI requests class inspection_default . . inspect http block-url-policy ! service-policy global_policy global thanks dave
... View more
What is required to replace ACS with ISE in simple terms? I am looking to basically authenticate wired and wireless access against the local/AD) user database via Cisco kit I am thinking all I need is the BASE (perpetual) license rather than the advanced/wireless licenses Is there a limit to how many devices or users the base can deal with in its simplest form. I would also like to be able to push out a splash screen for wireless users during authentication. Can this be done just with the ISE Base License alone for a wireless solution (via WLC with LWAPS or Autonomous APs) thanks dave
... View more
I have WLC 2504 running 7.4.100.0 with a single 1242AG AP single wireless SSID on the WLC an Apple AIRSERVER and an IPAD which should be able to do mirroring to show ipad screen on the pc they have IPs in same subnet and have base connectivity it just wont work! the ipad never sees the airplay server option come up BUT if i move these 2 systems to a cisco autonomous AP. or another commodity wireless LAN and have the 2 systems (pc/ipad) in same subnet it works if i have the pc on wired and the ipad (wireless obviously) this work on the autonomous or commodity AP fine so there is something "different" about using the WLC/LWAP right? i have tried with and without the various multicast options enabled etc please can anyone advise or help? many thanks dave
... View more
Hi George the 2940 is cabable of doing 802.1x I am not sure exactly how to set this up with ISE at this time. I am looking for some documents that explain this so i can use my 2940 to test/familiarise myself with ISE. /dave
... View more
Hello I am a little confused by what I am seeing I had a Asa5510 V8.3.2 It had the default two ssl license allowing two VPN sessions for remote access We added an anyconnect essentials We are able to connect with two anyconnect clients but the third attempt alway fails The asa error says Session could not be established Session limit of 2 reached It's as if the anyconnect is trying to use SSL I have not tried reloading the asa yet Would that help.? Licenses appear ok Anyconnect I enabled Total VPN peer 250 Ssl VPN peer 2 Thanks for any pointers Dave Sent from Cisco Technical Support iPad App
... View more
Sent from Cisco Technical Support iPad App Hi Hashes fine Tried USB Tried tFTP Copy from USB to flash On 5 switches , two upgraded three wont. .... They will recover back to v12 ok No pattern I can see It seems random But there must be some difference in the kit ????
... View more
Sent from Cisco Technical Support iPad App Thanks for the tips But .... Same file works on Two of the five devices ...... Used same FTP I don't see how it could be corrupted ? Will check hashes
... View more
Hi and thanks for the reply I see the following ... Sent from Cisco Technical Support iPad App switch: set IP_ADDR 172.19.100.80/255.255.0.0 switch: set DEFAULT_ROUTER 172.19.1.128 switch: copy tftp://172.19.6.56/c3750e-universalk9-mz.150-2.SE.bin flash:/c3750e-universalk9-mz.150-2.SE.bin ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ Then… ................. File "tftp://172.19.6.56/c3750e-universalk9-mz.150-2.SE.bin" successfully copied to "flash:/c3750e-universalk9-mz.150-2.SE.bin" switch: boot flash:/c3750e-universalk9-mz.150-2.SE.bin Loading "flash:/c3750e-universalk9-mz.150-2.SE.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Then.. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ File "flash:/c3750e-universalk9-mz.150-2.SE.bin" uncompressed and installed, entry point: 0x3000 executing... Boot process failed... switch: Thank you for any help
... View more
Sent from Cisco Technical Support iPad App Hello Trying to get the 10Gbps service module to be recognised requires V15 according to cisco docs Upgrading from V12.2 55 (or .58) fails on some switches I have tried Process fails and I finish up at the switch: prompt I can recover.... The switch can be regressed back to v12.2.55 or .58 But I can't get all of them up to v15 I have tried 5 to date Same methods producing different results 2 worked 3 failed Can anyone help throw any light on this Anyone had similar problems please? Thanks
... View more
Darren I will forward debugs but I am off for a week do there may be a delay Thanks for input Please lookout for the update in ten days or so Many thanks Dave Level 8 Solutions - Building Better Networks www.L8Solutions.co.uk Sent from my iPhone
... View more