Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm running ACS 5.5. I have end-users logging in from ASA VPN or Wireless Lan Controllers that hit ACS via RADIUS for authentication. ACS is joined to my Active Dreictory domain to actually authenticate/authorize the end-user connection. Everything ...
Hi folks,I am trying to determine if it is possible to create custom IPS sigs on the ASA-CX module? Not the ASA + Legacy IPS combo, but the ASA + ASA-CX (Application Detection, Web Filtering, IPS) combo.I couldn't find anything in the docs that said...
Hi folks.A few days ago I had an issue at a remote location where packet loss was observed between the ISP's 2nd and 3rd hop routers. Pings were fine up to our gateway. I thought this would make for an interesting TCL script: specify a particular ...
Hi folks,How do you deal with a user in a remote (non WAN-connected) office or location that needs to cache their credentials on a corporate laptop? I do not (and cannot) run AnyConnect Start Before Login (SBL) - too many users need to access their ...
Thank you for your fast response - but you failed to answer my specific question. I -know- I can create an AD group to be used by ACS for authentication. I want/need to use just an AD OU (organizational unit). I have 5000+ users and a fairly compl...
Thank you for your response. However my question was targeted towards Intrusion Prevention signatures such as the ones found on the traditional IPS units. I would want the ability to use the various IPS engines such as Atomic IP, HTTP, etc and crea...
If you want to blacklist a large list of IP addresses (like the SpamHaus DROP list, or other known-malicious sites, for example) then create a custom IP signature in IME. Use the Atomic IP engine and specify the destination IP Address. Use a variabl...
Hi MaurywindYes you have this correct. I would suggest creating a different custom IPS signature for each blocklist that you plan on using. So perhaps sigid 60000 is "TOR Blocklist" and sigid 60001 is "SpamHaus DROP blocklist" for example.If you ne...
By 'banned hosts' do you mean a list of external IP addresses that you want to deny any internal users from connecting to? Or do you mean a list of internal systems that you don't want to allow through the IPS unit?If its the former: create a custo...
