About clausonna

clausonna · 04-23-2015

I'm running ACS 5.5. I have end-users logging in from ASA VPN or Wireless Lan Controllers that hit ACS via RADIUS for authentication. ACS is joined to my Active Dreictory domain to actually authenticate/authorize the end-user connection. Everything ...

clausonna · 04-30-2014

Hi folks,I am trying to determine if it is possible to create custom IPS sigs on the ASA-CX module? Not the ASA + Legacy IPS combo, but the ASA + ASA-CX (Application Detection, Web Filtering, IPS) combo.I couldn't find anything in the docs that said...

clausonna · 01-18-2012

Hi folks,When will IPS 7.1 be supported on platforms other than the ASA 5585 or the IPS 4270-20? ThanksNeil

clausonna · 11-11-2011

Hi folks.A few days ago I had an issue at a remote location where packet loss was observed between the ISP's 2nd and 3rd hop routers. Pings were fine up to our gateway. I thought this would make for an interesting TCL script: specify a particular ...

clausonna · 09-15-2011

Hi folks,How do you deal with a user in a remote (non WAN-connected) office or location that needs to cache their credentials on a corporate laptop? I do not (and cannot) run AnyConnect Start Before Login (SBL) - too many users need to access their ...

Thank you for your fast · 04-23-2015

Thank you for your fast response - but you failed to answer my specific question. I -know- I can create an AD group to be used by ACS for authentication. I want/need to use just an AD OU (organizational unit). I have 5000+ users and a fairly compl...

clausonna · 05-08-2014

Thank you for your response. However my question was targeted towards Intrusion Prevention signatures such as the ones found on the traditional IPS units. I would want the ability to use the various IPS engines such as Atomic IP, HTTP, etc and crea...

clausonna · 04-30-2014

If you want to blacklist a large list of IP addresses (like the SpamHaus DROP list, or other known-malicious sites, for example) then create a custom IP signature in IME. Use the Atomic IP engine and specify the destination IP Address. Use a variabl...

clausonna · 06-07-2013

Hi MaurywindYes you have this correct. I would suggest creating a different custom IPS signature for each blocklist that you plan on using. So perhaps sigid 60000 is "TOR Blocklist" and sigid 60001 is "SpamHaus DROP blocklist" for example.If you ne...

clausonna · 05-31-2013

By 'banned hosts' do you mean a list of external IP addresses that you want to deny any internal users from connecting to? Or do you mean a list of internal systems that you don't want to allow through the IPS unit?If its the former: create a custo...

Member Since	‎01-06-2005 12:04 PM
Date Last Visited	‎08-18-2017 04:00 AM
Posts	177
Total Helpful Votes Received	86

User Statistics

User Activity

ACS end-user authentication to Active Drirectory OU

Custom IPS sigs on NGFW (ASA-CX) IPS solution?

IPS 7.1 support on AIP modules

tcl and traceroute

AnyConnect and laptop Cached Creds for new remote user

Thank you for your fast

Thank you for your response.

If you want to blacklist a

IPS 4550 how import banned hosts list

IPS 4550 how import banned hosts list