Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are configuring ACS for use with external user datbases (e.g., Active Directory) in an environment with multiple domains and no trust between them (multiple business units).- Can ACS access mutliple domains (of the same or different type), with th...
We have a pair of 515 firewalls in a failover configuration (cable not LAN based failover). The firewalls are being upgraded from the current 4 port ethernet to 6 ports - two single ethernet NIC's are being removed and replaced with the 4FE on each ...
New CSA 4.0 implementation, attempting to deploy the initial standard laptop agent kit. Installation of the kit works fine on the client laptop, which includes the installation of the network shim (prompted during interactive installation).During st...
There is some confusion regarding the security settings moving from VXWorks to IOS.Original authentication and encryption settings were leap + tkip (with mic and per packet keying as provided by tkip).Using the CAC conversion tool to migrate to IOS, ...
Encountering an issue with the CSS/SSL Accellerator - when a page is accessed through the ssl accellerator without a trailing "/" on directory entries, a page not found is being encountered instead of a lookup for a configured index page in that dire...
Have you considered segmentation of security events between companies in the MARS appliance? The MARS does not 'segment' events between different organizations (afaik), security events between all hosted companies would be aggregated in the MARS app...
Thanks - long response in replying, but the upgrade to version 4.01 did resolve the problem. Removing the previous version of the CSA agent and installing the new kit resulted in the Shim working fine, no other applications were modified.
LEAP authentication requires Cisco Secure ACS or a CCX-Compliant radius server on the back end (i.e. Funk Steel Belted, Free Radius). IAS doesn't have the CCX extensions and can't process LEAP authentication requests.Additionally, IAS runs on Win2k,...
IDS can be complicated without implementing the system into your overall security approach - as with any control, it should complement other controls (i.e. your firewall), and an overall approach should be developed to IDS implementation. KEEP IT SI...
I don't believe this is possible when the PIX the server next hop and providing the address translation service - a packet cannot be received and sent back out the same interface of a PIX based on the firewall security architecture. Additionally, if...
