Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am trying to set up ACS to use AD for authentication. I have followed the instructions Cisco gives out, but my test account still fails when I try to log into any network device. I've looked in the ACS logs and it keeps showing "CS user unknown"....
I am having an issue on my 6513 where I can install a QoS policy. I just can't apply the policy to an interfacce. I have tried this a few times, but keep getting the same error.I input this:mls qos map policed-dscp normal-burst 24 26 to 8mls qos m...
Maybe I'm being thick about this. I need to send traffic through a L2L IPSEC tunnel to a remote office location. My issue is this: I need to send a private subnet (10.5.1.0/24) through my L2L tunnel and then NAT that subnet to a public IP. I'm su...
I just installed a 525 at a remote site. I made sure I had a good host name and FQDN in the config. I generated the RSA key pair. SSH statements are there as well allowing access to the inside interface. I was then able to SSH into the box via an...
All the commands are in the new 7.2(2) config:Management-access insideSSH xxx.xxx.xxx.xxx insideI also generated the RSA keyWe try to go through our L2L tunnel and get nothing. Putty just times out. This worked fine as a 6.3(3) box.We're also able ...
Here's a show ver:6513#sh verCisco Internetwork Operating System SoftwareIOS (tm) s72033_rp Software (s72033_rp-PSV-M), Version 12.2(18)SXD6, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2005 by cisco Sy...
Can you reverse the NAT and Global statements like that on the interfaces? I thought you had to use a static statement to go from a lower security level to a higher security level. I haven't seen any examples of that on Cisco or anywhere else. If ...
I need to NAT the private traffic after it comes out of the IPSEC tunnel at my remote site. I'll then route it to an internal (higher security level) interface. I was thinking I could take that subnet and just NAT it to the address of the interface...
On a PIX 535 with the 6.3(3) code you do not need to allow echos in the outside interface. I can go through a L2L IPSEC tunnel and ping the inside interface of my remote PIX just fine. The sysopt permit IPSEC command bypasses the outside ACL. As fa...
I didn't originally. I entered a fqdn and them deleted the rsa key and regenerated a new one. Still can't SSH to inside int, nor ping it even though I have proper icmp statements, SSH statements, and management-access inside statement. Almost like...
