ACS ping problem

Similar Questions

• Intel 5300 in T400 high Ping problem!

  I bought a laptop T400 with a wireless card intel 5300 a few days ago, and I have installed the latest driver from intel which is v12.1.2.1 for 32-bit vista.

  I tried ping the gateway of my house, then feedback between 300-500 ms, sometimes going to 900msand sometimes the sound directly outdoors. I also tried to use my other card USB wireless to test this problem on T400, then it was fine, feedback constantly 206ms.

  IM using vista 32 bit with SP1, and I tried to reinstall vista as well and test without any software, then same problem.

  but, on my other pc, PING feedbacks are very good, constantly 206ms, if someone knows what's the problem? THX

  Check your 5300 card power management settings and make sure they are all set for maximum Performance.

  See you soon,.

  Bill

• Internal Hostname Ping problems

  Running on my internal network (just a plain jane workgroup) that does not connect.

  When I Ping any machine on my network from another machine on my network, he decides:

  hostname. Linksys.com (a random IP address)

  Request Timed Out

  Request Timed Out

  Request Timed Out

  Request Timed Out

  I know I should get (hostname) (ip address of the router assigned) 192.168.1.100

  Reply from 192.168.1.100

  Setting of the router is causing this problem?   Using the RV042.

  The RV042 now reports to the Cisco Small Business Support Community.

  For discussions concerning this product, please go here.

• The ACS installation problem

  I have problems reinstalling a server ACS (4.0 on Win 2003).

  I get a lot of error messages like:

  "Failure of line 194, CryptAqquireContext... V:\ismg_israel_acs\Acs\Crypto\init.c. »

  I have no disk called V currently mapped, and the name of this directory is certainly not familiar. It does not exist on this server at all.

  I used the same setup files on the other servers before without any problem.

  I also searched the registry for some of the channels in the error message, without finding them.

  It's really giving me a headache!

  If all goes well there's someone in the community who can help me on this.

  Hello

  Do not own you the V: drive. This is the location on the server where ACS has been compiled in this build.

  This could be due to a partially broken uninstall a previous version of ACS. You can try to get your hands on the clean utility (on the cd)?

  Or make one? findstr /I CiscoSecure *. * ? in your Application Data\... Microsoft... \Crypto\RSA\... and delete the file with the text of Cisco Secure container.

  Then you should be good to go.

• ACS report problem

  Hello...

  I have GBA 2.6 (4) 4 and all the problems are happening:

  Authentication and authorization of the NAS work normally, but the accountants do not work properly. If I use accounting only exec, in the report connected' GBA users appears; OK, if I add the accounting level 0, 1 or 15 commands, users appears in the report is 'connected', but if I use any command (enable, show..., debug, etc.) users disappears in the report and that commands are presented in TAC + administration. I tried using ACS 3.1 and accounting works normally.

  Is this a BUG? If not, why I solve this problem?

  the configuration of my equipment is:

  ======

  Cisco IOS 2620 (C2600-I-M), Version 12.1 T7 (5)

  ======

  Console rate-limit logging 10 except errors

  AAA new-model

  AAA authentication login default group Ganymede + local

  AAA authentication ppp default to group Ganymede + local

  authorization AAA console

  default AAA authorization exec group Ganymede + none

  default network AAA authorization group Ganymede + none

  AAA accounting update newinfo

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 0 arrhythmic default group Ganymede +.

  orders accounting AAA 1 by default start-stop Ganymede group.

  orders accounting AAA 15 by default start-stop Ganymede group.

  AAA accounting network default start-stop Ganymede group.

  Default connection accounting AAA power Ganymede group.

  ====

  TKS.

  Yep, it's a bug.

  See http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdv61239

• 5.6 ACS authentication problem

  We are in the process of upgrading our ACS 4.1 for a 5.6 ACS appliance.

  The unit is installed on the network, etc. correctly licensed.

  I joined the ACS server to the AD domain without problem. I created a few local and external (AD) users for testing.

  I created a network (switch catalyst) as a Ganymede client device + and specified single-connect.

  When I SSH into the switch, I can connect using my AD user name and password, but I can't go into enable mode. It says "authentication failure".

  My aaa settings are

  radius-server host 172.25.50.8
  RADIUS-server timeout 3
  RADIUS-server application made
  radius-server key

  Miss me something somewhere, I don't know where. If I try and download the bundle to support ACS, it says download, but does not say where (or how).

  any advice would be great. I'm new to this product.

  See the document: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/migration/guide/migration_guide/Migration_support.html#pgfId-1014889

• Version 4.1 ACS certificate problem

  Our self-signed certificate has expired and I tried to install a valid certificate of our internal CA. The generation of CSR, addition of our internal CA as a valid root, import and installation of the new key all seemed to go smoothly. However, when I restarted the service to activate the new cert I was no longer able to access the server via the web interface.

  Connection via the console allows me to see that everything works apparently fine, but I cannot manage the server through the web and therefore cannot add/remove/edit and entries.

  Attempted to update the certificate on the second certificate, signed by association with a car and he is also updated without problem, but the web interface works in this system.

  I need advice on how to get the web interface work.

  Can you give us some details on what happens when you try to access the server via a browser? What is happening in the browser? Messages?

  Have you tried using http: instead of https:?

  Have you tried another browser?

  Your ACS running Windows, it is the camera, or?

• With Ganymede ACS authentication problem

  My organization was using ACS with AD to authenticate users for access to network devices.

  But lately, it does not work. There has been no known changes.

  Can anyone help point the possible problems or links to see how the actual configuration of the CSA to be or look like for that to work.

  My apologies if this is naïve question, am not not so easy with ACS.

  Thank you!

  Hello

  There are two ways to correct the message 'windows dialin permission required. You can either add permissions to call on the user accounts on your database of Windows, or you can remove the option "Require Dialin permissions" ACS. To do this, go to "External user databases" and select "Database Configuration". Then go in your database of Windows and click "configure". The first option is a

  box that gives you the opportunity to "make sure that grant dialin permission is checked.

  Checking this box will cause the error you get if your windows users do not have permissions to call. If you uncheck this box, it must clarify this.

  HTH

  JK

• Cisco ACS installation problem

  Hello everyone.
  I have Cisco acs 4.2 on windows 2008 64 bit installation and get a very strange error when installing. V: ismg_israel_acs it gives some encryption error.
  Can someone please help me on this who have encountered the same problem. My project is stopped cause of it.
  Thanks in advance.

  Sent by Cisco Support technique Android app

  Hi Rizwan,

  If you're upgrading some version prerequisites ACS then I think you get something like this V:\ismg_israel_acs\Acs\Crypto\init.cpp

  You need to locate the old CryptoAPI container used by ACS, which may still be on the system.  This is normally located in C:\Documents and Settings\username that installed ACS> \Application\Data\Microsoft\Crypto\RSA.

  There will be one or more files will be very long filenames hexdecimal. You must identify the right one.

  Open a command prompt in that folder and type "findstr /I CiscoSecure *.» ' * ' - the file name that appears should be the

  old container of ACS.

  Let me know if you will be able to search for any file.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• NAR ACS Configuration problem

  Hi all!

  I have a problem with the configuration of the network access restrictions.

  I put the function through the shared profile component and group level NAR also, but none of them doesn't work.

  My test AAA client is a simulator of customer RADIUS of VASCO. I thought that this software does not send the correct RADIUS attributes, behavior of the ACS is never prohibitive, but sometimes, it should be.

  I also tried with version 3.2 and 4.2.

  Y at - it a tip or something that I messed up?

  Thank you for the answers!

  For wireless users, you must use CLIS/DNIS based access restriction.

  If you the corresponding IETF Radius user wireless access point, basic authentication should work, but question would be with a part of the authorization.

  Kind regards

  ~ JG

• Cisco ACS taccas + problem with authentication

  I'm having a problem authenticating to a switch using taccas + my ACS 5.2 server. I can actually do a 'test of aaa group taccas + username password inheritance' and returns a successful user authentication. When I try to use this same account to authenticate the switch, it is unsuccessful, and I'm not even that attempt to hit GBA.

  Most likely, is a configuration of Miss of the AAA command on the switch.

  Sent by Cisco Support technique iPad App

• ASA 5505 VPN Ping problems

  Hi all

  First of all, I apologize if this is something that I can google. My knowledge of the administration of the network is all self-taught, so if there is a guide that I missed please point me in the right direction, it is often difficult to Google the terms for troubleshooting when your jargon is not the height.

  The main problem is that when ping devices internal when you are connected to the results are very inconsistent.

  Ping 192.168.15.102 with 32 bytes of data:

  Reply from 192.168.15.102: bytes = 32 time = 112ms TTL = 128

  Request timed out.

  Request timed out.

  Request timed out.

  We have implemented an IPSec VPN connection to a remote Cisco ASA 5505. There is no connection problems, connection seems constant, etc. good packages. At this stage, I can only assume I have configuration problems, but I was watching this while if long and pair with my inexperience configuration of these settings I have no idea where to start. My first impressions are that LAN devices I'm ping do not send their response back or the ASA does not know how to route packets back?

  Here is a dump of the configuration:

  Output of the command: "show config".

  : Saved

  : Written by enable_15 to the 12:40:06.114 CDT MON Sep 9 2013

  !

  ASA Version 8.2 (5)

  !

  hostname VPN_Test

  activate the encrypted password of D37rIydCZ/bnf1uj

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  192.168.15.0 - internal network name

  DDNS update method DDNS_Update

  DDNS both

  maximum interval 0 4 0 0

  !

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  Description VLAN internal guests

  nameif inside

  security-level 100

  DDNS update hostname 0.0.0.0

  DDNS update DDNS_Update

  DHCP client updated dns server time

  192.168.15.1 IP address 255.255.255.0

  !

  interface Vlan2

  Description of VLAN external to the internet

  nameif outside

  security-level 0

  address IP xx.xx.xx.xx 255.255.255.248

  !

  passive FTP mode

  clock timezone CST - 6

  clock to summer time recurring CDT

  DNS server-group DefaultDNS

  Server name 216.221.96.37

  Name-Server 8.8.8.8

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  DM_INLINE_TCP_1 tcp service object-group

  port-object eq www

  EQ object of the https port

  outside_access_in list extended access permit icmp any one

  outside_access_in list extended access deny interface icmp outside interface inside

  access extensive list ip 192.168.15.192 outside_access_in allow 255.255.255.192 all

  Remote_splitTunnelAcl list standard allowed internal-network access 255.255.255.0

  inside_nat0_outbound list extended access allowed internal-network ip, 255.255.255.0 192.168.15.192 255.255.255.192

  Note to inside_access_in to access list blocking Internet traffic

  access extensive list ip 192.168.15.192 inside_access_in allow 255.255.255.192 all

  Note to inside_access_in to access list blocking Internet traffic

  inside_access_in extended access list allow interface ip inside the interface inside

  inside_access_in list of allowed ip extended access all 192.168.15.192 255.255.255.192

  Note to inside_access_in to access list blocking Internet traffic

  access extensive list ip 192.168.15.192 inside_nat0_outbound_1 allow 255.255.255.192 all

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  mask 192.168.15.200 - 192.168.15.250 255.255.255.0 IP local pool VPN_IP_Pool

  inside_access_ipv6_in list of access allowed IPv6 interface ip inside the interface inside

  ICMP unreachable rate-limit 1 burst-size 1

  ICMP allow any inside

  ICMP allow any response of echo outdoors

  ICMP allow all outside

  don't allow no asdm history

  ARP timeout 14400

  NAT-control

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 0 inside_nat0_outbound_1 list of outdoor access

  NAT (inside) 1 192.168.15.192 255.255.255.192

  NAT (inside) 1 0.0.0.0 0.0.0.0

  inside_access_in access to the interface inside group

  inside_access_ipv6_in access to the interface inside group

  Access-group outside_access_in in interface outside

  Route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  255.255.255.0 inside internal network http

  http yy.yy.yy.yy 255.255.255.255 outside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Sysopt connection timewait

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  management-access inside

  dhcpd outside auto_config

  !

  dhcpd address 192.168.15.200 - 192.168.15.250 inside

  dhcpd allow inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200

  NTP server 192.168.15.101 source inside

  prefer NTP server 192.168.15.100 source inside

  WebVPN

  internal remote group strategy

  Group remote attributes policy

  Protocol-tunnel-VPN IPSec

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list Remote_splitTunnelAcl

  username StockUser encrypted password privilege 0 t6a0Nv8HUfWtUdKz

  username StockUser attributes

  Strategy-Group-VPN remote

  tunnel-group type remote access remotely

  tunnel-group remote General attributes

  address pool VPN_IP_Pool

  Group Policy - by default-remote control

  tunnel-group remote ipsec-attributes

  pre-shared-key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  inspect the icmp

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:f4271785b86e45dd3a17bab8f60cd2f3

  Hi Graham,

  My first question is do you have a site to site VPN and VPN remote access client.

  After checking your configuration, I see you don't have any Site to SIte VPN configuration, so I'm assuming you ara facing issue with the VPN client.

  And if I understand you are able to connect VPN client, but you not able to access internal resources properly.

  I recommend tey and make the following changes.

  First remove the following configuration:

  NAT (inside) 0 inside_nat0_outbound_1 list of outdoor access

  NAT (inside) 1 192.168.15.192 255.255.255.192

  You don't need the 1st one and I do not understand the reason for the second

  Second, one is your pool IP subnet (192.168.15.200 - 192.168.15.250) and I don't know why you added this NAT.

  If possible change your subnet pool all together because we do not recommend to use th ip POOL that is similar to your local network.

  Try the changes described above and let me know in case if you have any problem.

  Thank you

  Jeet Kumar

• Application VPN ping problem

  I installed a vpn for access to HVAC equipment suppliers.

  The profile is RCPS_Vendor

  DHCP pool is RCPS_Vendor

  Finished outdoor int

  Here are the steps I took:

  remote access, outside of the--> psk (password), RCPS_Vendors-> authentic local name-> Hoff_Vendor (password)-> RCPS_Vendors 192.168.10.2-192.168.10.128->10.1.252.101/103->3DES SHA 2-> 3DES SHA->10.0.0.0/8 en split tunnel

  from: http://www.cisco.com/en/US/docs/security/asa/asa71/getting_started/asa5500/quick/guide/rem_acc.html

  The question is the seller has ping internal unit, and its program does not connect to units.

  Updated the attached config.

  Thanks in advance.

  All receivers are a section of the ASA, so could you put this static route on each of these units. That would point to the inside interface on the ASA. The ASA would use its default route to send traffic to the VPN clients.

  If the receivers are further inside your network and you are using a dynamic routing protocol, you can redistribute the static route to 192.168.10.0/24 on the next (from ASA) inside your network hop router so that the internal units default gateways to know where to send the traffic destined to 192.168.10.0/24.

  Since your remote clients are sending traffic in VPN tunnels I don't think you need to add an ACL on the ASA to allow specific traffic from VPN clients for the receivers.

• The trial ver 4.2 ACS installation problem

  Hello

  I searched the net for a while, for what could be the reason why the admin on http://127.0.0.1:2002 page do not open, after installed successfully the 4.2 ACS on Win - 2003 SP1.

  I made fixes Java JRE 6.0 and installed both and I used Firefox as a browser, but all invain.

  No idea what I need to do more.

  Thank you

  Sam

  Hi Sam,

  You have an other applications to install on this server?

  I suggest to install the ACS service on a new installation of windows 2003.

  Thank you

• ACS replication problem

  I have two ACS with replication configured. Manual replication works fine, but when setting up scheduled replication, server said "preliminary checks indicate a unnecessary outgoing replication - completed cycle. Even if the new features have been added to the main server, replication is irrelevant.

  Any thoughts?

  Please check this bug,

  CSCsd02854 : automatic replication has not triggered after changing the config

  components

  Symptom: When it is configured for automatic replication, only the changes to the users/groups/SPC are replicated automatically. Changes to the configuration of NAS, Admin, PAN, external databases

  components do not replication trigger.

  Conditions: This is seen when the automatic replication (intermittently or at a specific time) is configured.

  Solution: Start the replication manually after configuration changes for the affected

  components have been made.

  http://Tools.Cisco.com/support/BugToolKit/action.do?hdnAction=searchBugs

  Please make sure that the secondary ACS server, we have all the replicated network devices

  from the primary ACS server successfully. If they are not, and we have configured replication scheduled to take place, then we are hitting this bug.

  Kind regards

  ~ JG

  Note the useful messages