Similar Questions

• Problem of the NAC in the virtual tape gateway VPN SSO

  Hello

  I've implemented a NAC solution for remote users. The unit of CASE mode configured in the gateway enVirtual Strip.

  I followed all the steps listed in http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml

  Remote users can connect succeffuly using the cisco vpn software and they can ping the SIN, but not the DNS (the ASA offers IP @ but not the DNS I do not know why).

  When I access the NAS, I can download the NAC Agent but VPN SSO is not executed and the Agent asks me to connect using LOCAL DB.

  Any help please,.

  Kind regards

  Larson,

  For VPN SSO work, you must send the accounting package to the CAs. The CASE can in turn send for the ACS if you need accounting also be done on GBA, but for authentication ONLY work, the accountant must reach the CASE.

  HTH,

  Faisal

• Dynamic assignment of the NAC to the same vlan came on and off strip

  Hello

  Pls forgive my ignorance, I'm fresh in the biz of the NAC.

  I have a requirement for a client, very large high rising with numerous hospital, they want to assign MDs to the same vlan, if he or she uses the Office at out clinic, which would be OOB Layer 3, and even he or she uses the Tablet PC/PDA wireless during the round room.

  The question is whether this is something achievable. A little trick how to do it would be very useful.

  Appreciate your expertise.

  Thank you

  Saami

  By user role VLAN can be activated for OOB.

  The VIRTUAL LAN is configured on the role and setting up OOB, there is a check box that you need to activate so that the user receives the vlan configured on the role (I don't remember the exact section now..).

  With that, whenever a user who belongs to a specific role connects, he will receive the same VLAN according to what is set up on its role.

  I hope this helps.

• Exe Explorer file process uses all the computers memory RAM

  I googled this question in many different ways and read the post until my eyes crossed. Tried several different

  ideas, checks, analyses, etc.

  This is on a Dell inspirion 3847 running Windows 7 Pro Service pack 1

  a Intel pentium CPU [email protected] Ghz, 4 GB RAM, 1 TB HD (no graphics card or any other card in pci slot)

  a brother MFC7360 n printer connected to the USB port.

  and the HD: (drive C O/S: 855 GB free of GB 909), (recovery E Drive: 17.5 GB free of 47 gb)

  The extent of the installed software is minimal, (only notable is Office 10, digital meal)

  (Digital software dining room is for the POS system), this computer is not the main computer that is running the POS system

  This computer is just linked to the actual POS in bar. (I stop this program and does not affect the)

  problem or situation that we were conducting.)

  (I can give list if necessary other software that is installed).

  And the essentially the only files on the computer (in addition to operating systems, programs, etc.) are Office, "Word files,

  Excel files.

  And a few txt, rtf, pdf, files (very small amount).

  first just noticed recently what happens, but I'm not the primary user on the computer. I checked

  and it seems that no new software or program have been recently installed or changed.  I have a little

  understanding of what the process Explorer exe is and it functions. (NOT a PRO, not a total newbie,)

  If all goes well enough to find help, and not enough to totally screw up.)

  I'll be watching this thread several times per day until solved if need more information, I'll give you...

  Here are the details of the problem:

  random computer freezes, or runs very slowly or get "out of memory" message (during the attempt

  to open any random program) and when...

  I opened the the Task Manager and in "processes" tab, it shows that there is:

  2 examples of "Explorer"exe "running... it uses a small amount of RAM (approx. 10-15 mb)(with nothing)

  Open, other than the Task Manager). Another example of "Explorer"exe "uses (starts on the same amount of)

  RAM use, without having to open anything else) it will start using more and more RAM up to uses almost all

  the available 4 gigabytes of RAM. Also during this process it uses randomly between 0 and 99% of the CPU.

  The CPU usage seems to vary (couldn't see any stable model).  the amount of RAM used begins bass

  then goes very high and the rest standing for this purpose during a random time. (then sometimes descends

  on its own within 1-5 min.). (sometimes does not lower for awhile). More details needed let me

  know, I'll check all speeds or time it takes for the situation to occur, (if necessary)

  TASK MANAGER:

  I opened the location of two Explorer exe files (both take me C/Windows"... ». (same for both

  not a system 32 file, or any other subfolder, just to 'Windows '.

  The two exe process explore "Descriptions" are listed as Windows Explorer.

  I have "Complete the process" towards the 2nd exe explore (one with high memory usage), just that process and she stops to

  a short period of time (and all works well for the time), but even once, it reappears (no exact time frame on how long until)

  Returns), (can check again and again, if necessary), to see if time is right each time to restart the process.

  If I "End process" to the 1st exe explorer (one with normal memory usage), I lose my office. (which from what

  I understand what needs to happen).

  Also get the same results if the process of "End process Tree" for the 1st and 2nd explore exe.

  Checking "properties" of two everything seems the same info. On the 'details' tab shows all of Microsoft, not

  of course, what happens if an info is important. (any info where necessary, I get and publish as needed).

  I know more and different information is no "resource monitor". but was not sure what would happen if, any info of

  It has been necessary.  If necessary you will get what that is. (let me know this as necessary).

  I've scanned any computer with 3 different anti virus (found nothing) programs

  I ran spybot search & destroy found nothing that had to do with this issue and fix some other issues that we found.

  A little info in 'Folder Options' (the 'windows folders in a separate process to launch' is NOT checked.

  and all the options are defined for the default settings (I think) (not sure if this is important)

  like I said read several messages in various forums (on similar sounding problem)... Some say spoke with

  Microsoft technical support who say 'must be the virus', others say started after the recent "windows update" and others

  say the problem of virtual memory and others say he's changed banks 'office' or the 'thumbnails previews.

  These files, and the other says "shell extensions" are the problem. (many recommended (ShellEXView), to)

  Disable all non-microsoft extensions). I was not looking for it.  My problem does not appear to be any good

  program, type file running that is causing this. It seems to happen when the computer is idle (I realize there are always some)

  process background or system running) but it doesn't have to be all open programs.

  At this point, I am open to almost any idea or suggestion.  I will continue to monitor the post until resolved and will get a

  In addition to the information required (less the credit card or account info bosses banking info HA!) (HA!)

  But seriously some help, thoughts, ideas or directions to another post with response, would be greatly appreciated.

  THANKS FOR ANY HELP!

  Hello

  Please provide detailed information about your question. I appreciate the step by step troubleshooting, and pain that you have taken to resolve your problem. However, there are a few steps more that we can try to diagnose the root cause of your problem.

  If it helps, try the methods and check them off below.

  Method 1

  As you mentioned in your message that your PC is slowing down or freezing then you can automatically diagnose and repair problems that slow down your computer by running the fixit provided in the link below.

  http://go.Microsoft.com/?linkid=9740820

  Additional information:

  For more information you can check the link below:

  8.1 Windows, Windows 8 or Windows 7 hangs or freezes

  http://support.Microsoft.com/kb/2681286

  Method 2

  If the problem persists I suggest you to try the different steps in the following Microsoft article and check if this may help. You can skip the steps that you have already tried.

  Optimize Windows performance

  http://Windows.Microsoft.com/en-us/Windows/optimize-Windows-better-performance#optimize-Windows-better-performance=Windows-7

  Important: Running chkdsk on the drive if bad sectors are found on the disk hard when chkdsk attempts to repair this area if all available on which data can be lost.

  Running Microsoft Safety Scanner: The data files that are infected must be cleaned only by removing the file completely, which means that there is a risk of data loss.

  Hope this information is useful. If the problem still persists, please post back for further assistance, we will be happy to help you.

  Kind regards.

• Upgrade the NAC of 4.5 to 4.8

  Hello everyone

  I'm about to upgrade to a CNA of 4.5 to 4.8 on an application I do in a bank with 1500 users. The upgrade is due because the Bank makes its migration from PC to Windows 7

  The implementation is in a failover situation (2) and (2) CAM. the design is Out of Band, a virtual gateway and integration with a wireless LAN controller.

  I would like to know if when I upgrade the CAM and CAS´s for version 4.8 can I still use the Agent access own version 4.5 on clients? To perform the migration in several steps

  There is a StubAgent for version 4.8? or already included in the Agent 4.8? I install the StubAgent on all computers of the Bank, because they have no administrative rights.

  What is the best way to perform the upgrade of agents which does not affect users?

  Thanks in advance

  Eduardo Navas

  Hi Eduardo,

  Agent 4.5 is compatible with 4.8 CAM/CASE, although with a few restrictions:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/support_guide/agntsprt.html#wp52084

  For example, see also the following notes:

  "If you use version 4.8 of CAM/CASES with a version of the Agent plus early 4.8.0.32, then either use the requirement of the Distribution link or upgrade the Agent to the latest version to use the Distribution of files".

  "Cisco NAC Agent version 4.5.x is not supported by download version 4.6 (1) CAM because the structure of Agent installation files is different in version 4.5 (x) compared to the support in version 4.6 (1) agents."

  The NAC 4.8 agent has not any component necessary as the previous stub, for example:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/48/cam/m_webagt.html#wp1473153

  Kind regards

  Fede

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Logic and rules of the NAC

  I have a question about WINXP rules in the NAC server and more specifically, if a rule reports a failure, but it's part of a! the rule, this means - happening?  For example:

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

  &(!pc_Windows_ehkeyctl|pc_XP_MCE_KB973768_MS09-037) (red indicates failure)

  The NAC is reported as a check failed:

  pc_Windows_ehkeyctl, File Check [$SYSTEM_ROOT\ehome\ehkeyctl.dll is]

  It is a failure because it finds the file and there is a negative on the rule?

  What about this:

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

  &(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

  The first part of the reports as passage, and the second reports failure... but logically, this part of the rule must pass because only after the first part?  Which apparently correct?

  Thank you!

  Gavin - Budd

  He actually reports a failure audit - and in many cases, it is expected (and confusing!).  For example, with Windows controls preconfigured, if it is a 32-bit client you will see fail the verification of 64-bit.

  Same with your second example check

  &(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

  We expect that it is not the first cheque or spend the second control - but one of these controls will show as failed.  Clear as mud?

• Free devices in the NAC 4.1

  Hello friends,

  I m the virtual gateway layer2 mode configuration, I m bit confused regarding what would be the free features of layer2 virtual gateway mode.

  whenever any device in the vlan for authentication, it will pass through NAC server but if I moved the normal port access vlan in the switch of ' switchport mode access vlan "that the device is off flow from the NAC.

  My knowledge regardless of the mapping vlan is being done in the NAC between authentication and vlan access only those VLANs is affected rest are all out of the stream of ANC, they will go as normal traffic.

  Also all my switches vlan management so when I don't create the mapping for management vlan that they do not pass through the NAC. Am I wrong?

  Please suggest me what other devices should be exempted from the networks, for example: printers and what else?

  Estela,

  You are right, in most of your assumptions. The essential with the NAC is to follow the flow of traffic and make sure in the not authenticated state, the flow of traffic is always in the CASE. It follows that if a port is not in a local VIRTUAL alongside unreliable network, it would never be repercussions of the NAC. For your VLAN authenticated, we need to ensure that taxiway, they are allowed only through CBS. This simple design rule in mind, look at your VLAN again and you will get most of the answers you seek.

  HTH,

  Faisal

• Doesnot work of digitization of the NAC

  Hello;

  I got the website tenable nessus plugins, and downloaded on the nac manager then tried to apply the plugins in the installation of plugins, but I have found nothing is there any cli or installation process I must perform a operation of nessus plugins?

  you will need to extract the contents and create new files less than 10 MB. Load each one separately. Maintain the structure of directories in the tar file.

• Basic of the NAC deployment question

  Hello

  Do I have reason to assume that at least 2 devices - a server and Manager must consist of a NAC deployment? or is the manager, an application running on a Windows Server? the Manager can run on the same machine as the server?

  My second question concerns Cisco Trust Agent and clean access Agent. CTA has actually managed by CAA? from what I see, CTA was part of the old framework of the NAC until they start using devices.

  Many thanks in advance,

  DOM

  Manager and the server can run on both PC or Cisco devices, which are in fact HP ProLiant DL140 G3 or HP ProLiant DL360 G5 PCs ;) You will need two devices in all cases.

  Second question - no one knows what will happen with all technology in the future. Is it completely replaced by MS NAP? The framework of the NAC is cancelled? Two Cisco solutions are not perfect. What customers actually need, is to have all the features of the NAC appliance to operate directly on the routers and Cisco switches. No clean access server no need in this case, only managing! And the OOB mode which is difficult to set up, support and troubleshoot will disappeared. The NAC framework is executed directly on Cisco devices, but it's not feature-REACH as NAC Appliance.

• Problem of the NAC - Agent is a disconnect

  Hello

  We have a problem with the NAC in mode virtual outofband.

  AD SSO, sanitation, everything is working, but the strange things happening: after awhile, when downloading large files, Agent connects to the formula of network users, and the registration process is restarted.

  I disabled the pulsation clocks and timers, session, but we still have a problem.

  Also, while sniffing traffic on the switch port, I noticed that after have correctly connected you to the own Cisco Agent network always send traffic to UDP Port 8905. Is this a normal behavior?

  I noticed problems with this version of the agent causing connections to give up intermittently. I would upgrade to agent v4.1.3.1.

• When I install Greasemonkey. Firefox does not load. The process is, but the program does not appear. Even if no script installed. I have Aurora

  It was working fine until one time I don't know what happened.

  I've been OCing things lately so don't know if this has something to do with it. But I have the last Aurora and Greasemonkey and for some reason loads of process, but not the program. It appears at all.

  I had no idea what was originally there and a little started to remove one by one and found out who he was.

  I even tried to remove all scripts, but that has not worked.

  Tampermonkey works fine with Chrome atm. So, I do not understand. I have roughly the same installed scripts.

  For any information would help. I tried to ask questions about greasemonkey, but nothing at this ATM. My problem seems a bit unique, so I post here to possibly discover this. It bothers me not not using my scripts, I love.

  Could be that:

  Firefox Nightly invisible w / Greasemonkey 1.13 beta 5 & 6
  
  https://github.com/Greasemonkey/Greasemonkey/issues/1833

  Recommend:

  Please try 1.14beta1 if this is still the case for you:
  https://addons.Mozilla.org/en-us/Firefox/addon/Greasemonkey/versions/

  Does it work?

• How to complete the implementation of process after inserting the new sim card to unlock the phone

  Try to unlock the phone more 6s with ATT, but do not know how to perform the implementation of process after inserting the new sim card. I got the unlock code confirmed att.

  After the unlock code is confirmed, you will have to restore the unit to the factory via iTunes settings.  He must inform you that the device is unlocked, THEN you change sim cards.

• Login process failed create the security options dialog

  Login process failed create the dialog box options security can someone help me?

  Hello

  Are you tired? Or why do you post this brief description?

  In any case, I used google and searched the error message and google has provided a lot of visits.
  The solution; Uninstall or disable the Symantec "Norton antivirus/internet security suite scans idle time-out.

  To be honest, I don t use Symantec Antivirus because it takes a lot of resources material I use the free and smart Antivir Ariva.
  It analyzes the complete systems and my laptop runs much faster

• How to get firefox 4 to allow two separate processes run at the same time.

  I'm used to be able to run two separate processes of firefox and so also run two separate user profiles at the same time as well. But I recently moved to firefox 4 and windows 7 and the other, or these two prevents the old method, I used to work. Basically I was running firefox (via 'run' or via an edited shortcut) with the following executable:
  p - profilename - noremote

  And it would launch a separate process that runs under the profile name. Is it possible to do this with firefox 4 and win7?
  I am a developer (web and desktop applications) and it is highly preferable to do so. One of the reasons is that, if one of the processes one falls, the other is fine. Another is to have separate profiles so that addons with leaks of memory, like firebug, can be run in its own process and I can restart when I have to without affecting other processes. I sometimes also need to set the processor affinity so that a process of firefox is not a big eater.
  Any help would be appreciated.

  The correct format for this command is -no-remote

• Should I keep plugging my iphone to the computer during the update download process? especially the download will take too long because it is more than 2 GB and my internet speed is not fast, I can unplug my iphone until the full download?

  I am a new user of Iphone, I must he keep plugging my Iphone to the computer during the update download process? especially the download will take too long because it is more than 2 GB and my internet speed is not fast, I can unplug my Iphone until the full download?

  Without doubt, but why not just make the day downloading overnight?