Cisco's preferred compliance policies

Similar Questions

• document for compliance policies

  Can someone point me to the documentation of compliance policies

  You can use thye below doc
  http://download.Oracle.com/docs/CD/B16240_01/doc/EM.102/b16231/TOC.htm

• Cisco ISE Posture compliance

  Hello!

  Is anyone know about Cisco ISE?

  I have a problem with the respect of the Posture. I installed the NAC Agent on PC, Catalyst 2950, and ISE. Authentication is great, but the Posture of compliance does not. I'll send you information if you want to help me.

  Thank you!

  Catalyst 2950 does not support costs (RADIUS permission change) which is required for enforcement to work: http://www.cisco.com/en/US/docs/security/ise/1.0.4/compatibility/ise104_sdt.html#wp55038

• Cisco anyconnect client

  I have a cisco with 3 group policies anyconnect.

  I can only with cisco select any connection.

  How can choose from three different groups

  On the ASA 'publish us' group names using the webvpn to group aliases attribute. For example:

   tunnel-group  webvpn-attributes group-alias  enable tunnel-group  webvpn-attributes group-alias  enable

  ... etc. When this is done, they will appear in the drop-down list for the customers to choose amongst, during the connection.

  Your ASA may have specific customers restricted to a specific profile. We would see that as a value of group-lock under username attributes.

• How to get a list of all available updates and dependencies for the MS products

  We are currently working on a patch report (compliance policies).
  We need to scan all workstations for the patches installed (already DONE!).
  Now we need to get a XML / List / or something telling us all the patches to release MS, affected software and dependence.
  Any help?

  See if this sugesstion can help you to:

  http://social.answers.Microsoft.com/forums/en-us/vistawu/thread/6da1bc16-9919-4762-85D5-95dee3aa15fd

  Take a look at this link and see if it helps-

  http://social.answers.Microsoft.com/forums/en-us/vistawu/thread/a75f8d76-8689-4661-A546-90b555d80c9d>

  Windows XP security updates and patches for 2010

  http://www.softwarepatch.com/Windows/Windows-XP-security-updates-2010.html>

  03/23 / 1107:12: 05:00

• Encryption of Gigabit

  Hi all

  I'm looking for a Cisco router (preferably) for a design I have write

  who is able to carry out a Gigabit throughput and IPSEC encryption

  at this rate.

  Any ideas/experience? It is a MPLS VPN connection and we hear

  using DMVPN with IPSEC for encryption of the EC - ec. That's a financial House and headquarters

  Circuit must be gigabit.

  Thank you all

  Stephen

  Stephen,

  I'm not sure of current sheets, perhaps better to do a ping of a Cisco self?

  Possible solution cat6k + VPN SPA or ASR1k (not sure that sheets are saying about this last tho)

  Marcin

  Edit: ASA will not manage DMVPN so I did not mention 5580.

  Find the link, I had in mind

  http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72.html

  With regard to the experience...

  If you don't want one not far from the step configuration guide, VPNSPA is very correct.

  ASR1k has a good potential, but it's still new, a great team so internally.

• Adobe photoshop cc 2015 drop-down menu changed sides

  Hi, I use photoshop cc 2015 on a windows machine, I'm not sure this is to do with a recent update or screwed up my photoshop

  the dropdown menus now display to the side of left hand as in the photo, before it used to be fair, I found extremely useful, another thing that bothers me, is that the fact that on my macbook pro, photoshop interface displays the name of "Photoshop" and year next to him, but my version of windows is not

  also on the version of windows, I'm unable to favorite the police, how I preferred a police? or use typekit because he wants me to ask a COMPUTER administrator

  Please help me with my questions

  

  It's a system of windows called right-handed/left-handed setting, not a photoshop definition.

  http://www.askvg.com/how-to-change-menu-position-from-left-to-right-in-Windows-Vista/

• RV320 Cisco Remote management fails PCI compliance

  Cisco RV320 (port 443) remote management not meet PCI, a major provider of PCI (Trustwave) compliance.

  Fault issues:

  1. Taken SSLv2 support (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969)
  2. Methods HTTP Trace/track activated (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0386)
  3. HTTP Server overlapping Byte - Range Denial of Service (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192)

  Other serious issues:

  1 auto-Completion enabled for password fields

  2 SSL certificates with a public key of less than 2 048 bits are more susceptible to man in the middle attacks (Yes, I can create a new certificate with > = 2048 bits, but the value default self-signed certificate must be at least 2048)

  If you have warranty still valid for your RV320 device, I suggest you address these issues directly to the Small Business Support Center (HWC) through their customer service system. Because they are related to safety concerns AND the RV320 device is not on the list of EoL in the meantime, I hope that this could be addressed and fixed in future versions of firmwares for this device.

  I'm afraid, nobody else on this forum could forward your question here on the forum that these options are not configurable (at least not officially) and must be set only at the level of the firmware. You must use the official channels to facilitate this correction.

• What is the preferred means of creating group policies?

  What is the preferred means of creating group policies?

  For example policy of GP1 for wallpaper and GP2 political mapping of drive and printer.

  or to combine politics both GP1 and GP2 in unique group as GPDOMAIN policy.

  Application of associated Win2K8 R2 group policies

  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

• Style/policies of Cisco's Jabber Instant Messaging session

  When we decided to fonts and Style during a chat IM, this setting session is only kept for the very next IM and the IM second after which uses by default to the original setting.

  The font setting not withhold until the chat session is closed?

  Hi Olivier,.

  Change the police/size/color in the text entry field changes only the fonts for this particular message by intention. Imagine that if you change the style of a part only of the IM message or do not apply style to persist, it would be very difficult to differentiate between the intention of the user between a temporary and persistent change. In the next version of Jabber, we will give users the ability to change the style of text IM coming out through the Options menu.

  Thank you.

  Mark

• Take snapshots of VMware preferred Cisco Infrastructure

  Hello community,

  We have several Cisco first 2.x and 3.x facilities in the area. All are virtual machines on ESX servers. Before the operations of the crtitcal system (as updates, etc.) I used to take a snapshot of VMware. So far, I never had to use a snapshot to revert to the previous state of the system, but I was always sure to have a snapshot, just in case something goes wrong.

  Now a customer recently asked me if the database would not get damaged if I just take a snapshot of the currently running system. I was courious and tried to look this up, but could not find clear instructions for this. The question that bothers me is: what should I stop NCS before taking a shot or not? Does anyone know what Cisco recommends (kind of best practices) for making snaphsot of VMware?

  Best regards

  Benjamin

  Hi Benjamin,

  Please see the release below notes... Snapshots are supported but recommended to take during their stop. I made quite a few installations and upgrades, and always take snapshots while the virtual machine is turned off, is faster and safer on big high transaction VMs.

  First 3.

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/Prime/infrastructure/3-0-1...

  First 2

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/Prime/infrastructure/2-2-2...

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd...

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd...

  See you soon

  Micheline

• Cisco RV110W supports up to 1 VPN policies

  Best regards

  I use a router Cisco RV110W to 20 natoinwide of branches with a central site for interconnection, however, although VPN correctly between a branch and the central location it is not possible to add another tunnel in the RV110W to another secondary site (see photo)

  In the data sheet RV110W it is said that this router supports up to 5 VPN tunnels, but apparently these 5 tunnels are supposed to establish via the software QuickVPN from a computer.

  so: is there a real limit to VPN site to site (router to router) 1 with RV110W?

  Thanks in advance for any help!

  Please contact Cisco,

  The RV110w supports only 1 site to tunnel

  Of the data sheet:

  1 tunnel IPSec Site to Site

  The RV130W will allow 10 site to site tunnels, datasheet below:

  http://www.Cisco.com/c/en/us/products/collateral/routers/small-business-...

  Best regards

• pre-opening Cisco Secure Desktop policies

  Hello

  We just do 2 updates on our asa 5510...

  1. we have improved our ASA 5510 6.21 to 6.41 firmware

  2. we have also improved for the last package of csd

  (we have improved from 3.5.841 to 3.5.2008)

  After 2 refills, it seems that all my policies pre-opening disappeared

  I try to activate / disable the CSD and they won't come back...

  I only have the default policy

  What can I do to get back them?

  any clues on this?

  Thanks for the help!

  You will not be able to recover it, but check to see if one of your old configuration still exists in flash.

  The CSD is stored in a file called "data.xml", there is on the flash of the SAA in the sdesktop directory. You can try to tftp this disabled the flash of the ASA file and see if it contains no remenants of your previous config of csd.

  CD desktop

  dir

  (you should see the file called "Data.xml")

  copy tftp flash:/sdesktop/data.xml

  If when you view this file you don't see one of your old settings of localization of CSD, then I think you'll be out of luck unless you have a copy saved to another location.

  -heather

  Don't forget to note all the messages you help and mark the issue as resolved.

• Cisco router some computers were able to access the internet.

  I'm having a weird problem recently that some computers were unable to browse some site. I even try to put in place a different router from cisco (cisco 2811) with IOS version 15.0 and the same configuration but still no luck. Tried to reboot all devices and I also try to use the computer that is having problem to access the web connect directly to the router, but the result is the same. FYI the router being works well for a month a few without this problem. I try to use the inexpensive router like the dlink / tplink and there is no problem. Another piece of information, it's the computer that could not browse some site were able to ping the website, but fail to load in the web browser. 10 computer there are 3 unit have this problem and new features such as my customer/guest computer also were unable to browse some site. There are no firewall or any security in our regard. It makes me crazy!

  My circuit diagram as below;

  WAN-> router (Cisco 2821)-> switch-> computer

  -See the version-

  Cisco IOS software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4 (24) T6, VERSION of the SOFTWARE (fc2)
  Technical support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Updated Wednesday, Aug 23, 11 01:30 by prod_rel_team

  ROM: System Bootstrap, Version 12.4 (13r) T, RELEASE SOFTWARE (fc1)

  Linear_Router uptime is 2 weeks, 3 days, 21 hours, 56 minutes
  System return to the ROM to reload at 12:49:51 MAS Thu Sep 1 2016
  System image file is "flash: c2800nm-adventerprisek9 - mz.124 - 24.T6.bin".

  This product contains cryptographic features and is under the United States
  States and local laws governing the import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third party approval to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. laws and local countries. By using this product you
  agree to comply with the regulations and laws in force. If you are unable
  to satisfy the United States and local laws, return the product.

  A summary of U.S. laws governing Cisco cryptographic products to:
  http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

  If you need assistance please contact us by mail at
  [email protected] / * /.

  Cisco 2821 (revision 53.51) with 249856K / 12288K bytes of memory.
  Card processor ID FHK1235F3T0
  2 gigabit Ethernet interfaces
  2 interfaces Serial (sync/async)
  1 ATM interface
  1 module of virtual private network (VPN)
  Configuration of DRAM is wide with parity 64-bit capable.
  239K bytes of non-volatile configuration memory.
  1000944K bytes of ATA CompactFlash (read/write)

  Configuration register is 0 x 2102

  -show running-config-

  Building configuration...

  Current configuration: 8378 bytes
  !
  version 12.4
  horodateurs service debug datetime msec
  Log service timestamps datetime localtime
  encryption password service
  !
  hostname Linear_Router
  !
  boot-start-marker
  start the flash system: c2800nm-adventerprisek9 - mz.124 - 24.T6.bin
  boot-end-marker
  !
  forest-meter operation of syslog messages
  logging buffered 16000
  enable password 7
  !
  AAA new-model
  !
  !
  AAA authentication login sdm_vpn_xauth_ml_1 local
  AAA authorization sdm_vpn_group_ml_1 LAN
  !
  !
  AAA - the id of the joint session
  clock timezone 8 MAS
  !
  dot11 syslog
  IP source-route
  !
  !
  IP cef
  No dhcp use connected vrf ip
  dhcp IP 30 binding cleanup interval
  DHCP excluded-address IP 192.168.88.1 192.168.88.141
  DHCP excluded-address IP 192.168.88.180 192.168.88.254
  !
  pool of dhcp IP LAN
  network 192.168.88.0 255.255.255.0
  router by default - 192.168.88.254
  domain losb.local
  Server DNS 8.8.8.8 8.8.4.4
  0 0 15 rental
  !
  !
  IP domain name losb.local
  8.8.8.8 IP name-server
  IP-server names 8.8.4.4
  !
  No ipv6 cef
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  voice-card 0
  !
  !
  Crypto pki trustpoint test_trustpoint_config_created_for_sdm
  e subject name =[email protected] / * /
  crl revocation checking
  !
  Crypto pki trustpoint TP-self-signed-3132623275
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 3132623275
  revocation checking no
  rsakeypair TP-self-signed-3132623275
  !
  !
  for the crypto pki certificate chain test_trustpoint_config_created_for_sdm
  TP-self-signed-3132623275 crypto pki certificate chain
  certificate self-signed 01
  30820250 308201B 9 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 33313332 36323332 6174652D 3735301E 170 3134 31323032 31393436
  35385A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 33 31333236 65642D
  32333237 3530819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8569B 674 5F07B434 8E5F9D59 D298DB7E 51FBB58A B 460084 9 34AE8461 8100D01A
  471637 C F6CFC65F 9639C1C6 2 50CF9117 D459482F 1EF22E29 322F39AA 88 42306
  F4B6686A 161FDD3D 69B0647B 46FC7CD0 966C03E8 D6CF9181 8E2B3514 300D980B
  EE9225A6 173F7673 655A1DE8 FB720F13 0FD8E550 A7DDB314 50461510 A72C5DBE
  010001A 3 78307630 1 130101 FF040530 030101FF 30230603 0F060355 A1CF0203
  551D 1104 1C301A82 184C696E 6561725F 526F7574 65722E6C 6F73622E 6C6F6361
  23 04183016 8014FA7F D98E6D69 462EEAED 41BEC8D3 7042F812 03551D 6C301F06
  95B3301D 0603551D 0E041604 14FA7FD9 8E6D6946 2EEAED41 BEC8D370 42F81295
  B3300D06 092 HAS 8648 01040500 03818100 043EC1A4 7363A7FD 3AED777D 86F70D01
  CAAEC570 99 HAS 02166 A3958A66 0E5A5DD2 368C2F8B D9A96E69 9F57852C ACE0C67F
  73 D 17753 53BE14C4 824BE043 B8A52822 E38DBC3C C3F33787 813FD207 0AB04004
  E0303A2F 2A3BF5AA 81481429 F53C1EDD 8AC2EC48 D64DF89A 4D047B7C 6B 516970
  55EAFF10 B1453DBD ABC96845 FDF7AAF9 77B8C381
  quit smoking
  !
  !
  password username privilege 15 7 kent
  Archives
  The config log
  hidekeys
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  Configuration group customer crypto isakmp 11
  11 key
  DNS 8.8.8.8 8.8.4.4
  losb.local field
  pool SDM_POOL_1
  ACL 100
  Max-users 11
  ISAKMP crypto sdm-ike-profile-1 profile
  identity group game 11
  client authentication list sdm_vpn_xauth_ml_1
  ISAKMP authorization list sdm_vpn_group_ml_1
  client configuration address respond
  virtual-model 1
  !
  !
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  !
  Profile of crypto ipsec SDM_Profile1
  game of transformation-ESP-3DES-SHA
  isakmp-profile sdm-ike-profile-1 game
  !
  !
  Crypto ctcp port 10000
  !
  !
  !
  !
  !
  !
  interface GigabitEthernet0/0
  Description of connection WAN to Unifi BTU
  no ip address
  no ip-cache cef route
  no ip route cache
  automatic duplex
  automatic speed
  No mop enabled
  !
  interface GigabitEthernet0/0.500
  encapsulation dot1Q 500
  no ip route cache
  PPPoE enable global group
  PPPoE-client dial-pool-number 1
  !
  interface GigabitEthernet0/1
  internal network LAN Description
  IP 192.168.88.254 255.255.255.0
  IP access-group UDP/TCP in
  IP nat inside
  IP virtual-reassembly
  no ip-cache cef route
  no ip route cache
  automatic duplex
  automatic speed
  !
  ATM0/0/0 interface
  no ip address
  Shutdown
  ATM 300 restart timer
  No atm ilmi-keepalive
  !
  interface Serial0/1/0
  no ip address
  Shutdown
  2000000 clock frequency
  !
  interface Serial0/1/1
  no ip address
  Shutdown
  2000000 clock frequency
  !
  type of interface virtual-Template1 tunnel
  11 description
  Dialer1 IP unnumbered
  ipv4 ipsec tunnel mode
  Tunnel SDM_Profile1 ipsec protection profile
  !
  interface Dialer1
  the negotiated IP address
  IP mtu 1480
  NAT outside IP
  IP virtual-reassembly
  encapsulation ppp
  Dialer pool 1
  Dialer idle-timeout 0
  persistent Dialer
  Dialer-Group 1
  PPP authentication chap callin pap
  PPP chap hostname [email protected] / * /
  password PPP chap 7 15381
  PPP pap sent-username [email protected] / * / 132F0 password 7
  !
  local IP SDM_POOL_1 192.168.88.130 pool 192.168.88.141
  default IP gateway - 192.168.88.254
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 Dialer1
  IP http server
  local IP http authentication
  IP http secure server
  !
  !
  overload of IP nat inside source list Internet_List interface Dialer1
  IP nat inside source static tcp 192.168.88.89 8001 interface 3389 Dialer1
  IP nat inside source static udp 192.168.88.89 8001 interface 3389 Dialer1
  IP nat inside interface 80 static udp 192.168.88.102 source Dialer1 5555
  IP nat inside source static tcp 192.168.88.102 80 5555 Dialer1 interface
  IP nat inside source static tcp 192.168.88.90 80 Dialer1 8080 interface
  IP nat inside interface 80 static udp 192.168.88.90 source Dialer1 8080
  IP nat inside source static tcp 192.168.88.101 interface 8888-8888 Dialer1
  IP nat inside source static udp 192.168.88.101 interface 8888-8888 Dialer1
  IP nat inside source static tcp 192.168.88.101 80 Dialer1 7777 interface
  IP nat inside interface 80 static udp 192.168.88.101 7777 Dialer1 source
  !
  Internet_List extended IP access list
  IP 192.168.88.0 allow 0.0.0.255 any
  !
  Access-list 100 = 4 SDM_ACL category note
  access-list 100 permit ip 192.168.88.0 0.0.0.255 any
  Dialer-list 1 ip protocol allow
  !
  !
  !
  !
  !
  !
  control plan
  !
  !
  !
  !
  !
  !
  !
  !
  !
  Banner motd ^ CC
  #####################################################################
  #                            WARNING!!!                             #
  # This system is for the use of only authorized customers.        #
  # Who is using the computer network system without #.
  authorization of #, or their permission, are #.
  # subject to having their activities on this computer.
  # Network monitored and recorded by system #.
  staff of #. To protect the computer network system of #.
  # unauthorized use and to ensure that computer network systems #.
  # does not work properly, system administrators monitor this #.
  system of #. Anyone using this computer system #.
  # consents to such monitoring and is expressly informed that #.
  # If this control reveals possible criminal conduct.
  activity #, the system can provide evidence of #.
  # This activity to police officers.              #
  #                                                                   #
  # Access is limited to authorized users only.           #
  # Unauthorized access is a violation of # State and federal.
  # civil and criminal.                       #
  #####################################################################^C
  !
  Line con 0
  line to 0
  line vty 0 4
  privilege level 15
  password 7
  transport input telnet ssh
  exit telnet ssh transport
  !
  Scheduler allocate 20000 1000
  NTP-Calendar Update
  end

  Hello

  try changing the size of the "ip mtu" on your Dialer interface to 1492, and/or the 'ip tcp adjust-mss' on your GigabitEthernet interfaces to 1452 and see if that makes a difference.

• First management LAN CiscoWorks LMS or Cisco? Help

  In my business, we look adds a network management solution:

  Some time ago, we installed CiscoWorks LMS 3.2, but we decided to install on the other more modern solution, what is the solution which recommend me?

  Requeriments:

  1 000 devices from cisco management.

  Regularly perform massive configurations.

  Constant monitoring of the network infrastructure.

  Backups of configuration.

  We have two solutions:

  -Update the current CiscoWorks to LMS 4.x version

  -buy the "First Cisco LAN Management" Solution

  What solution that recommend me?

  Thank you for your attention.

  Kind regards.

  Hi Jeffersson,

  The current product packaging is a bit confusing. Cisco is rebranding all of their management under the aegis of the first Cisco solutions. All prime products have a common appearance and take advantage of some approaches architectural.  From LMS 3.2 on 4.x will put you in the first territory of Cisco.

  In the 'first' products are (among others) "Cisco first Infrastructure" (also known as PI - 1.2 is the current version) and "Cisco first LMS" (4.2.3 is current). Preferred Infrastructure (1.0) began in the successor to management wireless Cisco (NCS) product and had been adding features on the way to bring it up to parity with LMS functionality to wired infrastructure. He isn't quite there right now (current comparison here) that existing customers of LMS are usually advised to stick with the latest version of the LMS for now.

  Still with me? Good. If the extra twist is that 4.2 LMS is "included" with licenses of FT 1.2 - see the link guide below. So, if you want LMS 4.x, you order indeed 1.2 FT with licenses "Cycle of life" according to the number of devices you manage. (There also is 'respect' and 'insurance' adding these new features of the respective licenses. Compliance is available from LMS 4.2 in the CAAM.  Insurance is almost a FT 1.2 functionality only.)

  So my recommendation to you would be to upgrade to version 1.2 of PI and to install and to use the LMS 4.2 (4.2.3 and put patched up-to-date with all the packaging of the products). If you have a VMware configuration, deployment option flexible device (file eggs) is the easier implementation,.

  You may find it useful to explain this point of view of Cisco the following two links:

  Functional reference LMS

  Control of IP and Licensing Guide

  Don't worry not-all this will not be on the test.