Cisco Security Manager integration with Cisco ACS troubleshooting

Similar Questions

• Operations Manager integration with vSphere Web Client

  Hello

  One of the new features that I keep seeing credited for vCenter Operations Manager v5.6 is 'integration with vSphere Web Client'.

  I went through the process of getting vCOps operational v5.6 (and everything works fine), but I don't see any integration with the Web Client.  Am I missing something obvious?  Where is the integration?  I have to do something to activate it?

  See you soon,.

  David

  Take a look at the video on Eric Sloof vCOPS 5.6 integration with VMware vSphere Client Web blog post where he explains how to use the vCenter integration of Operations Manager with the Web Client vSphere.

• ACS integration with Microsoft Active Directory Services

  Hi all

  I was responsible for developing the integration of GBA with MS AD. What I want to know is below assuming I have a software ACS or ACS device and the authentication protocol's RADIUS

  -What is the criterion of the announcement to integrate with ACS to device software

  -Should that AD hosted on the domain controller or not?

  -Otherwise, on what (DC, tree, forest, branch, flower, Fruit) the announcement must be hosted on?

  -What should I do to authenticate users logging into Cisco ACS Security Manager integrated with AD?

  -Are there other dependencies that I'll have to speak categorically in my description?

  Thank you

  Rishi

  First of all, I love the flower fruit one keep it up.

  If ACS is for windows, it can be installed on the domain controller or member server. For detailed information about installation tasks post must have full integration, please see the following link that contains fancy things you are looking for:

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/Windows/postin.html#wp1041202

  If ACS is soultion engine then you need piece of software called remote agent to be installed either on the domain controller or member server, also check the following link for more details on how to integrate it with AD:

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/Rawi.html

  I hope this was informative for you.

  -----------------------------------------------------------------------------

  Please ensure good answers to rate

• Integration of Cisco ACS and Cisco NAC Manager - downloadable ACLs

  Hello

  I have Setup Cisco NAC in my environment. These are all works well. The users themselves will get authenticated via Cisco NAC Manager. The Cisco NAC Manager meets with Cisco ACS for the part of the user database. These are all works well. I would like to activate downloadable ACLs. I tried to use the CISCO-AV-PAIR method and creating a downloadable ACL entry in the shared components, but nothing works. It's either I'm doing wrong or this configuration of the mine does not support downloadable ACLs? Please advice kindly.

  Kind regards

  RAM

  + 6 012-2918870

  Hello

  It is not possible.

  You cannot push the ACL in the NAC manager.

  If you make the Radius of NAC authentication manager, you can do is create roles the NAC Manager, and on the roles you define traffic strategies.

  Using the Radius attributes you can then map users to roles.

  Please, take a look at this:

  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.

  HTH,

  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Cisco ACS 5.1 and RSA Authentication Manager 6.1

  Hi all

  We recently had a Cisco Secure ACS 1120 and I improved the Unit 5.1 5.0 with all your support

  Now, I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1. I have config file of RSA ACE Server successfully downloaded and exported to 1120 ACS.

  I also added as NetOS Agent ACS in the RSA server during the process, I found a few warnings. The ACE Server is not able to resolve the IP address to the name (is it necessary?).

  I have not created any file of secret key for communication between FAC and RSA and I used encryption is FOR.

  Now, when I log into ACS and search for devices in the identity store sequences I am not able to get Sever Token RSA.

  Let me know what was wrong, where can I fix and also please tell me what is the communciaction between the RSA and ACS?

  Hoping that you guys help me as usual when I'm in a hurry...

  Sree

  Were you able to successfully create the RSA identity server. After selecting the sdconf.rec and you press on submit what happened? The RSA instance created OK?

  If you go to

  Users and identity stores > external identity stores > RSA SecurID Token servers, what do you see in the list?

• API License - Cisco Security Manager

  I would like to know the license API to integrate a solution Algosec Cisco CSM. This license would cost or not?

  Q. what are the features of the API?

  A. based on the API access Cisco Security Manager to share information with other services essential network such as respect and analysis of advanced security systems to streamline their operations, security and compliance. Using a representational state transfer, external firewall compliance systems can directly request access to data from any security device managed by the Cisco Security Manager. Several suppliers of conformity of safety including Tufin Algosec and Skybox, have updated their products to work with the new APIs in the Cisco Security Manager

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5739/ps6498/qa_c67-727089.html

  I'm waiting for return,

  Aldo Melo Lopes

  Yes. The fare is US$ 5,000.

  The product number is 'L-CSMPR-API' (Cisco Security Manager Pro - license for access to the API).

• Cisco Security Manager

  Hello

  I have a question about Cisco Security manager. We manage approximately 70 firewalls and bought the MSC to manage with policies, etc.

  Is it possible to make changes in SSH or ASDM If Cisco Security Manager is inaccessible?

  I need a way to backup for the configs before I can deploy.

  Any advice will be appreciated

  Kind regards

  Ian Oliver

  You can always return to the local management.

  If you do, you need to be sure to use functionality of the CSM 'Detect changes in band.

  http://www.Cisco.com/c/en/us/TD/docs/security/security_management/Cisco _...

  You need to reconcile and integrate those changes in band CSM once it is available / accessible so that it fit, any change in its baseline for the camera - otherwise he crushes them in the next deployment.

• Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1

  The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.

  And Yes you are right,

  With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.

  Kind regards

  Prem

• Install Cisco Security Manager 4.7 on Hyper-V

  Hello

  Our clients want to install Cisco Security Manager on a Machine virtual Windows virtualized with Hyper-V. The only references documentation install the software on a Virtual Machine on Vmware systems.

  Can be installed without problems, and the installation will rely on the TAC if we open a support case?

  Best regards

  David

  While he expected to work (since CSM is essentially an application running on a Windows Server), it is not a system that meets the requirements of the Setup Guide.

  Then... If the TAC has found a problem related to this configuration when you need their help, they would be within their rights to say your installation is unsupported.

• With the help of Cisco ACS 5.2 (GANYMEDE +) with other than Cisco devices

  Hi all

  I was hoping that someone could help me with what might be a silly question. I'm trying to implement a solution whereby an operator can control all their nodes (other than Cisco) network via GANYMEDE + involved nodes are

  Juniper M10i running Junos 9.2, M120

  M320 running Junos 8.5 Juniper

  Extremes of BD8810 and BD8806 running 12.4.1.17 XOS

  3804 Alpine extreme Extremeware 7.8.3.5 running

  My question is, can I use Cisco ACS 5.2 (or 4.2) to authenticate using GANYMEDE + to these other than Cisco devices. Has anyone else done this or I have to use RADIUS? If someone has done this are problems of interoperability with Cisco CS and Junos or XOS extreme. Thank you

  / John

  John,

  We have a very large deployment of Juniper (T-series, series MX, etc.). We use Cisco ACS and GANYMEDE to manage these devices. The configuration of the ACS is fairly simple. You'll want to create users to connect and match them to the classes on your JUNOS routers. Here is an example:

  set system login user uid of engineering 2000
  Set system login user engineering genius-class class
  set the connection user uid to NOC 2001 System
  Set system login user AC AC-class class

  define the system connection Engineering-class idle-timeout 15
  define a connection system class engineering-class permissions all
  define the system connection AC-class idle-timeout 15
  define the connection class AC system class view permissions
  Set connection AC-class permissions see the system configuration

  We use two classes of genius and NOC. One is defined as a read / write and the second read-only. This is in turn then mapped in ACS (in our case version 4.2) by user or group (preferred). First, you change the configuration of the interface and add a Ganymede junos-exec service and do not enter the Protocol field. Then, you change the attributes of the user group. I've attached screenshots for both on this subject.

  Hope this helps.

  Derek

• Install cisco Security Manager

  Hello:

  I aquire a license CSM and need to install, just have a server and it is installed 3.2 LMS.

  Follow the installation instructions, I found that this CSM cannot be installed on the same server as LMS.

  This is the paragraph:

  "We do not support the coexistence of Security Manager with any third-party software or other software from Cisco (including any brand CiscoWorks 'solution' or 'package', such as the LAN Management Solution [SGA] or the [MV] security/VPN Management Solution), unless we declare explicitly otherwise in this guide, or http://www.cisco.com/go/csmanager .

  "

  Someone can tell me if this is permanent or can install both on the same server.

  Thank in advanced

  No problem at all :). Please rate if you find useful messages.

  Concerning

  Farrukh

• IPS Manager Express or Cisco Security Manager?

  Hi all

  We think buy the license for the 5512 IPS - that of above (IPS Manager Express or Cisco Security Manager) is the right tool to read about management purposes? Or I can be selected? If I can choose either, which guy are you advocating?

  See you soon!

  M

  How many systems do you have? If the number is high, the CSM is the way to go. Manage many systems (and keep them in sync with the same political) with IDM and IME is a nightmare. But if it is a single system, the EMI is the right tool for you. It works very well for the follow-up (up to 10 devices) and can also manage them (individually, it is not so easy for more then another system). And it's free.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Does Cisco ACS 1113 v4.2 device work with Windows 2008

  Hello

  I have a wireless currently in production infrastructure. All my Cisco LWAP is managed by Cisco WLC. Authentication is done via RADIUS through my device Cisco ACS 1113 running on version 4.2. The Cisco ACS 1113 device communicates with my Windows 2003 Active Directory. Everything is good now.

  Next month, we plan to update Active Directory from Windows 2003 to Windows 2008? Will be all fine and good, or will it be questions? Please advice kindly.

  I saw another post in this community that the States https://supportforums.cisco.com/thread/1003597?tstart=0. I am now confused. Help, please.

  Kind regards

  RAM

  + 60122918870

  ACS 4.2 does not work with Windows 2008R2.  I had a case of TAC open about this, and basically, they told me that I had to switch to 5.2 ACS.   I've been doing demonstrations there and it authenticates with Windows2008R2 very well.

• Cisco ACS 5.2 VMware 'Management' process hangs

  Hello

  We recently purchased the Cisco ACS 5.2 VMware must be installed on VMware ESXi 4.1.  However, after commissioning the virtual machine with the requirements set out in the Cisco installation guide, GBA is unable to start properly.

  We don't get messages visible error, but when checking on the process of the CSA, I see that the process of 'management' is suspended in the "initializing" State

  Any ideas how to solve this problem?

  Thank you

  Gilbert

  ESX 4.1 is not supported with ACS 5.1

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/device_support/sdt52.html#wp75825

  Virtual Machine requirements

  The minimum configuration for the virtual machine must be similar to the hardware configuration of the server series CSACS-1120.

  Table 6-1 lists the minimum system requirements to install ACS 5.2 on a VMware virtual machine.

  Table 6-1. minimum system requirements

  Type of requirement	Minimum requirements
  CENTRAL PROCESSING UNIT	Intel Core2; 2.13 GHz
  Memory	4 GB OF RAM
  Hard drives	500 GB of disk storage
  NIC	1 GB NETWORK interface
  Hypervisor	VMware ESX 3.5 or 4.0

  Installation of ACS 5.2 on VMware

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_vmware.html#wp1057864

  Kind regards

  Jousset

• NCS and Cisco Security Manager 4.2 servers

  Hi all

  I spec'ing on two new servers; one is for a box of first NCS and other area of Cisco Security Manager 4.2. I have decided to go with the range servers Cisco UCS, but am a little unsure of something on the said recommended in the datasheet for the AC.

  The NCS data sheet

  http://www.Cisco.com/en/us/prod/collateral/wireless/ps5755/ps11682/ps11686/ps11688/data_sheet_c78-650051.PDF

  ... reads as follows:

  ******************************

  If the first Cisco NCS deployment as a virtual appliance on a server provided by the customer, one of the following versions

  VMware ESX or ESXi can be used:

  Version of VMWare ESX or VMWare ESXi 4.1

  ******************************

  This means that the NCS software MUST be be virtualized, or can it be installed and simply turn on something like Windows Server 2008? If Yes, through a serious disk image?

  Secondly,.

  the two servers are running RAID arrays and I was wondering what are your views on the execution of any (OS, Cisco software, records and other data) set on the RAID array, or the OS and Cisco software on a separate boot disk and store data only on the RAID?

  I see no reason why it would not run together on the RAID, but I'm curious to know what you think about it.

  In addition, we are upgrading our WCS courses and I was wondering if some kind of migration is necessary or can we just install fresh NCS on the server and configure it accordingly.

  See you soon,.

  -Dave

  Dave,

  For the first part, the NCS works only as a virtual machine.  You can buy the device hardened to it, but it's still a virtual machine, NCS is presented as a .ova.

  Regarding separate them, with NCS I don't think you'll be able to.

  Steve