Ensure the redundancy of the ACS

Similar Questions

• Two questions about the ACS 5.1: password aging and allowing multiple disabled accounts

  Hello

  I test in ACS 5.1 password aging, and I discovered that you can have only one global setting for the password for all the accounts internal life. Is it possible to exclude some internal accounts of this global password aging policy? I would like to have number of accounts, passwords should not be aged at all...

  Second question: when I was testing password aging, I set myself to life of password in 4 days with warning after 2 days. All accounts in my test of the ACS configuration are now disabled, because 4 days has passed when I changed it. Is there a possibility to allow multiple accouns at once, or do I have to activate 500 internal accounts manually, one by one?

  Thanks in advance

  WM

  I'm not aware of any way to score internal as users with passwords as enver expire. This is done for admins ensure there is always an admin who can access the system

  In order to change the multiple/all documents for internal users, the following approach can be taken:

  1. Go to the list of internal users and press "Export" then 'Start export' and 'Save file' export user records to a csv file
  2. Edit the file. In the title 'active' column replace 'FALSE' to 'TRUE' for all records. Save the updated file
  3. To the page that lists internal users, tap "File Options", select "Update", and then click next to access the section "Import a file" Wizard. Select the file saved in step 2) and tap on finish

  Afetr imort is completed, all records of internal user should now display "Enabled".

• ISE Migration tool: Unable to connect to the ACS

  Hello

  I try starting the Cisco migration tool to migrate data to ACS 5.2 to ISE 1.1.

  When I run the migration.bat file, I get:

  C:\migTool>migration.bat
  log4j: WARN no such property [encoding] in com.cisco.acs.positron.migration.utils.Log4jTextAreaAppender.
  INFO [main] MigrationApplicationDriver.main:56: applies from the main method.
  Org.springframework.context.support.ClassPathXmlApplicat updating of INFORMATION [hand][email protected] / * /: start date [Thu Jul 11 16:46:09 CEST 2013]; root of context hierarchy
  INFO [hand] loading XML bean definitions of resource path of class [conf/META-INF/beans.xml]
  INFO [hand] instancing of the singletons in org.springframework.beans.factory.s[email protected] / * /: defining beans [exportAuthorizationProfileCache, exportConditionRightOperandCache, exportDevicesCache, exportEnumAttributeIdCache, exportEnumerationCache, exportGenericAttributesCache, exportIdentityAttr
  ibuteCache, exportIdentityDictionaryCache, exportIdentitySourceCache, exportPredefinedDataCache, exportRADIUSDictionaryCache, exportServicesCache, exportManagerImpl, m
  igrationApplicationManager, migrationPhaseStatefulComponent, stateManager, migrationProcedureModel, migrationApplicationGUI, defaultImportObjectHandlerFactory, import
  AllowedProtocolCaching, importAuthZProfileCaching, importDateTimeCaching, importDevicesCaching, importEndPointCaching, importExternalIdentityStoresCache, importIdenti
  tySourcesCaching, importPolicyElementsCache, importRadiusProxyCaching, importUsersCaching, importManagerImp, org.springframework.context.annotation.internalConfigura
  tionAnnotationProcessor, org.springframework.context.annotation.internalAutowiredAnnotationProcessor, org.springframework.context.annotation.internalRequiredAnnot
  ationProcessor, org.springframework.context.annotation.internalCommonAnnotationProcessor]; root of the hierarchy of the factory
  [Main] INFO start parsing of the XML query...
  [Main] INFO start the process XML analysis...
  INFO [Thread-5] Start ACS5 IP connection
  WARN [Thread-5] could not find the required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
  ERROR [Thread-5] error occurred during communication with ACS 5.x. (404) not found
  ERROR [Thread-5] error occurred during communication with ACS 5.x. (404) not found
  ERROR [Thread-5] failed to connect to the DCC 5 to start exporting. Make sure that:

  1 migration interface is enabled on the ACS 5 server.
  2 ACS 5 services run.
  3 ACS 5 IP and username and password are correct.
  4 ACS 5 has a compatible license installed.
  INFO [Thread-6] Start ACS5 IP connection
  ERROR [Thread-6] error occurred during communication with ACS 5.x. (404) not found
  ERROR [Thread-6] error occurred during communication with ACS 5.x. (404) not found
  ERROR [Thread-6] failed to connect to the DCC 5 to start exporting. Make sure that:

  1 migration interface is enabled on the ACS 5 server.
  2 ACS 5 services run.
  3 ACS 5 IP and username and password are correct.
  4 ACS 5 has a compatible license installed.

  Then, I click on the export of ACS, and when I put my name to the ACS server and the password, I get:

  "

  ERROR [Thread-9] failed to connect to the DCC 5 to start exporting. Please ensure that: INFO [Thread-9] Start ACS5 IP connection
  ERROR [Thread-9] error occurred during communication with ACS 5.x. (404) not found
  ERROR [Thread-9] error occurred during communication with ACS 5.x. (404) not found
  ERROR [Thread-9] failed to connect to the DCC 5 to start exporting. Make sure that:

  1 migration interface is enabled on the server ACS5

  2 ACS 5 services run

  3 ACS 5 IP and username and password are correct

  4 ACS 5 has a compatible license installed.

  Can someone help me?

  Best regards

  David

  You have activated the web interface of migration? Check that you have configured the computer source of Cisco Secure ACS 5.1/5.2 with a unique IP address. The migration tool may fail during the migration if each interface has multiple IP address aliases.

  Document taken in charge:

  http://www.Cisco.com/en/us/docs/security/ISE/1.0.4/migration_guide/ise10_mig_install.html

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• lack the sign in seal (ensuring the validity) for the Yahoo email login page

  The login-seal is an option that you generate for sign id and password for yahoo emails. It ensures the authenticity. It appears so, except on firefox. I'd appreciate your comments please.
  Thanks in advance...

  See also:

  The problems of connection attached: https://help.yahoo.com/kb/yahoo-account/SLN2676.html

• Cannot print. Reference Dell 944 communication usb port is not available. error check your firewall settings to ensure the printer communication is not blocked.

  Original title: unable to print. Reference Dell 944 communication usb port is not available.

  Message says 'check your firewall settings to ensure the printer communication is not blocked. Printer has worked faithfully until the problems started with the XP Home operating system. To cut a long story short ram upgraded to 2 GB, all unnecessary programs identified and technician Microsoft contacted to solve problems.  I was informed of problems caused by 3rd software party conflicts. Kaspersky was apparently the culpit. Dell Inspiron 32 now much faster but the printer will not work little matter what I do. I tried to reload with drivers & utility CD, drivers uninstalled & reinstalled on the site of all nothing is? Can someone help?

  DavidNicholsonXN,

  How to download and install drivers in the correct order

  also try to read...

  The owners of all-in-one printer Dell 944 thread (W7)

  Let the printer after Kaspersky

  Rick

• Is there a problem with accounting and 4.1 of the ACS

  Good day to all,

  I just installed a new server with ACS 4.1.

  This new installation 4.1 ACS is approved, I will retire my old server that ACS 3.1.

  At this point, the only problem I have with ACS 4.1 is with the accounting.

  For example:

  I used a test-router with all the necessary config pointing to my old 3.1 ACS. Everything works fine (authentication and accounting). If I enter a command on the router test it's journal on GBA 3.1.

  Now, if I change the test-router to point to the new 4.1 ACS, the ACS 4.1 will authenticate the router test correctly, but won't save any command that I enter the router test. I did a shot between the test-router and 4.1 of the ACS and the router test sends accounting statement ACS 4.1.

  There are many different configuration of ACS 3.1 4.1, but as far as I can see the config on the two ACS is as similar as possible.

  Y at - there anyone out there who could do 4.1 ACS to process accounting properly?

  Any idea will help you.

  Thank you

  Frank

  Here is my config:

  AAA new-model

  AAA authentication login default group Ganymede + local

  connection of AAA No.-AUTH authentication no

  AAA authorization exec default group Ganymede + local

  AAA authorization commands start-stop Group 1 Ganymede +.

  AAA authorization commands start-stop group 15 Ganymede +.

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 1 by default start-stop Ganymede group.

  AAA accounting command 15 by default start-stop Ganymede group

  !

  192.168.100.16 host key radius-server *.

  (the above command is the only command I change to point the finger 3.1 ACS or ACS 4.1)

  RADIUS-server application made

  Please use the following link. It has 4.1 cumulative patch that contains the hotfix for bug.

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES

  Don't forget to download the readme text also.

  Rate me if it helps.

• The ACS upgrade to 3.2

  Greetings,

  By opting for the ACS 3.2, all my settings and the securities will remain the same? If this isn't the case, I have a router connected to the server and I will get locked. I heard there is a specific order for the removal of the lines to avoid of locking me. Is this true?

  Thank you

  You will need to select the option "Yes, import the existing configuration", while improving the ACS software. Information on the upgrade of Cisco ACS software Preserving Configuration found in the documentation to

  http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/ACS32/win32sig.htm#9934

• Download the ACS software... ?

  I don't know about the 90-day trial; However, is there a way to download a full version for windows to the Cisco site. I am able to download the software so the isn't a problem. I don't see anywhere to download a full version and not only test 90 days?

  TKS-

  You must purchase the software to full version. It is only available on CD. When you buy the ACS software, it comes with a device (ACS1111). I do not see the neccessity or the advantage of Cisco made available for download on their website the version full of GBA.

• The ACS authentication

  We have ACS running without any problem. We have a special VLAN to a public kiosk that clients can use to surf the internet. The kiosk is wireless and is configured for automatic connection with a specific account. The access point uses the vlan 1 and vlan 40 terminal wireless. When the kiosk machine authenticates to ACS running on our domain controller (who resides on the vlan 10)-is the kiosk machine communicates with the domain controller or the kiosk machine communicates with the access point, which, in turn, communicates with the ACS server? I would like to block 40 access vlan in the vlan 10 but if the kiosk machine must communicate with the domain controller, I don't think I can. Any help is appreciated. Thank you.

  Unreliable kiosk machine only communicates with the AP. The AP will send credentials on the ACS server, which in turn, will try to authenticate them on the Windows domain controller.

• The ACS trial version expired

  I know I should have remember, but I do not have...

  I have been using the ACS 90 day trial that expired before I bought a copy.

  I lose everything and how to go on product licenses now that I bought?

  Thank you

  Andrew

  Please mark it is resolved, so others can benefit from.

  Kind regards

  ~ JG

• AAA GANYMEDE + accounting - CLI question by user not appear in the report of the ACS.

  Can I know why CLI cancelled by the user does not show on GANYMEDE ACS accounting report. The length of time is displayed, but I also wanted to connect what is the commands issued by the user.

  WHA is missing here?

  enable AAA authentication login VTY P1_ACS local group

  Group default AAA authorization exec local P1_ACS authenticated by FIS

  AAA authorization exec CONSOLE none

  AAA exec by default start-stop accounting P1_ACS group

  AAA commands 5 default start-stop accounting P1_ACS group

  AAA commands 15 arrhythmic default accounting P1_ACS group

  Accounting logs command is stroed in the newspapers of the administration of Ganymede.

  There is also a known issue on ver 4.1.1 and we must

  apply the ACS 4.1.1.23.5 patch to fix the problem.

  Patch for the unit is available on

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

  The patch name: ACS SE 4.1.1.23.5 rollup

  Acs hotfix for windows is available on

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES

  The patch name: ACS 4.1.1.23.5 rollup

  CCIE Security

• To access the AIP-SSM-10 through the ACS

  Hye,

  Please, I would like to know if you can access the AIP-SSM-10 using a Cisco ACS account.

  Thank you

  IPS module does not support authentication to the ACS server.

  Please find the only authentication method for IPS in the following document:

  http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/IDM/idm_sensor_management.html

  Hope that answers your question.

• the ACS 5.1 and cisco ACE module

  Hello

  I would like to configure Ganymede + aaa Catalyst 6500 Cisco application control engine module. In the configuration guide for ACE it is advice that you need to configure additional parameters to be returned by the RADIUS server (shell:= ...) ) for authorization of virtual context Cisco ACE. My question is: where exactly should I put these settings in the ACS 5.1? Is there a document describing ACE + ACS 5.1 configuration Ganymede?

  Thank you

  WM

  Here is the doc.

  Post edited by: jkatyal

• Administrator rights to the ACS using Active Directory groups

  Good afternoon

  We must be able to use administrative accounts for our device ACS who reside in an Active Directory group, if possible.  If this is not possible, what other safer options would we be able to use (RADIUS authentication or authentication RSA 2)?

  Thanks in advance

  You can only use the locally stored accounts within the ACS.

• Issue of operability of the ACS as RADIUS with ASA 5.0?

  Hello

  I'm trying my VPN to get authenticated user with RADIUS (ACS 5.0). and VPN users database is created in AD. Now when I am trying to connect through the Cisco VPN client, I am unable to do so. Infact, I get an error message (through debugging at the level of the SAA for aaa and isakmp) my RADIUS server is DOWN.

  Please let me know is there any compatibility issue with ACS 5.0 on it because everything was working fine on my version 4.2 of the ACS.

  Concerning

  Ritesh

  Ritesh,

  Yes, there is a lack of ACS 5.0 with vpn authentication.

  When you try to connect with the VPN client. you will not see any hits in the follow-up and the views.
  The ASDM logs: you'll see radius server is not accessible.
  Debugs you show RADIUS period.
  This will work with Ganymede.

  Access policy rule was does not. Also, could not use RADIUS as hit CSCsy17858

  http://cdetsweb-PRD.Cisco.com/apps/goto?identifier=CSCsy17858>; Used Ganymede + instead of RADIUS.

  If you want to use the RADIUS then you need to upgrade your version of acs to 5.1

  You can down load patch 9 (5-0-0-21 - 9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg) from the below path:

  Go to Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software 5.0.0.21 >

  Reference: update of the CSA since version 5.0 to 5.1:
  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html

  HTH

  Kind regards

  JK

  The rate of useful messages-