Ganymede + auth-proxy on acs 5.0 and later support?
The nas is 2801 with ios 15.1 and acs 5.3.i want to deploy auth-proxy using Ganymede + protocol.but there no work.using RADIUS is ok.
I want to know Ganymede + auth-proxy on acs 5.0 and later support?
Thank you!
GANYMEDE + Auth-Proxy is only supported after ACS 5.3 patch 5. Upgrade your ACS 5.x or use RADIUS for authentication Proxy.
Tags: Cisco Security
Similar Questions
-
ASA auth-proxy Radius and downloadable ACLs
Hello
I want to have ACLs that decide what traffic to allow after authorization auth-proxy.
1. What are the options I have to ASA + ACS?
2. can I use auth-proxy on SAA with the CSA and download RADIUS and ACLs?
3. can I use auth-proxy on SAA with the ACS and Ray 01/09/00-cisco-av-pair (will be ASA understeand it?)
4. can I use auth-proxy on ASA attrbuts auth-proxy ACS and Ganymede (with ACLs)?
Thanx
Hello
Take a look at this guide to see if that helps answer your question. You can use the downloadable ACLs or the cisco av pair, I saw that the cisco-av-pair method works a little better because he has the user name who logged in as part of the acl which facilitates troubleshooting.
http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/access_fwaaa.html#wp1150820
Thank you
Tarik Admani
-
authentication local auth-proxy
Hello
Auth-proxy authentication works with the usernames of local aaa on a Cisco router or RADIUS / Ganymede + mandatory server for this task?
I m trying to limit the access of web on a branch office router without using a proxy server that is centralized on the main office.
Thanks for your help.
Hello
You will need a RADIUS/ACS server for this feature. See:
"Cisco IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. Previously, user identity and related authorized access were associated with an IP address of the user, or a single security policy should be applied to a group of users together or subnet. Now, users can be identified and authorized on the basis of their policy of each user. Adaptation of the access privileges on an individual basis is possible, as opposed to the application of a general policy between several users.
With the authentication proxy feature, users can connect to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved, of a CiscoSecure ACS, or other RADIUS or GANYMEDE authentication server +. User profiles are active only when there is active traffic from authenticated users. »
HTH,
Bobby
* Please note the useful messages.
-
WLC / ACS / AD - domain and laptops no - domain (802. 1 X / PEAP)
Hi all
I implement a solution based on 4404 WLC, 1113 ACS and Microsoft AD. What I want to achieve is to have two WIFI (SSID), that can be used by users on laptops of the domain, the other can be used by the users in the domain on personal laptops. Field portable computers will have full connectivity, but personal laptops will be restricted.
I created the two SSID using 802. 1 X by ACS / Remote Agent and can authenticate and connection OK.
I thought I should have user auth and auth machine for laptops of area but just user auth for personal laptops.
I have unauthenticated machines go to one group ACS or blocked, but I need to enable them in if they are on the SSID restricted. I can't quite understand how to have two SSID is authenticating with the same ACS / AD - one green and the other.
I'm on the right track?
Anyone done this before or have any bright ideas?
See you soon,.
John
With the use of WLAN access based on the SSID, users can be authenticated based on the SSID they use to connect to the WLAN. The Cisco Secure ACS server is used to authenticate users. Authentication happens in two stages on the Cisco Secure ACS:
1 authentication EAP
2 resulting SSID authentication of network (NARS) on Cisco Secure ACS Access Restrictions
For the new designation and configuraiton following URL can help you:
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml
-
Hello
I have set up a box of the ACS 5.4 and will test the devices on it.
Cisco and Juniper, both works well with GANYMEDE
I can connect both the use of SSH or Telnet but my problem is the Juniper J-Web GUI
I can't access the J-web no problem with the root account.
I can't seem to make it work, no matter what I try. Here is my shell of the GBA box
And the following configuration of Juniper. I tried to bind the local-user-name attribute to the remote and remoteadmin with no luck. Anyone got any ideas how I can fix this problem? Or if its even possible?
version 9.6R1.13;
System {}
host name of Juniper-pare-fire;
authentication-order [tacplus password];
{root-authentication
password encrypted "$1$ $1tRuy9o2 LwSPxNwe4XGNMOMIMo1pd1"; # SECRET - DATA
}
{tacplus-Server
10.251.200.25 {}
secret ' $9$ zaUL6/AtuOIRS5QF/CuEhws2 "; # SECRET - DATA
Timeout 10;
Single-connection;
}
}
accounting {}
events [connection change-journal interactive-commands];
{destination}
tacplus;
}
}
{Login
the user admin {}
UID, 2001;
root class;
{authentication
password encrypted "$1$ MNUZBLFW$ X2sJL/UTgRYcgBNV4RLe.0"; # SECRET - DATA
}
}
user remote {}
full name of the "remote user";
UID 2025;
operator class;
}
the user remoteadmin {}
full name of "Remote Admin";
UID 2026;
root class;
}
}
services {}
SSH;
Telnet;
Web-management {}
{https}
System - certificate generated;
interface fe-0/0/0.0;
I worked on almost similar issues today and he confirmed that he is able to access J-WEB with the credentials of Ganymede. You can check the config here: https://supportforums.cisco.com/message/3953224#3953224
Through your config it seems that you have not defined/created classes as he did:
for example:
{Login
class CLASS Number {}
permissions [view configuration];
}
class CLASS RW {}
permissions in full;
}
user {JUNOS-RO
UID 2000;
Jatin kone
-Does the rate of useful messages- -
ACS, Service access and authorization
I'm under ACS 5.2 and I'm trying to set up 3 new SSID, which 2 are not guaranteed and 1 which is secure. I'm trying to understand the best way to allow their evolution on which network they come. All authentication requests are from the same devices, LAN controllers without wire, so NDG cannot be used as criteria. I was watching either create 3 Access Services and using selection rules, or by creating 1 Service access and using permission to choose. However, I can't find an attribute to use for determining what network they came.
Anyone has a suggestion for the best way to do it? I have
Go to the elements of the policy-> Conditions of network-> end of Station filters and create a rule CLI/DNIS that includes the name of the SSID, and then use it as a condition to any rule you create for authentication. The SSID will be preceded by MAC address, then enter * ssidname (i.e., match whatever it is before the name SSID, then match the SSID). For example, if the SSID is called lab, then you must enter * lab.
Then go to access-> Service selection policies and create a service selection rule that has end Station filter as a criterion.
-
Hello
I try to load the attributes of the CNA for IBM Corporation (TSCM) of the FTP (the attributes of the NAC management), but these do not appear in the system
Configuration-> Configuration-> CSV connection failed attempts Configuration or CSV file past Authentication Configuration file.
My server is ACS 4.0 device. On ACS 3.3 my attributes of the NAC is working well.
[attr #0]
Vendor id = 2
name of the vendor = IBM Corporation
application = 50 ID
SCM = application name
attribute id = 00020
attribute name = political Version
Profile attribute = off
type of the attribute = string
[attr #1]
Vendor id = 2
name of the vendor = IBM Corporation
application = 50 ID
SCM = application name
attribute id = 00021
name of the attribute = number of Violation
Profile attribute = off
type of attribute unsigned whole =
[attr #2]
Vendor id = 2
name of the vendor = IBM Corporation
application = 50 ID
SCM = application name
attribute id = 00010
Action = attribute name
Out = attribute profile
the attribute type = String
I loaded the list with attributes for Symantec on ACS 4.0 and it is OK, but for Tivoli Security Compliance doesn't work.
Please help me if you have a solutions!
Thank you!
Hello
Well Yes, you can't have a space between the name of the seller, I case that after loading the file I do not have the attribute of the GBA unit, but can see logging. After the reboot of the ACS that's ok.
I also, can deployment of the NAC with IBM TSCM, you share the experince? What version of client TSCM, we should use? I can't get the 5.1.0 version but it looks like no need version 5.1.2 above only can patch the last update.
Thank you
-
Problem ACS 4.0 and Server RSA Token
Hello
We are having a problem trying to get 4.0 for Windows GBA authenticate users on a Server Token RSA wireless.
Our Cisco 1200 AP series is configured for WPA2 and LEAP Authentication. He points to the ACS server for RADIUS authentication. Now, it works very well for users with a static password defined on the internal database of GBA. However, for obvious security reasons, we? d as the transmitted authentication to our server internal RSA.
I installed RSA Agent on the same server as the ACS along (after adding the sdconf.rec file in the System32 folder). The RSA server was added to the ACS external database and a user configured to use the Token RSA server for password.
When we try to authenticate, the ACS fails the attempt with reason? External DB passes invalid?. The same user can authenticate successfully during the use of the RSA test authentication tool that is installed on the ACS server under the RSA Agent software.
After running some debugs a pix in front of the servers, I see traffic to and from the servers when you use the test tool (that works), but it looks like GBA doesn't? t even send traffic to the RSA server during authentication.
Any help or advice appreciated.
Thank you
no no no no! Do not use EVER of RSA with WIFI + PAP.
The token + pin can be sniffed and is good for 60 seconds... on the Wifi which is disastrous.
-
HP and HP Support Assistant update
Is it necessary to have and use the updated HP and HP Support Assistant? HP Support Assistant does not have everything HP Update done more more? It seems that HP Support Assistant was created to replace HP Update.
Hello:
I agree with you.
The support assistant is a program that includes the search for updates and other features such as air upward, etc..
I see no need for both (in fact, I see no need of either).
I mean this... I would like to change the default value of the assistant to support the definition and automatically download and install updates. I read where this thing was running updates the BIOS in the background while people were working on their PC with antivirus running programs, etc., than to have bad things happen.
If you like the support Wizard, my recommendation is to change the setting to warn and let me choose which updates to install - or what is the closest option to the default.
Paul
-
Workstation Mobile HP EliteBook 8540w AND HP Support Assistant
Assistant HP support keeps showing me that there is an update for the graphics card AMD driver and control panel for my HP EliteBook 8540w. It is for the driver to download and then fails. I could update all my drivers except this one today.
The driver version is listed in the Manager Support HP in the following way:
8.911.4.2 - A-145903C 120811
Thanks AttackofZaq,
I had already uninstalled and reinstalled it as suggested elsewhere on these cards (and before your above suggestion). Kudos are certainly in order because you answered, but yours was not the answer that solved my problem.
Curiously, I used HP Support Manager to answer my question, to aid that it is built based on cat. I was put in a conversation with a competent representative of HP and he advised me to do the same thing as you. Still, I had to tell him it was all finished. I allowed him to control remotely from my laptop through virtual rooms of HP and he confirms what I said.
In the end, we agreed that the wrong display driver that was listed in the support manager was an anomaly that should not be are revealed to me that he is not yet released. The representative stated that he would a note at HP on the problem as it was more than just an embarrassment on my part; I tried several times to install this driver ghost using HP Support Mananger only of for have failed and then uninstall later Support Manager himself AND finally post on this forum before you try the chat feature...
Overall I am satisfied by the level of support I received. I recommend the option chat to everyone that I was helped by a real person with real technical skills and there is no "communication problem" between us.
-
I have just updatedmy norton 360 with the help of Norton and there are some points that kept coming, now disabled. There is none to or viruses in the system but now my help site and catering support is disabled and the box so that it is turned off is still in the box... How do I turn on my system restore? Thank you daniel crafton
Hi Daniel,.
I recommend you uninstall Norton 360 temporarily computer & check if the problem persists.
Download and run the Norton removal tool to uninstall your Norton product
Note: later, install the application after checking.Hope the helps of information.
-
my firewall is disabled and later turns
My firewall keeps turning itself off and later it is back.
I am running Xp SP3 with Microsoft Security Essentials?
Hello
1. don't you make changes to the computer until the problem occurred?
I suggest you to try the steps below and check if it helps.
Method 1: You can run the fix it from the link below and check if this can help:
Diagnose and automatically fix problems of Windows Firewall service: http://support.microsoft.com/mats/windows_firewall_diagnostic/en-us?entrypoint=lightbox
Method 2: Also access the link: you cannot enable or disable the Windows Firewall on a Windows XP Service Pack 2 computer setting: http://support.microsoft.com/kb/914230
(Valid for Service pack 3)
Note: A Firewall is software or hardware that checks information coming from the Internet or a network. Firewall blocks some information or allows information to pass to your computer. If the information is blocked or passed through depends on your firewall settings. A firewall can prevent malicious software (such as worms) to access your computer through a network or the Internet. A firewall can also help stop your computer from malware sent to other computers.
Additional information:
You can also read this article.
If the problem persists then I suggest you to contact Microsoft Security Essentials forum. http://www.Microsoft.com/en-us/security_essentials/support.aspx
Hope this information is useful.
-
dad bought me a computer PORTABLE from NUTRIGEST I HAVE BEEN out of the CITY FOR SOME TIME AND LATER BETWEEN the AUTHENTICITY CODE PRODUCT, AND IT's not SAYIING VALID, BUT I KNOW THAT can NOT BE TRUE
If it is a new machine call or go to circuit city and get them fixed. If they sold you the laptop, indicating that it included Windows XP then the onus is on them that provide you a valid COA and the product key.
John
-
I uninstalled IE 9 and later decided to try to download again, but windows update keeps giving me an error code 9 c 48. can anyone help.
* original title - windows update *.Solve the problems when you can't install IE9
http://support.Microsoft.com/kb/2409098Prerequisites for installing IE9
http://support.Microsoft.com/kb/2399238===================================================
Microsoft offers telephone support free of charge home users (only!) for IE9 install and uninstall issues. Alternatively, you can get telephone assistance if your problem causes your computer fails or if IE9 won't let you browse all the sites. In the United States and CA, call (800) 642-7676.
Non-US/CA residents may see this page: https://support.microsoft.com/oas/default.aspx?&gprid=15672
=> You will find support for Internet Explorer in this forum: http://answers.microsoft.com/en-us/ie
-
I can not turn on Microsoft Security Essentials anti virus and later moved it not update.
I can not turn on Microsoft Security Essentials anti virus and later moved it not update. The system is Vista and update 80070643 error code.
Additional references may include:
[MMS] Installation error 0 x 80070643
http://answers.Microsoft.com/thread/908fad3e-F9FC-4d8a-BE83-ae7d3bc48db5Checklist for installation of Microsoft Security Essentials
http://answers.Microsoft.com/thread/bf757e6a-E320-4a67-92bc-767e6acb26c4Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean my already infected computer?
http://answers.Microsoft.com/thread/87058857-D181-4019-a723-efd9a49d9275Microsoft Security Essentials Support Forums (all)
http://answers.Microsoft.com/en-us/protect/Forum
Maybe you are looking for
-
Hi all I'm using LabVIEW 2015 with FPGA module. Can you change the size of large FIFO external target (using a control, for ex, attached to the FIFO) without having to access the settings menu? Thanks in advance.
-
printer, showing that 24 but not printing
Please can you advise how to start the printer to print items in the acknowledgments that
-
Camera Chicony USB 2.0 for Win7 Home Premium 64-bit
I have a Chicony USB 2.0 Camera and my OS is Windows 7 Home Premium 64-bit. My laptop is Toshiba Satellite T130 - 10G. I would like to tell me the site where I can download the driver for this webcam. Product: Chicony USB 2.0 Camera Category: Image D
-
How to make a copy of a CD - music or data
I just want to make a copy of CD
-
When I print from my computer it puts black horizontal lines through the pictures. Any suggestions?