NAC v 4.1.1 and issuance of Nessus

Dear Sir/Madam,

I'm trying to set up analysis of vulnerabilities in network security controls, I am already registered for Nessus 2.2 http://www.nessus.org/plugins/index.php?view=registerplugins. and downloaded the free plugin downloaded then the CAM, I received the message says "result: Upload successful", but under the Plugins tab, I couldn't find anything in the menu plugins to show.

all of the suggestions!

Kind regards

Hello.

Please, try to rename the file to plugins.tar.gz (instead of plugin.tar.gz) plugins and download it again.

Please let me know if that helps.

-Joe

Tags: Cisco Security

Similar Questions

  • Activation of the NAC HA puts several hosts and ASA with processor clocked at 100%

    I installed a NAC Manager and a NAC server in OOB without any problems, but when I configured the AP (high availability) with another server, my ASA and several guests in my network started work ant 100% of the cpu.

    I tried to configure each interface of the NAC on a single DMZ and the problem stops there.

    -That someone had this problem (NAC version 4.7)

    TKX

    Miguel Amaral

    Hello Miguel.

    When I started a NAC InBand HA solution I had a similar problem that I solved the heart rate HA configuration to use ETH0 just instead use ETH0 and ETH1.

    Best regards

    Luciano Carvalho

  • reset of the NAC server to factory default and feeder

    I NAC appliance CAM version 4.7 (3) I want to get back to his factory or clea all configuration

    and the SME with the server.

    Wael,

    Elly's right. For production systems if you want to start over, best idea is to recreate the image.

    If you are in a lab setting, you can cancel the database on cam by running the following commands:

    -stop service perfigo
    -dropdb localhost h postgres - U controlsmartdb
    -createdb localhost h postgres - U controlsmartdb
    -psql localhost h postgres - U controlsmartdb< >
    -perfigo service start

    The CASE, you can remove the/perfigo/access/bin/env file and restart.

    HTH,

    Faisal

    --

    If you find this article useful, please note so that others can easily find the answer

  • Lightroom and issuance of dual display

    I have a MacBook Pro and an external NEC MultiSync follow. I'm running on the latest Version of Yosemite. I keep my MacBook Pro as home base so to speak and the secondary external monitor. I used to be able to keep Lightroom as a floating window, and this feature seems to have disappeared. What's really frustrating is that if I make the wrong move with my mouse Lightroom winds upward on the other monitor. Sometimes I can get it to come back with a mouse, click on my laptop, but not always, so then I have to stop Lightroom and start again. This can be considered a matter of Apple, but here I have a problem with Lightroom. I got it with versions 5 and 6 now. Does anybody know the right way to deal with this.

    Hi, jiml1948

    Sorry, I'm not sure I understand the question, but I thin holding down the SHIFT key and pressing toggle the F key to display different windows (including the floating window). I hope it helps.

  • In anticipation of the posture with 1.3, Agent NAC 4.9.5.10 ISE and Windows 10

    Hello

    I have a client with the patch 1.3 ISE 5 installed in its network, and it tests the connection to the network from a client Windows 10. In the client, this customer has manually installed Agent NAC 4.9.5.10, and used Anyconnect 4.2.01035 (with NAM module) as supplicant 802.1 x.

    In the ISE, the 3.6.10205 - 2 4.9.5.10 NAC Agent and compliance Module is downloaded and there is that a strategy of commissioning of the customer created in order to provide customers with this version of the NAC Agent and compliance Module if this client authenticates correctly in Active Directory. There is also a political Posture that requires that the customer have a fixed version of McAffee Antivirus from the Posture.

    When connecting to the wifi network, the client authenticates properly using the user name and, after authentication, it launches the Cisco's NAC Agent in order to pass the posture. At this point, the Agent NAC pop-up displays an error indicating that the operating system of the client is not supported, although NACAgent 4.9.5.10 supports Windows 10 and patch5 ISE 1.3 also supports Windows 10. Due status Posture maintains in State waiting, the customer is not allowed to connect with the correct permissions for the network by the ISE authorization policy.

    My questions are:

    You know the reason for this error showed by NAC Agent (client operating system not supported)?

    Do you know what are the correct versions of the NAC and ISE Agent to support customers on Windows 10 connections?

    And also, Windows 10 is supported by ISE 1.3 patch5 or maybe it's better to move to ISE 2.0?

    Thanks in advance

    Concerning

    Juan

    I'll guess that maybe the VA of Cisco and databases supported OS version are not current.  Try to go to the Administration->-> Posture--> updates the settings and click on "Update Now".

  • Cisco Aironet SAP1602E - changing open to WPA - PSK access remote (RAP and map)

    I currently have a deployment of Cisco Aironet SAP1602E Wireless point to point bridge (bridge using RAP and card, root wireless and Non-Root Bridge) to expand a layer 2 VLAN from one building to the other. It currently operates uisng open authentication and encryption - and is administered remotely via the bridge of root, to get wireless (manage) the bridge Non-Root - RAP wireless remote.

    Try to configure the PSK WPA2-PSK remotely via the GUI or CLI - first setup - I informed a similar error to her below indicating that:

    Error: Key-management WPA is requried for WPA-PSK
    Read around, it seems, there is a configuration-control problem, and that I need to specify the mode as WPA2-PSK first, before then being able to specify the PSK there instead of using. However, as soon as this mode is specified on RAP, my remote administration is broken - as probably the RAP try to use WPA2-PSK to look for a PSK, which has not yet been configured. Am I missing something obvious here, or is the order of operations of CLI (1] convert to WPA - PSK; (2] shared secret to apply PSK) as a migration from open to WPA2-PSK cannot be configured remotely (short of preparation of a startup-config; TFTPing presents more; and issuance of a 'reload' remote control)? Can someone please enlighten me as to what the logic is here - no doubt I should be able to specify a PSK first (fo without worrying if I use WPA, WPA2 or other), and then be able to specify that I want as the layer of encryption (WPA) to make use of this pre-parameter PSK? If it was a router, you don't can me to add something to the authentication key chain OSPF; before clarifying its use - why so different Aironet Wireless IOS?

    You're right, and because you will have to enter several lines of configuration to switch to WPA2-PSK with AES didn't really matter; the AP would reset the radio anyway because you make changes related to the radio interface. It would be very useful that if Cisco router/switch IOS 'macro' feature available AP thus in changes like this, unfortunately this is not the case.

    Start with the nonroot AP and make sure that the following lines are added to your configuration. If you add by the console, the order must be like that, do it by downloading a new configuration of booting with tftp, that it does not matter.

    interface Dot11Radio0
    encryption ciphers aes - ccm mode

    SSID dot11 TEST
    authentication wpa key management
    WPA - psk ascii 0

    Please rate helpful messages... :-)

  • Configuration of NAC OOB

    Hello!

    I implement a solution of oob of the NAC. CASE of tTe and CAM are in the data center on a remote network, and I need to check the vlan that my users access on my remote sites.

    How can I make them authenticate on the CASE of distance? (the case is on a remote network)

    TKX

    Miguel

    Hello

    Well, it looks like you are starting, so I advise you to contact the OOB concept and guidelines:

    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html.

    You have the L2/L3 mode.

    You have the mode OOB/NVI.

    You have the real/virtual Ip gateway mode.

    You have 2 VLAN main for customers: access (of confidence) and authentication (not approved) VLAN.

    The goal is to make the customer enter the LAN virtual auth before logon, and traffic through the CASE so that the CASE can permit/deny the client to pass traffic.

    You also, nice chalk talks where you can see videos explaining the steps to configure several functions/deployments:

    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html.

    HTH,
    Tiago

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • Judgment of NAC Manager HTTPS response after activation of the AH

    Judgment of NAC Manager HTTPS response after activation of the AH

    I have currently NAC installation in a lab, and as soon as I restart the Manager after you have configured the AP server stops responding to HTTPS and I got Service temporarily unavailable. After restarting the server I saw something console to check the HA setting but I not see this message again and I don't know how to check these parameter in CLI.

    Hello

    This may mean that HA is not correctly configured (problem with certificates, heart rate, etc.).

    The best thing to do is to connect via SSH for both cams, go to /etc/ha.d/ and delete the files: 'perfigo.conf' and 'ha.cf.

    These are the files that contain the HA configuration, if, after deletion, restart the machine and they will come as stand-alone upward again.

    As a stand-alone, you can HA startover config again, ensuring that you follow the steps required:

    http://www.cisco.com/en/US/docs/security/nac/appliance/installation_guide/hardware/48/hi_ha.html.

    HTH,
    Tiago

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • Cisco NAC offers Support

    Hello

    I have some question about Cisco NAC and don't know if it is able to support:

    1. can you packets qos to NAC honor/confidence when it is configured for inband/off band?

    2. for the creation of the lobby admin on local accounts management comments (using the own access device); cisco nac appliance does support

    the lobby admin via acs/external db authentication? If this isn't the case, adding a comment server would reach it?

    3 - is not cisco NAC appliance support wireless controller and the mixture of cisco/non-cisco switches? If so, if the switch supports snmp mib mac-notification/link/link down; would this be enough?

    4 is Cisco NAC comes with a predefined set of rules AV to verify that all AV support is running for the posture check (example if NAC supports 100 produced different viruses; can he check all 100 different product that can be installed on a PC for control of posture). An example of this would be hotel / that there are people of different products installed antivirus trying to access the network and the antivirus must run and installed and updated to access network). I know that the pre-confgiured default rule can check for installation/setting however not sure on the status of service / application running.

    Thank you.

    Hello

    For VGW configurations, you must have in separate subnets. For RIP, they can be in the same subnet without problem.

    HTH,

    Faisal

    --

    If you find this article useful, please note so that others can easily find the answer

  • NAC agent don't popup configure what ORGANIZATIONAL unit in Active Directory

    Hi expert,

    I need help problem on NAC L2OOB-VG, the NAC server and client version 4.7.2. My problem is:

    -Before I use NAC ADSSO with Windows Server 2003 Active Directory and everything work fine. Untrust popup of the NAC agent connection users, authenticate users and users of action switch for trust to Vlan.

    -Now my DC have a problem so I upgrate this DC to Windows Server 2008 SP2 and configure the OU, Active Directory, I create OUS and move users to OR for simple management, after that I configured ktpass and service ADSSO in the NAC has start.

    So now my problem is:

    -Agent NAC users connection not popup and does not authenticate users.

    -When I move this users in UO to the domain users, popup will for the Attorney to the NAC and authenticate the user.

    How can I configure NAC in consultation with users in UO?

    Thank you for any assistance.

    Hello

    You have defined LDAP search servers to use with your SSO AD? All maps are you doing?

    Faisal

  • Broadband Internet block through the NAC

    I have NAC deplyed in OOB VGW and version 4.8. Because of the internet of the restricted policy, people use devices to broadband internet. Is it

    possible if the ANC can block these broadband connections.

    Talha,

    NAC agent can only assess posture and help the rehabilitation, if necessary. It cannot apply policies, so if your customers for example use an aerial map or connect via the internet through other mechanisms, the agent will not help here.

    HTH,

    Faisal

  • NAC 4.7.2 ever validity

    I have a setup of the NAC, which has 1 server and 1 Manager. Everything is runing and fine.

    I use the free sign generated by Manager and the server certificate. The validity of the certificate is just 3 months. Can I increase the validity of the

    certificate. I worked on an earlier version as 4.6,4.5 4.7.1 it validity were about 5 to 10 years.

    Is it of any other workaround.

    Talha,

    No way, but you can generate certificates using openssl and install them on the NAC devices.

    I'm including the output from my example class that I did just to give you an idea of what should look like the race. What I typed is red:

    [[email protected] / * / ~] # mkdir NewCertDirectory
    [[email protected] / * / ~] # cd NewCertDirectory
    [[email protected] / * / NewCertDirectory] # openssl genrsa 1024 > NewPrivateKey.key
    Generate an RSA private key, modulates long 1024 bits
    ...........++++++
    .............++++++
    e is 65537 (0 x 10001)
    [[email protected] / * / NewCertDirectory] #.
    [[email protected] / * / NewCertDirectory] # openssl req - new - key NewPrivateKey.key - out NewCertificate.csr
    You are about to be asked to enter information that will be incorporated
    in your certificate request.
    What you are about to enter is what is called a distinguished name or a DN.
    There is a certain fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the area will be left blank.
    -----
    Name of the country (2-letter codes) [to THE]: U.S.
    State or Province (full name) [Some-State]: NC
    Locality name (for example, City) []: RTP
    Name of the Organization (e.g., company) [Internet Widgits Pty Ltd]: Cisco
    Organizational Unit Name (eg, section) []: TAC
    Common Name (eg, YOUR name) []:www.Your_CAS_Name_Here.com (this is the host name or the domain name of your certification authorities for which you generate the certificate. In the case of the AH, that would be the name which resolves to the VIP of the SCA)
    [] E-mail address:

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    A business optional name []:
    [[email protected] / * / NewCertDirectory] #.
    [[email protected] / * / NewCertDirectory] # openssl x 509 - req-days 1000 - NewCertificate.csr - signkey NewPrivateKey.key - out NewCert.crt

    OK signature
    subject = / C = US / ST = NC/L = RTP/O = Cisco/OU = TAC/CN =www.Your_CAS_Name_Here.com
    Get the private key

    [[email protected] / * / NewCertDirectory] # cat NewPrivateKey.key > NewCert.crt

    Now you can take this NewCert.crt file and install it on the NAC devices using the GUI. Use WinSCP to copy the

    file.

    HTH,

    Faisal

  • NAC - NAC - NM vs CASE

    Hello

    I have the central site with 50 users, without branches. Can I simply deploy NAC - NM instead of CASE and if I use NAC - 2811 SRI NM there is no bandwidth limitation when it is compared with the CASE solution? In general, what is the rate for SCS (3310) and what for the NAC - NM?

    Yes, SL will run in inline mode, but as with all AC it can support only a single (inline or OOB) mode at the same time.

    We are desigining our inline NM CASE solution now in our lab and I had similar concerns about flow. I opened a TAC case and was assured that the CASE of NM can do a full concert flow. Our tests have shown that our routing platform (a SRI 2821) cannot do it on 20mbps, however, even with all the features disabled.

  • Problem of the NAC plugins &amp; Nessus

    Hi all!

    I have a problem with the installation of the Nessus plugin. ((

    After reading Installation Guides I have not a clear understanding what files should I download. So I have 2 files:

    Nessus-plugins - 2.2.10.tar.gz (6507 KB)

    Nessus-plugins-GPL - 2.2.10.tar.gz (1071 KB)

    of http://www.nessus.org/download/index.php

    After renaming, I tried to download each of them turning the cam under updates of the Plugin. CAM said "Upload successful" and has always some plugins (Scan Setup-> Plugins).

    So I don't understand what the problem... ((

    Can someone share file plugins.tar.gz correct, please...?

    Concerning

    You must download and install the Nessus appropriate for your PC.

    After downloading the latest plugins on the site of Nessus, in the directory (for a Windows installation) c:/Program Files / sustainable / Nessus / Plugins, you will have a file 'plugin.tar.gz '. You can rename or copy this into "plugins.tar.gz".

    Then in the console the NAC Manager, under ACCESS OWN-> NETWORK SCANNER-> Plugin updates, go to the same folder and choose the file "plugins.tar.gz". It MUST be named exactly as described - with the S - to work. Complete the DOWNLOAD. When finished go to the Configuration of Scan tab and select all in the show _ Plugins dropdown. You should hae about 20,000 of them.

    HTH.

    Jim

  • VMware 5.1 with compatibility virtual RDM and Microsoft SQL Cluster mode

    Hello

    I am a bit confused by the VMWare documentation and hope someone can point me in the right direction.

    I want to know if it is possible and supported to create a cluster of SQL 2008 R2 2 nodes (Server 2008 R2 SP2 are VM) on a 2 node cluster VMWare 5.1 with the use of Virtual RDM compatibility?

    When you read the PDF on vsphere5.1 on the link below on page 9, there's a indicating note 'NOTE Clusters on multiple physical computers with no-pass-through RDM is supported only for Windows Server 2003 clusters. It is not supported for clustering with Windows Server 2008. »

    http://pubs.VMware.com/vSphere-51/topic/com.VMware.ICbase/PDF/vSphere-ESXi-vCenter-Server-51-Setup-MSCS.PDF

    So that means that I want "a 2-node cluster sql 2008 R2 server" is not supported?

    But I also found this link below and in the table of the column on the Cluster SQL line RDM is said 'yes' with a 2.

    VMware KB: Microsoft Clustering on VMware vSphere: guidelines for supported configurations

    Means 2/redirects-> for more information on shared disk configurations, refer to the Disk Configurations section in this article.

    -> Disk configurations

    • RDM: Configuration using a shared Quorum for storage or data must be on Fiber Channel (FC) based on RDM (physical cluster across boxes "CAB" mode, virtual mode for cluster in a box "IPC") in vSphere 5.1 and previous versions. RDM on storage other than CF (iSCSI and FCoE) are supported only in vSphere 5.5. However, in earlier versions, FCoE is supported in very specific configurations. For more information, see Microsoft clustering solutions table above note 4 .

    What follow-up note4->

    1. In vSphere 5.5, native FCoE is supported. In vSphere 5.1 update 1 and 5.0 Update 3, two cluster configuration of the node with Cisco NAC (VIC-1240/1280) cards and driver version 1.5.0.8 is compatible with Windows 2008 R2 SP1 64-bit guest operating system. For more information, see the VMware hardware compatibility guide:

    This means that it is suuported, I "m confused.

    Hi Bypy,

    Two windows 2008 R2 SQL virtual cluster nodes with RDM is supported only for the IPC or Cluster In a Box that is to say if the two virtual machines reside on the same host ESXi. The same configuration is not supported for the cabin or Cluster across boxes (virtual machines running on different hosts ESXi).

    The CAB, you go for the physical RDM mode.

    According to this link, http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1037959

    SQL Cluster using windows 2008 R2 is supported for both physical and virtual mode RDM. Between physical and virtual mode depends on whether you want the CAB or IPC respectively.

    I hope this helps.

    See you soon,.

    Arun

Maybe you are looking for