PIX by RADIUS and access user-list
Anyone knows if with Microsoft (IAS - RADIUS service) Internet Authentication Service
It is possible to use download the access list for the PIX (access by user list) firewall and how do I configure IAS for this feature.
Thanks in advance.
Yes, it is possible. Take a look at this link which explains how I could make it work:
http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_62/config/mngacl.htm#33910
I don't remember all the steps I took to get the ISA server computer to return the string VSA CISCO specific (attribute 26), but you should be able to understand. I am, in any case, an expert of the IAS.
I hope this helps.
Scott
Tags: Cisco Security
Similar Questions
-
Flash Wrapper and access user-defined variables
I'm working on creating a Flash AS3 wrapper to combine several files cpativate. I am able to retrieve system variables, but I'm not able to recover the user-defined variables. I have a variable that is defined by the user in my Captivate called passedScore, in my Flash script, I have the following...
var mcLesson1:MovieClip;
btnHit.addEventListener (MouseEvent.CLICK, test);
var vLoader:Loader = new Loader();
vLoader.contentLoaderInfo.addEventListener (Event.COMPLETE, swfLoaded);
vLoader.load (new URLRequest ("untitled1.swf"));
function swfLoaded(e:Event):void {}
mcLesson1 = MovieClip (vLoader.contentLoaderInfo.content);
vLoader.contentLoaderInfo.removeEventListener (Event.COMPLETE, swfLoaded);
addChild (mcLesson1);
}
function test(event:MouseEvent):void
{
feedback1. Text = mcLesson1.cpInfoCourseName;
feedback2. Text = mcLesson1.m_VarHandle.passedScore;
}
retroaction1 correctly displays the name of the course, however, for feedback2 it errors saying a term are indefinite (referring to m_VarHandle)
try to use mcLesson1.cpEIGetValue ('m_VarHandle.passedScore');
-
I use firefox and tried to access the list of favorites. no luck?
Have always used Yahoo mail, but had to change browser for firefox as yahoo is no longer supported my IE9 for yahoo mail. I want to continue with email from yahoo that I like. Now I can get email yahoo thanks to firefox, which is great. I want to access the list of the favourites in the firefox toolbar, but not luck.
Can someone advise please.
MaryHello
This should be simple enough to change;
- Press Alt and clear view.
- In this menu, select Toolbars, followed by the bookmarks toolbar.
You can then the user details in this article to help manage your bookmarks. Everything that you put in the folder "Personal bar" should appear along the toolbar in Firefox for easy access when browsing the web.
I hope this helps, but if not please come back here and we can look at another solution for you.
-
Vista - Windows 7 network connection. username and password is unknown.
Hello
I just got a laptop with windows 7 on it and I want to connect to my other PC for it, they are on the same network through a router. the PC can see and access the laptop without asking for a user name and password but the laptop cannot access the PC because it asks me a username and password that I don't know.
If someone could answer this question, it would be great.
HelloMaybe this can help.Win7 when configured on the peer-to-peer network has three types of configurations of sharing.
Group residential network = only works between Win 7 computers. This type of configuration, it is very easy to entry level users to start sharing network.
Working network = fundamentally similar to previous methods of sharing that allow you to control what, how and to whom the records would be shared with.
Public share = network Public (as Internet Café) in order to reduce security risks.For the best newspaper of the results of each computer screen system and together all computers on a network of the same name, while each computer has its own unique name.
http://www.ezlan.NET/Win7/net_name.jpg
Make sure that the software firewall on each computer allows free local traffic. If you use 3rd party Firewall on, Vista/XP Firewall Native should be disabled, and the active firewall has adjusted to your network numbers IP on what is sometimes called the Zone of confidence (see part 3 firewall instructions
General example, http://www.ezlan.net/faq.html#trusted
Please note that some 3rd party software firewall continue to block the same aspects it traffic Local, they are turned Off (disabled). If possible, configure the firewall correctly or completely uninstall to allow a clean flow of local network traffic. If the 3rd party software is uninstalled, or disables, make sure Windows native firewall is active .------------------------------
If your network consists only of Win 7 and you want a simple network, use it.
http://Windows.Microsoft.com/en-us/Windows7/help/videos/sharing-files-with-HomeGroup
After you have configured the homegroup, scroll to the bottom for the Permission/security section.
-----------------------------
Win 7 networking with other version of Windows as a work network.
In the center of the network, by clicking on the type of network opens the window to the right.
Choose your network type. Note the check box at the bottom and check/uncheck depending on your needs.
http://www.ezlan.NET/Win7/net_type.jpg
Win 7 network sharing folder specific work - http://www.onecomputerguy.com/windows7/windows7_sharing.htm
Vista file and printer sharing - http://technet.microsoft.com/en-us/library/bb727037.aspx
Windows XP file sharing - http://support.microsoft.com/default.aspx?scid=kb;en-us;304040
Sharing printer XP - http://www.microsoft.com/windowsxp/using/networking/expert/honeycutt_july2.mspxSetting Windows native firewall for sharing XP - http://support.microsoft.com/kb/875357
Windows XP Patch for sharing with Vista (no need for XP - SP3) - http://support.microsoft.com/kb/922120When you have finished the configuration of the system, it is recommended to restart everything the router and all computers involved.
-------------
If you have authorization and security problems, check the following settings.
Point to a folder that wants to share do right click and choose Properties.
In the properties
Click on the Security tab shown in the bellows of the photo on the right) and verify that users and their permissions (see photo below Centre and left) are configured correctly. Then do the same for the authorization tab.
This screen shot is to Win 7, Vista menus are similar.
http://www.ezlan.NET/Win7/permission-security.jpg
The Security Panel and the authorization Panel, you need to highlight each user/group and consider that the authorization controls are verified correctly.
When everything is OK, restart the network (router and computer).
* Note . The groups and users listed in the screen-shoot are just an example. Your list will focus on how your system is configured.
* Note . There must be specific users. All means all users who already have an account now as users. This does not mean everyone who feel they would like to connect.
---------------------
*** Note. Some of the processes described above are made sake not for Windows, but to compensate for different routers and how their firmware works and stores information about computers that are networked.
Jack-MVP Windows Networking. WWW.EZLAN.NET
-
I am the administrator of the computer and the computer won't let me access the list allow and block my child's account. I'll bring my parental control password, click on my childs account, put parental controls, go to web filter and click on block some web sites, click on edit the allow and block list and the computer tells me that it is not able to make changes to parental controls settings and see the system administrator if the problem persists.
Hi Ranw,
· What is the error message when you try to change parental controls?
· Have you been able to make any changes on this computer from your account earlier?
You can follow the steps below and check if you can make changes to the parental controls on your computer.
Step 1:
Disable UAC (User Account Control) and check the result. Access the link below and follow the steps to disable UAC.
http://Windows.Microsoft.com/en-us/Windows-Vista/turn-user-account-control-on-or-off
Note: You must restart your computer when you enable or disable UAC. Change levels of notification does not require that you restart your computer.
Step 2:
I suggest to create a new administrator account and log later in the new administrator account, try to set parental controls and check if it works.
Create a user account:http://windows.microsoft.com/en-US/windows-vista/Create-a-user-account
Check out the link below to check if the parental control is properly set:
http://Windows.Microsoft.com/en-us/Windows-Vista/set-up-parental-controls
I hope this helps. Let us know the result.
Thank you and best regards,
Srinivas R
Microsoft technical support.
Visit our Microsoft answers feedback Forum and let us know what you think.
-
WLC with ACS 5.1 (RADIUS) for management * AND * Network users
Hello
I have authentication RADIUS of installation for the users of the network AND management on my NM - WLC (5.2 ongoing execution) against ACS 5.1
My Question is:-
For users to log in to Admin, I need to come back "Service-Type = Administrative - User" in order to make it work.
Because the ACS sees all applications from the same device (WLC) for Admin and network users,
the way I am currently treats it is by creating a filter based on the user name
Thus, users that contain 'admin' in their ID, use a set of
Network access policy authorization, who has an authorization associated with the attributes RADIUS profile.
Normal users have a ' network access policy authorization different rule ", with a different profile.
While this DOES WORK fine, still me I was wondering if there is a better way to do it, rather than create a rule
based on the user name.
I could use GANYMEDE + for the management, but I don't think that ACS allows the same client AAA (WLC) to use both protocols.
Thank you
I think it's something very common for things to do
You may notice that ACS 5 comes preinstalled with a selection policy of service that differentiates them the Protocol-based queries and orders or service 'Access to the network by default' or "Default Device Admin" out of the box
If you want only to RAY can either disable or delete the rule for applications of GANYMEDE + or not choose GANYMEDE + in the definitions of the unit
-
Oracle query of relay and access function call does not return the list
Thanks to aid in a previous post, I received, I created an oracle 10 g feature that returns the list after you run the sql code it contains. It works in oracle, using sql developer.
I need to have the list that he returned to see the place in MS Access via a relay request. It does not work so far. The string for connection etc is ok, I'm able to use passthrough queries to run sql strings correctly. But when I try to call the function through the request of relay and access initially nothing seems to happen (IE no list) and if I try to run again, there is an "ongoing call odbc error. Current operation cancelled "." There are only three records in the table. I'm missing something, someone can he spot?
The application of relay and looks like this
Select * from fn_testvalues of the double
Once that is running in oracle.
To create the test table and 2 functions below.
CREATE TABLE t_values (MyValue varchar2 (10));
Table created
INSERT INTO t_values)
SELECT 'Merced' c1 FROM dual UNION ALL
SELECT "Pixie" dual UNION ALL
SELECT "452" DOUBLE);
3 lines inserted
FUNCTION to CREATE or REPLACE RETURN NUMBER IS fn_isnum(p_val VARCHAR2)
n_val NUMBER;
BEGIN
n_val: = to_number (p_val);
RETURN 1;
EXCEPTION
WHILE OTHERS THEN
RETURN 0;
END;
/
Feature created
table test:
SELECT val, isnum fn_isnum (MyValue)
OF t_values;
VAL ISNUM
---------- ----------
Merced 0
Pixie 0
1 452
Now the function that is called in the application of relay:
create or replace function fn_testvalues
sys_refcursor is back
RC sys_refcursor;
Start
Open rc for
Select t_values.*, fn_isnum (MyValue) t_values IsNum;
Return (RC);
end fn_testvalues;Why not?
satyaki> satyaki>select * from v$version; BANNER ---------------------------------------------------------------- Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod PL/SQL Release 10.2.0.1.0 - Production CORE 10.2.0.1.0 Production TNS for Linux: Version 10.2.0.1.0 - Production NLSRTL Version 10.2.0.1.0 - Production Elapsed: 00:00:00.00 satyaki> satyaki> satyaki>create or replace view bb 2 as 3 select * 4 from emp; View created. Elapsed: 00:00:00.00 satyaki> satyaki> satyaki>select * from bb; EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO JOB1 DOB ---------- ---------- --------- ---------- --------- ---------- ---------- ---------- --------- ---- 7521 WARD SALESMAN 7698 22-FEB-81 226.88 500 30 SALESMAN 7654 MARTIN SALESMAN 7698 28-SEP-81 1815 1400 30 SALESMAN 7788 SCOTT ANALYST 7566 19-APR-87 598.95 20 ANALYST 7839 KING PRESIDENT 17-NOV-81 7260 10 PRESIDENT 7844 TURNER SALESMAN 7698 08-SEP-81 2178 0 30 SALESMAN 7876 ADAMS CLERK 7788 23-MAY-87 159.72 20 CLERK 7900 JAMES CLERK 7698 03-DEC-81 1379.4 30 CLERK 7902 FORD ANALYST 7566 03-DEC-81 5270.76 20 ANALYST 7934 MILLER CLERK 7782 23-JAN-82 1887.6 10 CLERK 7566 Smith Manager 7839 23-JAN-82 1848 0 10 Manager 23-JAN-89 7698 Glen Manager 7839 23-JAN-82 1848 0 10 Manager 23-JAN-89 EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO JOB1 DOB ---------- ---------- --------- ---------- --------- ---------- ---------- ---------- --------- ---- 1 boock 12 rows selected. Elapsed: 00:00:00.00 satyaki> satyaki> satyaki>select * 2 from bb 3 where empno = &eno; Enter value for eno: 7521 old 3: where empno = &eno new 3: where empno = 7521 EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO JOB1 DOB ---------- ---------- --------- ---------- --------- ---------- ---------- ---------- --------- ---- 7521 WARD SALESMAN 7698 22-FEB-81 226.88 500 30 SALESMAN Elapsed: 00:00:00.00 satyaki> satyaki>
Kind regards.
LOULOU.
-
Original title: I can't access the accounts of users (XP).
I can not access (XP) user accounts. I get the message: "Microsoft (R) HTML Application host has encountered a problem and needs to close etc.." The APPname is mshta.exe. I have this msg when I click on anything in the user accounts.
1. What is the problem?2. what should I do to fix this?Hello Eric_984,
Thank you for the question!
It is disheartening to know that have problems you with user accounts. "As I understand it, you get an error message" Microsoft (R) HTML Application host has encountered a problem and needs to close etc. "when you access user accounts.
I need to ask you a question to help you best.
Were there any changes (hardware or software) to the computer before the show?
Perform the steps in the link and check.
Answer to us if you are having problems with user accounts or any other issue of Windows, and I'd be happy to help you again and try to correct the problem as soon as possible.
Good day!
Hope this information helps.
-
"Unknown users" listed in properties and safety of a folder
PROBLEM: "unknown users" are listed in the properties/security of a folder.
I have Windows 7, 64-bit.
The properties/security box from my "C:\Users\[my name]" folder lists two known as users
"Account unknown (S-1-5-21-879640176-2077098734-2292519611-1001).
and "Home Users", more legitimate users 'SYSTEM', 'Administrators', and
"[my name]."After deleting the computer Acct limited, the 2 users are still listed.
'S-1-5-21-879640176-2077098734-2292519611-1001' is not found by the Yahoo Search
Engine. Windows specific engine search folder 'C:' and 'Users' research essentially
indefinitely. For the folder named after me is nothing.Especially regarding'S-... ', this is the result of malware? Would the deletion or the other or both of these
Users of harmful effects?Thank you.
These inscriptions refer to the accounts that you have deleted from your computer. They are of no consequence, and they cause no harm.
-
How to reset the Status field and delete ToDo list outside the user interface?
All, morning
HR 802 generating WebHelp.
I made use of the status field and ToDo List in the past. For my next release aid, I would like to reset these fields for all the subjects, so I can still have accurate reports as subjects of creation/revision of the final course.
Is it possible to do without opening each topic in the user interface and compensation/change manual fields? (I thought to delete all fields of ToDo and recreate them, but thought that there is an easier way.) This information appears in each section or in a separate file?
Thank you
Patrick
Hi Patrick
- Close all topics that can be opened in the editor.
- Open the pod of the list of topics.
- Select all subjects.
- Right-click and choose Properties from the subject.
- Click the status tab.
- Modify if needed.
All subjects should change to reflect the new status and the task list settings.
See you soon... Rick
Useful and practical links
Wish to RoboHelp form/Bug report form
Begin to learn RoboHelp HTML 7 or 8 days - $24.95!
-
PIX 501 NAT and PAT with a single IP address
Using the following configuration, on my first PIX 501, I am unable to provide a server of mail to the outside world and allows inside customers to browse the Internet. :
6.3 (5) PIX version
interface ethernet0 car
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
enable password xxxx
passwd xxx
hostname fw-sam-01
SAM domain name
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
No fixup not protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
outside access list permit tcp any host 62.x.x.109 eq smtp
access the inside to allow tcp a whole list
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP address outside the 62.177.x.x.x.255.248
IP address inside 192.168.45.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 192.168.45.2 255.255.255.255 inside
PDM logging 100 information
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
public static 62.177.x.x.x.45.2 (Interior, exterior) mask subnet 255.255.255.255 0 0
outside access-group in external interface
group-access to the Interior in the interface inside
Route outside 0.0.0.0 0.x.x.x.177.208.105 1
Timeout xlate 0:05:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server local LOCAL Protocol
Enable http server
http 192.168.45.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Telnet 192.168.45.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
: end
It is I'am using access list and groups wrong or am I wrong in PAT/NAT configuration.
Please advise...
Hello
I went through the ongoing discussion. The pix configuration should be fine for now according to suggestions. The problems seems to be on the server. If it is a new installation of windows, then there is an option not to accept requests that are not local network.
If you want to check if pix allows connections and then when you telnet to port 25 of the outside, just run the xlates control.
SH xlate and it should show you a translation for the inside host. More than a quick test if pix allows traffic is to check 'sho-outdoor access list' and see if the counters are increasing.
Hopefully this should help you.
Arun S.
-
PIX 525 config and VPN configuration
Hello
I was asked to work on a customer request to replave sound no cisco FW with a pix 525 and also lead to a VPN solution using this PIX 525.
I'm not a FW as my main experience is with Routing/Switching, but I have read some documentation and had some hands on a client of vpn300 501 PIX and cisco. I managed to make it appear the vpn connection, even if all tests have failed (you need to solve any further).
Customer has its main site with an application that runs on a Web server that must be accessed only through the vpn to: 3rd party + a few remote users.
The solution, I want to propose to the client is:
option 1:
PIX 525 as a vpn server + Cisco vpn 3000 client on all PCs of remote users.
option 2:
PIX 525 as a vpn server + vpn client windows on all PCs of remote users
option 3:
PIX 525 as vpn + PIX 501 to 3 rd party server + vpn client windows on all PCs of remote users
First I want to confirm that these motions are feasible. So which option should I go for knowing that the remote users are only about 10.
Client doesn't no Ganymede or RADIUS should go for statis userid/pass set up on PIX525?
Any idea, advice, suggestion is welcome. Thanks in advance
Kind regards
ngtelecom
Hello
Option 1
In my opinion, is the best solution because the PIX 525 will act as a firewall and the VPN server.
Then, all the clients connect via VPN using Cisco's VPN IPsec client software.
Option 2
The advantage of this option is that you do not need to install VPN software on clients (not a problem, only 10 clients)
The problem is that it does not come with split tunneling and don't provide as good protection as Cisco software.
Option 3
This is also valid, and you can do an EasyVPN connection where the 525 is the server and the 501 to the customer.
Local authentication on the PIX 525 sounds great.
As a recommendation, the PIX are EoS and the replacement are the ASAs.
It will be useful.
Federico.
-
I can't access some files because I did not 'Privileges '. How do I get and access?
I had my hard drive crash. I inserted a new disc. I'm now trying to re - load my data files to an external hard drive where I do my backups. When I copy a file and try to access it, I learned that I do not haave access privileges. How can I access?
- Connect to the new machine with an administrator account.
- In Explorer, right-click on the drive and select "Properties".
- Select the security"" tab.
- Click on the "Edit" button below the list of the "group or user names.
- When Windows asks you "Windows needs your permission...". ', select 'continue '.
- Click the 'Add' button to add a new user.
- Type "Everyone" (without the quotes) in the box provided and click on "check names".
- Click OK.
- Now, select 'All' in the list in the "group or user names.
- Click on the 'Total control' box in the column "Allow", then click OK.
- It may take some time to complete.
Otherwise, as an administrator, you can take ownership of all files and then transfer them and then to restore the permissions to the appropriate users once transfer complete. I will describe these procedures in more detail if you need it - but procedures are doing a better job than I ever could. Here are the procedures: http://www.nirmaltv.com/2008/07/11/how-to-take-ownership-of-files-and-folders-in-vista/. But this process will make you the owner of all files and you will not be able to transfer the property to standard users (since they don't have sufficient privileges to appropriate).
You should now be able to access the files and restore the backup (regardless of the method chosen).
Once the files are restored, you may need to change the permissions so that all the user is not allowed to all files and the administrator is not the owner (I don't know if cela transfers, but I think that it doesn't). You must configure the permissions as they were before--with each user with rights to its records, all deleted user and administrators with all rights for each folder (or you can skip this last part, because you can always get permissions if you need by taking possession and maybe users want that privacy for their files even administrators).
Good luck and I hope this helps.
Lorien - a - MCSE/MCSA/network + / A +.
-
Customer Pix unit inside and dmz networks
Are there problems that prohibit a client to the unit to start connections to hosts on pix dmz networks and pix inside at the same time?
You can provide a link that describes the side PIX of the two networks not only inside network access configuration?
Oops, yes sorry, brain fade from me, do not take into account my first email. Your configuration would look like this:
IP address inside 10.1.1.1 255.255.255.0
IP dmz 172.16.1.1 255.255.255.0
IP local pool vpnpool 192.168.1.1 - 192.168.1.254
NAT (inside) 0-list of access nonatinside
NAT (dmz) 0-list of access nonatdmz
permit the 10.1.1.0 ip access list nonatinside 255.255.255.0 192.168.1.0 255.255.255.0
permit ip 172.16.1.0 access list nonatdmz 255.255.255.0 192.168.1.0 255.255.255.0
Hope that helps.
-
same host for radius and Ganymede
Hello
can I put a host (asa for example) twice in the acs Server? one for Ganymede to grant administrators access exec and the other for radius authenticate remote users.
I don't want remote users to be able to get exec mode.
Or how should I configure this?
Yes, you can do it. Network configuration ON acs
Add
ASA---> 10.1.1.1---> Auth using Ganymede +.
ASA1--> 10.1.1.1---> Auth using RADIUS
Host name cannot be the same.
Kind regards
~ JG
Note the useful messages
Maybe you are looking for
-
For a long time, I was fortunately using smart search by keyword.For example I had loaded searches customized to the letters 'd', 'e', 'w '.All of a sudden, they lead to different destinations. Everything I tried to change their return - no luck.Plea
-
Pavilion HPE-110nl lost the physical memory
Product name: HP Pavilion Elite HPE - 110nl desktop PC OS: Windows 7 Home Premium x 64 SP1 After an electricity break my PC had only 2008 total physical memory MB instead of the normal MB 6104. The memory is there (SIW Gabriel Topala, gives informati
-
Using C++ in QML classes
Hello I'm trying to run an example of this page (https://developer.blackberry.com/cascades/documentation/dev/integrating_cpp_qml/index.html) on the "Using C++ Classes in QML. I have the following code as shown on this page: CombineCppAndQml::CombineC
-
Unable to activate Windows 7, error: product key is not valid
Original title: activation WENT to ACTIVATE WINDOWS7 AND ITS TELLING ME PRODUCT KEY has BEEN BLOCKED from use by microsoft?
-
See the request previous aging bucket
Hi all Work ERP Version 11.5.10.2 I need help, in my query to show the previous date segment. Please see the below query Select salesper_name client_name customer_number, TRX_NUMBER, amount_due_original,amount_due_remaining, gl_date, amount_remaining