Remote access to the network when AAA server is out of service help
Hi all, I have a Cisco ASA 5510. I configured Cisco Anyconnect to authenticate via IAS from Windows. We recently had a server crash and I tried to control it remotely and via anyconnect and couldn't. Once the IAS server came, I could come back in the network.
Y at - there a command that I'm missing that will allow me to connect to the network, even if my AAA server fell Anyconnect?
Here is my part of the config AAA command...
RADIUS protocol AAA-server WindowsIAS
Max - a attempts failed 5
AAA-server host 192.168.2.15 WindowsIAS (inside)
XXXXXXXXXX key
RADIUS-common-pw xxxxxxxxxx
Thanks in advance... Dan
Dan,
Try to add the LOCAL keyword to your authentication server group statement in your group of tunnel or group policy.
http://www.Cisco.com/en/us/docs/security/ASA/asa90/command/reference/A3...
Thank you
Sent by Cisco Support technique iPad App
Tags: Cisco Security
Similar Questions
-
Hello. I did some of my files of Windows XP Dell system accessible on my home wireless network. When I try to open the folder (which appears in the network folder) on my Sony Vaio with Windows Vista, I get the error msg that I have stated above in the title of this Post.
The entire message starts like:
\\DOUG-DELL1\Denises at the bottom of the folder is not accessible. You could
are not allowed to use this network resource. Contact the
Administrator of this server to find out if you have the permission to access
"not enough server storage is available to process this command" tries to open the network when the folder shared.
I have a bitmap and a Jpeg screenshot captures showing the specific error message as well as the objects on my network - is possible I can join to this post?
This error message is misleading. See article Knowledge Base Microsoft Antivirus software may Cause Event ID 2011 for a likely solution, specifying a value of IRPStackSize 15 on the Windows XP computer. Boulder computer Maven
Most Microsoft Valuable Professional -
AppPortal error: remote access to the server is not enabled
I'm lost on this one.
Using the full client of AppPortal on a Win7 64 bit machine (version 8.0 of the customer)
Double-click the icon, download authenticated - published applications show, then double click a published application, the end user receives:
Remote access to the server is not enabled.
This happens only on a single computer
From this profile of users on the given computer I can MSTSC on the same server without problem
The error also follows the profiles on the given computer.
I have closed the Antivirus and Windows Firewall and still can not get this to work.
Even uninstalled and reinstalled the client.
From my computer, I can easily log in as this user.
Customers get automatically configured through an XML file.
After installation, I tested this laptop and he always gave the same error.
I ended up him to give me the phone for a few hours.
Uninstalled the version that was there (build 8.0.0.forget) and scoured the Windows Explorer for all left overs (a little here and there in user profiles and delete).
Then scoured the registry for expressions; vWorkspace, Quest Software and Provision Networks and remove all instances
Reinstalled all THE SUCCESS with the new connector to our servers (8.0.306.1427)
Thanks for the help Dave
-
Hello, I have a desktop PC and a laptop (DELL Inspiron N-4050).
I have problem with my internet connection cable which is working fine on my PC, but does not not on my laptop giving an error "no access to the network.When I troubleshoot it says "your computer seems to be correctly configured but the device or resource (DNS SERVER) is not responding."
I said to many technicians of microsoft online response, but they could not solve my problem and said this is my DNS problem and advised me to contact my Internet service provider. Guess it's because of my internet so why it works on my PC not on laptop?Yesterday, my ethernet cable pulled out my cell phone and I couldn't connect to the internet more. But on my desktop PC, it works perfectly fine. (I do not use wifi, if this information is also required) I have studied several threads with similar situations, and I have tried different methods to solve the problem to no avail. I did a system restore, but I'm having no luck. Also, I did not of the latest changes with my anti virus software and my LAN card drivers look to date.
When I remove my cable from the laptop and again connect my cable then it works but only after the PC sat for awhile.
1.I did flush DNS by typing "ipconfig/flushdns" in the command prompt.
2. my IP address, DNS, subnet mask etc are set to automatic.
3.I also added physical address taken from command line giving "ipconfig/all". for the properties of the network driver settings.
4.I ' installed the drivers to date of 2014 on my laptop.
5.I did a lot of searching the web, but they do not solve my problem.Please help me to solve it.
I appreciate your help.
Thank you.Hello Hall,
Please keep us updated on the status of the issue.
I suggest you to follow the steps in this Microsoft article troubleshooting and check if it helps:
Error message "your computer seems to be configured correctly, but the device or resource (DNS server) is not responding" in Windows 7
http://support.Microsoft.com/kb/2779064/en-us
Hope the helps of information.
Please reply with the results, in order to help you solve the problem.
Thank you
-
I have problems to access the resources within the network when connecting with the Cisco VPN client for a version of 8.4 (3) operation of the IOS Cisco ASA 5510. I tried all new NAT 8.4 orders but cannot access the network interior. I can see traffic in newspapers when ping. I can only assume I have NAT evil or it's because the inside interface of the ASA is on the 24th of the same subnet as the network interior? Please see config below, any suggestion would be appreciated. I configured a VPN site to another in this same 5510 and it works well
Thank you
interface Ethernet0/0
Speed 100
full duplex
nameif outside
security-level 0
IP x.x.x.x 255.255.255.240
!
interface Ethernet0/1
Speed 100
full duplex
nameif inside
security-level 100
IP 10.88.10.254 255.255.255.0
!
interface Management0/0
Shutdown
nameif management
security-level 0
no ip address
!
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network of the PAT_to_Outside_ClassA object
10.88.0.0 subnet 255.255.0.0
network of the PAT_to_Outside_ClassB object
subnet 172.16.0.0 255.240.0.0
network of the PAT_to_Outside_ClassC object
Subnet 192.168.0.0 255.255.240.0
network of the LocalNetwork object
10.88.0.0 subnet 255.255.0.0
network of the RemoteNetwork1 object
Subnet 192.168.0.0 255.255.0.0
network of the RemoteNetwork2 object
172.16.10.0 subnet 255.255.255.0
network of the RemoteNetwork3 object
10.86.0.0 subnet 255.255.0.0
network of the RemoteNetwork4 object
10.250.1.0 subnet 255.255.255.0
network of the NatExempt object
10.88.10.0 subnet 255.255.255.0
the Site_to_SiteVPN1 object-group network
object-network 192.168.4.0 255.255.254.0
object-network 172.16.10.0 255.255.255.0
object-network 10.0.0.0 255.0.0.0
outside_access_in deny ip extended access list a whole
inside_access_in of access allowed any ip an extended list
11 extended access-list allow ip 10.250.1.0 255.255.255.0 any
outside_1_cryptomap to access extended list ip 10.88.0.0 255.255.0.0 allow object-group Site_to_SiteVPN1
mask 10.250.1.1 - 10.250.1.254 255.255.255.0 IP local pool Admin_Pool
NAT static NatExempt NatExempt of the source (indoor, outdoor)
NAT (inside, outside) static source any any static destination RemoteNetwork4 RemoteNetwork4-route search
NAT static LocalNetwork LocalNetwork destination (indoor, outdoor) static source RemoteNetwork1 RemoteNetwork1
NAT static LocalNetwork LocalNetwork destination (indoor, outdoor) static source RemoteNetwork2 RemoteNetwork2
NAT static LocalNetwork LocalNetwork destination (indoor, outdoor) static source RemoteNetwork3 RemoteNetwork3
NAT (inside, outside) static source LocalNetwork LocalNetwork static destination RemoteNetwork4 RemoteNetwork4-route search
!
network of the PAT_to_Outside_ClassA object
NAT dynamic interface (indoor, outdoor)
network of the PAT_to_Outside_ClassB object
NAT dynamic interface (indoor, outdoor)
network of the PAT_to_Outside_ClassC object
NAT dynamic interface (indoor, outdoor)
Access-group outside_access_in in interface outside
inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
dynamic-access-policy-registration DfltAccessPolicy
Sysopt connection timewait
Service resetoutside
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-ikev1 esp-md5-hmac bh-series
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto-map dynamic dynmap 10 set pfs
Crypto-map dynamic dynmap 10 set transform-set bh - set ikev1
life together - the association of security crypto dynamic-map dynmap 10 28800 seconds
Crypto-map dynamic dynmap 10 kilobytes of life together - the association of safety 4608000
Crypto-map dynamic dynmap 10 the value reverse-road
card crypto mymap 1 match address outside_1_cryptomap
card crypto mymap 1 set counterpart x.x.x.x
card crypto mymap 1 set transform-set ESP-AES-256-SHA ikev1
card crypto mymap 86400 seconds, 1 lifetime of security association set
map mymap 1 set security-association life crypto kilobytes 4608000
map mymap 100-isakmp ipsec crypto dynamic dynmap
mymap outside crypto map interface
crypto isakmp identity address
Crypto isakmp nat-traversal 30
Crypto ikev1 allow outside
IKEv1 crypto ipsec-over-tcp port 10000
IKEv1 crypto policy 5
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 10
preshared authentication
3des encryption
sha hash
Group 1
life 86400
IKEv1 crypto policy 50
preshared authentication
the Encryption
md5 hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
preshared authentication
aes-256 encryption
sha hash
Group 1
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
Telnet timeout 5
Console timeout 0
management-access inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal BACKDOORVPN group policy
BACKDOORVPN group policy attributes
value of VPN-filter 11
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelall
BH.UK value by default-field
type tunnel-group BACKDOORVPN remote access
attributes global-tunnel-group BACKDOORVPN
address pool Admin_Pool
Group Policy - by default-BACKDOORVPN
IPSec-attributes tunnel-group BACKDOORVPN
IKEv1 pre-shared-key *.
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group ipsec-attributes x.x.x.x
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
Excellent.
Evaluate the useful ticket.
Thank you
Rizwan James
-
From Firefox blocks all access to the network
When I start Firefox (41.0.1), all access to the network is completely blocked. Before you start the FF, I can access the Internet (with Chrome or IE), other computers, but as soon as I launch Firefox, all access to the network (including the connection to other computers) is blocked. In addition, my computer will turn off more.
As far as I KNOW, I have not installed lately extensions or add-ins.
Thank you for your resolution. Today, when I mentioned to work, I was told to update Firefox. This seems to do the trick (so far, fingers crossed!).
(https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings) so very probably an extension is causing harm.
When this isn't ' t the resolution, I will surely return to your resolutions.
-
Adapter LAN question, "no access to the network.
Original title: LAN adapter issue
Hi all, when connecting my laptop to a switch of the LED on the switch is green which means connected. The IP address on the laptop is entered manually, but when will the cmd and issue ipconfig it shows "media disconnected" and the network adapter in the Control Panel indicates "no access to the network. It also indicates that "this device is working propoerly! Please advice
Hello
What is the number and the model of the computer?
Remember to make changes to the computer before the show?
Thanks for posting in Microsoft Communities. The problem description, I understand that you can not connect to the Internet. Correct me I misunderstood the question
Follow these steps:
Method 1: Follow these steps:
How to troubleshoot possible causes of Internet connection problems in Windows XP: http://support.microsoft.com/kb/314095Method 2: Follow these steps:
Step 1: renew DHCP Dynamic Host Configuration Protocol)
a. click Start, click run, type cmd and click OK.
b. in the command prompt, type ipconfig / renew
c. Close command prompt.
d. check the result.Step 2: Try to obtain an IP address automatically
a. open Internet Explorer, go to Tools, click on Internet Options, connections, LAN settings.b. uncheck all boxes except automatically detect connection settings
c. click OK to apply the changes.
d. check if the problem persists.Method 3: If the methods above do not help, check if the wireless card is very well and try to update the drivers on the manufacturer's Web site.
a. click Start and right-click my computer.
b. Select Properties and then click the hardware tab.
c. click on Device Manager and expand network adapters in the list.
d. right click on the adapter, then click Properties.
e. click the driver tab and click Update the driver.Please follow the steps and let us know if this helped. If the problem persists, answer and we will be happy to help you.
-
I have three users who have no problem with read/write & record readers records secure network access. I have two users who can read some files and save in some files, but cannot save or access certain folders even after receiving full access read/write for all files in the network drive. Help, please. The computers running Vista Ultimate and server access to Windows Server 2003. Thanks for your times * address email is removed from the privacy *.
Problems related to access to the files on a server networked in a business environment are a produce little for Windows answers Forum. I recommend you repost the question either in the Technet Forum to the:http://social.technet.microsoft.com/Forums/en-us/winserverfiles/threads orhttp://social.technet.microsoft.com/Forums/en-us/itprovistanetworking/threads.
I don't know that someone there can help you.
Good luck!
Lorien - MCSA/MCSE/network + / has + - if this post solves your problem, please click the 'Mark as answer' or 'Useful' button at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.
-
vSwitch ESXi 5.1 workaround to virtual machines (direct access to the network)
Hello world!
I have a server running properly the 5.1 ESXi hypervisor and got inside the physical grid active router with DHCP. How can I configure the vSwitch on ESXi 5.1 work not managed on the network, without VLAN and have direct access to the network?
Just to clarify, I would like to first of all virtual machines VMware Workstation works - if it is possible to run several virtual machines and define all NICS (Network Interface Card) as connected by a bridge, that is to say. Each VM gets the specific configurations of IP to the external router.
Since now, thank you very much for the help!
Best regards
Eduardo
With ESXi the vSwitches work comparable to Bridged networking, so there is really nothing special to do.
André
-
LATITUDE DE820 wiped out loaded XP drivers DELL &; SW, no access to the network
Everyone out there - I need HELP... I bought a second hand LATITUDE DE820 with Windows 7 above and it worked fine (also WIFI). I need to load XP Prof on it (Yes...) and therefore all DELL SW disappeared (had no CD DELL) that I loaded package XP 3 Service that I plugged in Ethernet, but I also have a WLAN - but NO communication to all NETWORKS. Ping an IP address any LAN brings 'Host unreachable' IPConfig/all shows: IP of Windows host Setup...: laptop Prim. DNS: Enter Mode: Broadcast IP routing enabled: No. WINS Proxy enabled: Ethernet adapter without Bluetooth network connection: media state: media disconnected Description: peripheral physical addr Bluetooth (Personal Area Network): Mac addr. Control Panel-> network connections displays LAN at the Connecticut 1394 network adapter (properties: peripheral works properly, driver: MS 07/01/2001!) Connection status: connected but 0 packet protocols: f. Client Microsoft NW File & Printer sharing TCP - IP - trying to hit the repair-> msg "TCP/IP not enabled for this connection") Conclusion: I think that my XP drivers are too old, or not DELL problem: I have no access to the network - minimum need drivers update for access to Internet, and then upgrade to download that/those pilot on a Non-Dell PC then CD, then install on the laptop don't know DELL HW, used Service tag to find 11 drivers, drivers resp. 75 for that I think it's a driver of 'network' - but don't know what or any other suggestion? Thks for any help Peter
Well well maybe it was because I realized that I needed to insert HTML
to get my text with line breaks.
But in any case the problem is solved by support group European German DELL who responded very quickly by there DELL Forum and help me great to go again. Thank you DELL-Dave S.
Problem solved by:
followind drivers downloaded from the CD, and then installed on D820
WLAN: HTTP://WWW.DELL.COM/SUPPORT/DRIVERS/DE/DE/DEBSDT1/DRIVERDETAILS/PRODUCT/LATITUDE-D820?DRIVERID=R257701&OSCODE=WW1&FILEID=2731111614&LANGUAGECODE=DE&CATEGORYID=NI.
LAN: HTTP://WWW.DELL.COM/SUPPORT/DRIVERS/DE/DE/DEBSDT1/DRIVERDETAILS/PRODUCT/LATITUDE-D820?DRIVERID=04VK6&OSCODE=WW1&FILEID=2731090506&LANGUAGECODE=DE&CATEGORYID=NI.
Now using Ethernet and wireless network worked with access to the network, all the others downloaded drivers from the net.
Viva -
Restrict access to the network on 871 router via mac address
Hello
I have a Cisco 871 router and I am trying to allow only specific MAC addresses access to the network. Is there a way to specify that only specific MAC addresses are allowed to access? Any other MAC access will be denied?
I can either have static IP or DHCP for local machines.
Can I use this "secure DHCP IP address assignment" details found here... http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftdsiaa.html ?
I use these...
static Mac address table
OR
Security table of Mac addresses
... to achieve this?
Thank you.
You can use "mac-address-table static" If you know all the mac addresses that will be connected.
If the router is by distributing ip addresses so you can indeed do secure IP DHCP address assignment.
Note that you can make a 'mac access-list' switch and aplly in any vlan you want.
Alternatively, you can do "dhcp snooping" allowing guests who got a dhcp ip addresses and are not identity theft.
I hope it helps.
PK
-
Update Windows 7 pro (10 users) network January 1, 2013.
Now, for more than 4 users connect an access across the network apps stop apparently.
Any thoughts?
Hello
Your question is beyond the scope of these forums. Please ask your question in the following forum.
Windows 7 networking:
http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads
Concerning
-
Lost remote access to the internal network after upgarding PIX to 7.0
I improved our box of PIX 515E Cisco to release 6.3 7.0 (5) and lost connectivity outside of the internal servers through a VPN connection. Any ideas as to why or how this happened?
If you use the split tunneling, this is probably the question.
Is the bug id: CSCeh69389
This Bug says:
When you upgrade a PIX 6.x to 7.0, if split tunneling is underway
used for remote access clients, then the conversion of config
process will not convert the list of split tunnel command, because
the ACL of splitting 6.x tunnel was allowed to be of type 'expanded '.
whereas in 7.0 the ACL must be ' standard '.
To solve the problem, take the extended ACL and manually convert it to a
Standard ACL, specifying the networks you want encrypted. Times
the new ACL is in the config, it must be applied under the
Group Policy.
EX:
SplitTunnel list standard access allowed 10.1.1.0 255.255.255.0
internal RemoteAccess group strategy
Group Policy attributes RemoteAccess
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list SplitTunnel
-
Routing and remote access to the Server 2003
I configured the remote access and routing service in my Server 2003 duly NAT enabled. All my clients are not in the field. All use internet and intranet connection using my proxy authentication provided by the administrator of the proxy server. I would like to restrict the clients except intranet connection. How to limit the customer?
Post in the Windows Server Forums:
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/ -
I opted for the "Restore default settings" option in the firewall while working on a client-side computer. For this reason got disabled the option "remote share' and now I can't access the machine remotely. The machine (which is not in the same network) does not monitor or keyboard attached to her and her to a different location so I can't physically connect you and activate this option.
I tried to disable the firewall remotely, but the following command does not work.
PsExec \\hostname u user_name password cmd.exe PeiIt returns the following:
Could not access ServerName
The network name cannot be found
Make sure you share the default admin$ is enable ServerName
This fact has not resolved the question above.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem\\\ and create or edit a REG_DWORD LocalAccountTokenFilterPolicy value and set the value to 1
Help, please.
Hello
The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.
TechNet Forum
http://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w7itpronetworking%2Cw7itprovirt&filter=AllTypes&sort=lastpostdescHope this information is useful.
Maybe you are looking for
-
HP ENVY 17 t-j000 Quad Edition: back to Windows 8 for a clean install of Windows 7
Hello My machine came with windows 8. I created the recovery using HP Recovery Manager and then CLEAN Media installed windows 7. Now, I want to take the ferry for windows 8. USB recovery I created got no .exe file. And on Windows 7 there is no HP Rec
-
Qosmio G50: HDMI to DVI output Monitor & other related issues
I would appreciate more help with this one as literature and research provided no firm indication. Situation is that I am awaiting delivery of a G50-10 and a DynaDock, and before opening the box I want to be sure that I can achieve key objectives. In
-
My 2012 macbook pro mid has a 3 USB port
my macbook pro has a USB 3 port and if so, what port is it?
-
Connect ipad to wireless printer
I think purchaing an ipad and I was wondering if I would be able to connect to my printer HP Deskjet D5560 wireless. I change the firmware of the printer to do this? Thanks for any help.
-
Why my laptop lost power (disable) unexpectably so that in the middle of my work?
If I play a game, read e-mail, or he is idle, my laptop turns off. It is powered by the AC adapter and shows a full battery.