What support DH Cisco ASA 14 group and more

What support DH Cisco ASA 14 group and more.

Model and IOS

Hi John,.

You must have ASA executes code 9.1 and above for DH group 14 and this only work for ikev2 only.

Kind regards

Aditya

Please evaluate the useful messages and mark the correct answers.

Tags: Cisco Security

Similar Questions

  • Back on the cisco ASA 5500 series and PIX 500 series

    Hello

    I fund a site www http://www.searchsecurity.de/themenkanaele/plattformsicherheit/schwachstellenmanagement/allgemein/articles/106752/ (only in German). I have read that it is possible to make a denial of service on cisco PIX 500 series and series 5500 ASA, when the TTL value is enabled.

    How can I check that? or solve the problem?

    I thank you,

    Mary

    What version of the code you run the Pix or ASA. Refer to the "Products affected" section for more information on versions and the products concerned. This should point you in the right direction.

    Also, listed in the URL is bypasses and fixed Versions that you may want to check.

    Kind regards

    Arul

  • What is the difference between the Group and join?

    I understand what is the grouping of contacts. and I saw the impact of joinging contacts but why would I do that? He takes the contacts that join off the my list of good contacts individuals list is deleted and all that remains is the name of the principal that joined you.

    Why do this?

    If you have the same contact in more than one group of Gmail, the droid will join them together. This prevents duplicates appear in the contacts list.

  • How to configure ASDM Cisco ASA 5505

    I have a Cisco ASA 5505 firewall, and currently it is a command-line firewall. I want to configure ASDM so that I can use it as a Web based GUI interface.

    I don't really know what to do. Can someone help me please how I can configure ASDM on my firewall.

    Kind regards

    Naushad Khan

    Hi Naushad,

    First of all, must load the image ASSDM on SAA and then use the command:

    ASDM image dosk0: / asdm645.bin (if the image name is asdm645.bin)

    then:

    Enable http server

    http 10.0.0.0 255.0.0.0 inside (if your machine is 10.0.0.0 subnet behind inside the inetrafce)

    Go to the machine, open a browser and type:

    https://

    It will open the GUI.

    Thank you

    Varun

    Please evaluate the useful messages.

  • Major difference between the Group and the organizational unit?

    Pls explain me what is the difference between the groups and the organization unit in simple terms with an example in real time.

    Hello

    https://en.Wikipedia.org/wiki/Organizational_unit _ (computing)

    https://en.Wikipedia.org/wiki/Group _ (computing)

    See you soon.

  • It is recommended to have a vulnerability for Cisco ASA device scan.

    Dear everybody.

    I have a doubt about the analysis of vulnerabilities for Cisco ASA device. Currently we have a vulnerability to network devices include firewalls. But after race for cisco ASA vulnerability scanning, found nothing in the analysis report.

    Is it is recommended to have a Cisco ASA vulnerability scanning and it will defeat the purpose of the firewall?

    I do not understand you ask you can set the ASA to allow an external user, run an analysis on the internal network?

    If so the answer is generally no. The ASA, by default, not allow incoming connections (or attempts of connections) that are not explicitly allowed in a list of inbound access (applied to the external interface). In most cases there should also be (NAT) network address translation rules configured.

    If you had a remote access VPN, you can allow external scanner to connect through that, then they would have the necessary access to analyze internal systems (assuming that allowed VPN access to all internal networks)

  • The difference between the groups and roles?

    Hi all

    What is the difference between the groups and roles?

    Thanks for your time and your help.

    Oracle doesn't have anything called a 'group '.

    A role is a named object that can contain a set of privileges. All members may be individual privileges or may be another role that contains its own set of privileges. Roles can then be granted to users (or other roles) so that the users (or roles) have the specified privileges.

    See the SQL language reference - http://docs.oracle.com/cd/B28359_01/server.111/b28286/toc.htm

    Read the topics for CREATE ROLE, GRANT and REVOKE

  • data tables store information of groups and users?

    Hi all

    I want to export all the information of users and groups on the Administration of BI tool. only I can copy them one by one. are there other methods?
    who knows what data tables store information of groups and users?

    Thank you
    Dan.

    Hi dan,.

    As you can not access the link which is very informative. Never I've implemented it but john's suggestion, it should work

    Courtesy John: -.

    OBIEE get all RPD users
    I had to get all the users a repository very large because they where to implement a new security model. Wrote a small script to make life easier:

    ' Read_Users.VBS
    "John Minkjan
    "http:// http://www.obiee101.blogspot.com/
    ' Get all the users from a repository
    1: do an export the PRD UDML using nqgenudml.exe
    2: change the location/name of file in this script
    3: run the script in the cscript Read_Users.VBS command line > users.txt
    Set objFSO = CreateObject ("Scripting.FileSystemObject")

    "this point your EXPORTSet UDML
    objFile = objFSO.OpenTextFile ("E:\names.txt", ForReading)

    Const ForReading = 1
    Dim arrFileLines()
    Dim strRLinedim strTemp1dim strTemp2

    I have = 0

    Up to objFile.AtEndOfStream
    strRline = objFile.ReadLine
    If left(strRline,12) = "USER to DECLARE" then
    ReDim Preserve arrFileLines (i)
    arrFileLines (i) = strRline
    i = i + 1
    end if
    Loop

    objFile.Close
    "Then you can iterate over it like that"
    For each strLine in arrFileLines
    strTemp1 = MID (strLine, 15: 50)
    IF instr (strline,"}" ") > 0 THEN
    strTemp2 = MID (strLine, instr(strline,"{") + 1, (instr(strline,"}") - (instr(strline,"{") + 1))) ELSE strTemp2 = «»
    END IF
    WScript.Echo MID (strTemp1, 1, instr(strTemp1, """)-1) &"; '& strtemp2 '.
    Next

    OBIEE get all users and roles of RPD
    In this http://obiee101.blogspot.com/2009/06/obiee-get-all-users-from-rpd.html post I showed you how to get users to the RPD. That take as a point of departure it is a small step to get users and roles they have and put the export in a XLS:

    ' Read_Usergroups.VBS 'John Minkjan' http: / / http://www.obiee101.blogspot.com/
    ' Get all the users from a repository
    1: do an export the PRD UDML using nqgenudml.exe
    2: change the location/name of file in this script
    3: run the script in the cscript Read_Usergroups.VBS command line > users.txt
    4: put the export in a pivot table XLS

    Set objFSO = CreateObject ("Scripting.FileSystemObject")
    "this point your EXPORT UDML
    Set objFile = objFSO.OpenTextFile ("E:\usergroup.txt", ForReading)
    Const ForReading = 1
    Dim arrFileLines()
    Dim strRLine
    Dim strTemp1
    Dim strTemp2
    Dim strTemp3
    Dim intRoles
    intRoles = 0
    I have = 0
    WScript.Echo "username; FULL_NAME; ROLE; COUNT. "
    Up to objFile.AtEndOfStream
    strRline = objFile.ReadLine
    If left(strRline,12) = arrFileLines (i) 'DECLARE the USER', then Redim Preserve
    strTemp1 = MID (strRLine, 15, 50)
    strTemp1 = MID (strTemp1, 1, instr(strTemp1, """)-1)
    IF instr (strRline,"}" ") > 0 THEN
    strTemp2 = MID (strRLine, instr(strRline,"{") + 1, (instr(strRline,"}") - (instr(strRline,"{") + 1)))
    ON THE OTHER
    strTemp2 = «»
    END IF
    arrFileLines (i) = strTemp1 &"; "& strtemp2
    intRoles = 1
    i = i + 1
    end if
    If intRoles > = 1 then
    If instr (strRline, "has ROLES (" ") > 0 then
    intRoles = 2
    end if
    If intRoles = 2 and instr (strRline, "a of the ROLES (" ") = 0 then
    strTemp3 = MID (strRline, instr (strRline, "" "") + 1.50)
    strTemp3 = MID (strTemp3, 1, instr(strTemp3, """)-1)
    WScript.Echo arrFileLines(i-1) &"; "& strTemp3 &"; 1 "
    end if
    If intRoles = 2 and instr (strRline)",") > 0 then intRoles = 0
    end if
    end ifLoop
    objFile.Close

    UPDATE POST
    Is your on the right track, work these steps you will find glory... I force try it or needed me.

    hope helped you

    Kind regards
    Murielle.

    Published by: Kranthi.K on June 1st, 2011 02:28

  • Need help in the optimization of the query with the Group and joins by clause

    I'm having the problem by running the following query... It takes a lot of time. To simplify, I added the two tables FILE_STATUS = stores the file load details and COMM table Board table job showing records treated successfully and which was communicated to the other system real. Records with status = T is trasnmitted to another system and traansactions with P is waiting.
    CREATE TABLE FILE_STATUS
(FILE_ID VARCHAR2(14),
FILE_NAME VARCHAR2(20),
CARR_CD VARCHAR2(5),
TOT_REC NUMBER,
TOT_SUCC NUMBER);

CREATE TABLE COMM
(SRC_FILE_ID VARCHAR2(14),
REC_ID NUMBER,
STATUS CHAR(1));

INSERT INTO FILE_STATUS VALUES ('12345678', 'CM_LIBM.TXT', 'LIBM', 5, 4);
INSERT INTO FILE_STATUS VALUES ('12345679', 'CM_HIPNT.TXT', 'HIPNT', 4, 0);

INSERT INTO COMM VALUES ('12345678', 1, 'T');
INSERT INTO COMM VALUES ('12345678', 3, 'T');
INSERT INTO COMM VALUES ('12345678', 4, 'P');
INSERT INTO COMM VALUES ('12345678', 5, 'P');
COMMIT;
    Here's the query I wrote to give me the details of the file that has been loaded into the system. He reads the table of State and the commission files to display the name of the file, total records loaded, total at the table of the commission and the number of records which has finally been passed successfully loaded (Status = T) with other systems.
    SELECT 
    FS.CARR_CD 
    ,FS.FILE_NAME 
    ,FS.FILE_ID
    ,FS.TOT_REC
    ,FS.TOT_SUCC
    ,NVL(C.TOT_TRANS, 0) TOT_TRANS
FROM FILE_STATUS FS
LEFT JOIN
(
    SELECT SRC_FILE_ID, COUNT(*) TOT_TRANS
    FROM COMM
    WHERE STATUS = 'T'
    GROUP BY SRC_FILE_ID
) C ON C.SRC_FILE_ID = FS.FILE_ID
WHERE FILE_ID = '12345678';
    In production, this request has several joins and takes a long time to deal with... the main culprit for me is the join on the COMM table to count the number of number of transactions sent. Please can you give me tips to optimize this query to get results faster? What I need to delete the Group and use the partition or something else. Help, please!

    Don't know if it will be faster based on the information provided, but analytical functions offer an alternative approach;

    select carr_cd, file_name, file_id, tot_rec, tot_succ, tot_trans
  from (select fs.carr_cd,
               fs.file_name,
               fs.file_id,
               fs.tot_rec,
               fs.tot_succ,
               count(case
                        when c.status = 'T' then
                         1
                        else
                         null
                      end) over(partition by c.src_file_id) tot_trans,
               row_number() over(partition by c.src_file_id order by null) rn
          from file_status fs
          left join comm c
            on c.src_file_id = fs.file_id
         where file_id = '12345678')
 where rn = 1;

CARR_CD FILE_NAME            FILE_ID           TOT_REC   TOT_SUCC  TOT_TRANS
------- -------------------- -------------- ---------- ---------- ----------
LIBM    CM_LIBM.TXT          12345678                5          4          2

  • Is supported PPTP vpn cisco ASA 5520 firewall?

    Hi all

    I'm Md.kamruzzaman. My compnay buy a firewall of cisco asa 5520 and I want to configure PPTP vpn on asa 5520 firewall. Is it possible to configure the PPTP vpn to asa firewall. If possible can you please tell me what is the procedure to configure the PPTP vpn.

    Best regards

    MD.kamruzzaman

    Sorry, but the Cisco ASA firewall does not support PPTP VPN termination.

    You may terminate IPSec and SSL VPN but not of type PPTP.

    If you are new to the ASA, how best to configure the supported VPN types is via the VPN Wizard integrated into the application of management of ASSISTANT Deputy Ministers.

  • View of the horizon 3.5.0 and ThinApp v4.7 with Cisco ASA Smart Tunnel 9.3.3

    Hello

    The problem:

    Our technology smart tunnel doesn't seem to be forward traffic to our new customer from the view.  I wonder what kind of configuration changes must be considered to enable such a connection.  The error returned when searching for the host name goes in the direction of the hostname not found.  Error finding of intellectual property is related to the time-out.

    Background information and specifications:

    We are in the process of upgrading our servers from 5.2 to 6.2 connection.  As part of the upgrade, we want to improve our customers for the Horizon to use version 3.5.0.  To make it easier on vendors and remote computers we prefer also to our Horizon View Client with ThinApp 4.7.3 ThinApp.  We currently have a Cisco ASA, supporting a SSL VPN portal with "Smart Tunnel" technology.  The ASA is currently on firmware 9.3.3 in production, but we have access to version 9.5 in test.

    Preferred connection scenario:

    User > PC > VMware View Client (ThinApp would be) > Cisco ASA Smart Tunnel > view connection server > Virtual Office

    .exe running on the client to view ThinApp:

    It seems the ThinApp Client version view is only launching VMware - view.exe.

    .exe running from the customer view full/thickness:

    VMware - view.exe

    -ftnlsv.exe

    -vmwsprrdpwks.exe

    -ftscanmgr.exe

    There is something else to consider when the view client configuration ThinApp or thickness to work with Cisco SSL VPN Portal and the Smart Tunnel?  We should have ports configured in the client in connection with the same view Firewall works with SSL VPN Portal port redirector functionality.

    We have not been able to find any documentation on how to properly configure the smart to work with the New Horizon 3.5.2 client Tunnel.  A ticket of troubleshooting with Cisco suggests that the Smart Tunnel feature still perhaps not compatible with this new Horizon (thin or thick) client.  Currently, we are looking at other options because it is not not clear whether Cisco will be able to get us the confirmation or offer a solution without delay of our project to upgrade.  Maybe stick to the previous VMware View Client version 5.4.0 which we know work with Smart Tunnel in some situations and with the redirector port for others.

  • Initial installtion for firepower and cisco ASA

    Hello

    is there any clear guide to install the device VM firesight with integration of module power of fire ASA? I found some documents that explained the ASA device unit firesight recording. I did it properly. but I amd knows exactly how to create rules in firesight and apply it on the device of the asa.

    Thanks in advance

    Koffi bayet

    Hi, Fabien,

    This link would be useful.

    To install the firepower on SAA

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...

    To install the firepower on ESXI Management Center

    http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...

    Once you save the Manager module using the link below, you should be able to navigate and create/modify the policy strategy to establish rules for the module of firepower.

    http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...

    You can check this link for the example configuration of url filtering.

    http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...

    The fire power user guide has all the information

    http://www.Cisco.com/c/en/us/TD/docs/security/firepower/601/configuratio...

    Rate if helps.

    Yogesh

  • Problem with the Cisco ASA 5525 X SFR and Firesight high school

    Hi team,

    We have two ASA 5525 X installed on them and Firesight in a Linux VM whose two SFRs are registered with SFR failover mode. We use the SAA secondary off the hook if the primary fails to turn on the secondary manually switch the wan cable. I turn on the ASA secondary every weekend to take the configuration of the primary for the ASA and the SFR and close by button walk / stop.

    Last week I turn on high school ASA and the Firesight couldn't see the secondary SFR and show the message below:

    Module device heartbeat: device > don't send heartbeats.

    (I should mention I can Pinger the IP ADDRESS)

    I tried to study the problem without success.

    I also deleted the sensor just Firesight devices management in case something is stuck, and I'm trying to re added without success.

    I'm new in firepower so... any ideas?

    Thank you

    Finally, this problem has been resolved by the redefinition of firepower:

    see detailed here procedure to perform this redefinition;

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...

    Before that, it appeared that firepower was not very healthy:

    After a success "" configure Manager add xxxxx"command.

    the command of managers show show nothing;

    He should have shown this result:

    > Display managers
    Host: 193.193.2.75
    Registration key: AZERTY
    Inscription: pending
    State of the PRC:

    on the other hand, in expert mode, the following command shows several processes (and not in the normal state):

    sudo pmtool status | grep-i down

    Last point,

    After the recreation and reconfigure all this fire power, installed in the ASA secondary standby, was considered to be OK under Firesight health Monitor,.

    but after 10mins, it appeared in critical condition with the following message:

    "Interface"DataPlaneInterface0"receives not all packages.

    This is normal and due to the fact that Eve ASA receives no flow and the same goes for firepower inside this ASA;

    by performing a failover from the primary to the secondary ASA, this critical message disappeared for firepower inside the ASA Sec and appeared for firepower inside the ASA elementary school

  • The traffic load between the power of Cisco ASA and FireSight Management Center fire

    Hi all

    I have a stupid question to ask.

    Can I know what is the traffic load and the e/s flow between firepower Cisco ASA and FireSight Management Center?

    Currently working on a project, client require such information to adapt to their network. Tried to find in the document from Cisco, but no luck.

    Maybe you all have no idea to provide.

    It varies depending on the number of events reported from the module to the CSP. No event = only health controls and policy changes are exchanged. 10,000 events per second = much more traffic.

    Generally it is not a heavy load, however.

  • VLANS with Cisco ASA 5505 and non-Cisco switch

    I have an ASA5505 and a switch Netgear GSM7224 L2 that I try to use together.  I can't grasp how VLANs (or at least how they should be put in place).  When configuring my VLAN on the ASA5505 it seems simple enough, but then on my switch, I thought I'd create just the same VLAN numbers that I used on the SAA and then add the ports that I wanted to use for each VLAN.

    Currently on my ASA, I have the following VLAN configured...

    outside - vlan11 - Port 0/0

    inside - vlan1 - Port 0/1

    dmz_ftp - vlan21 - Port 0/2

    Port of Corp - vlan31 - 0/3

    I need to do the same thing on my switch as well...  On my way, I'm a little confused as to how I need to configure the VLAN.  Below is the screenshot of web GUI...

    Note: Normally you can now change the VLAN ID (red), but in this case the default vlan (vlan id 1) may not be changed or deleted, you can does not change its settings.

    Tagged (green), Untagged (purple) and Autodetect (yellow) you must select at least 1.  I'm not sure how to in one place to tell my inner vlan (vlan1).

    I want VLAN1 ports 1-8 on my Netgear switch used alone to talk to interface/0/1 on the ASA5505 port.  I don't want to NOT port 9-24 able to talk to ports 1-8 on the Netgear switch ports OR 0/0, 0/2 - 0 / 7 on the Cisco ASA 5505.

    So, how can I configure my inner Vlan1 on ports 1-8 on the switch?  Do mark, UNTAG, autodetect them?  What about tours?  I've been a bit the impression that I would set up my VLAN on both devices, then trunk port 1 and dedicate this port on both devices to nothing other than the sheath and the security of vlan would then take the packages where they need to go.  Is this the wrong logic?

    Hi Arvo,

    If the port of the ASA is just part of a single VLAN (i.e. e0/0 single door 11 VLAN), this is called an access port. If the port of the ASA had to carry several VLANs, it would constitute a Trunk port.

    To access ports (VLAN unique), you must set the switch corresponding to be unidentified for port this VLAN individual. If you decide to configure a trunk port, then the port of the switch must be set for labelling for each of VLAN who win the trunk.

    For example, ASA I have:

    interface Ethernet0/1
    

    switchport access vlan 20
    

    !
    

    interface Vlan20
    

    nameif inside
    

    security-level 100
    

    ip address 192.168.100.254 255.255.255.0

    With the above configuration, the configuration of the switch would look like this (assuming the e0/1 port of the SAA is connected to 0/1 on the switch):

    VLAN 20 - 0/1 = untagged

    If instead you use a trunk port, the config would look like this:

    interface Ethernet0/0
    

    switchport trunk allowed vlan 10,20
    

    switchport mode trunk
    

    !
    

    interface Vlan10
    

    nameif outside
    

    security-level 0
    

    ip address dhcp setroute
    

    !
    

    interface Vlan20
    

    nameif inside
    

    security-level 100
    

    ip address 192.168.100.254 255.255.255.0

    Assuming that the ASA e0/0 port is connected to 0/1 on the switch):

    VLAN 10 - 0/1 = tagged
    

    VLAN 20 - 0/1 = tagged

    Hope that helps.

    -Mike

Maybe you are looking for