What support DH Cisco ASA 14 group and more
What support DH Cisco ASA 14 group and more.
Model and IOS
Hi John,.
You must have ASA executes code 9.1 and above for DH group 14 and this only work for ikev2 only.
Kind regards
Aditya
Please evaluate the useful messages and mark the correct answers.
Tags: Cisco Security
Similar Questions
-
Back on the cisco ASA 5500 series and PIX 500 series
Hello
I fund a site www http://www.searchsecurity.de/themenkanaele/plattformsicherheit/schwachstellenmanagement/allgemein/articles/106752/ (only in German). I have read that it is possible to make a denial of service on cisco PIX 500 series and series 5500 ASA, when the TTL value is enabled.
How can I check that? or solve the problem?
I thank you,
Mary
What version of the code you run the Pix or ASA. Refer to the "Products affected" section for more information on versions and the products concerned. This should point you in the right direction.
Also, listed in the URL is bypasses and fixed Versions that you may want to check.
Kind regards
Arul
-
What is the difference between the Group and join?
I understand what is the grouping of contacts. and I saw the impact of joinging contacts but why would I do that? He takes the contacts that join off the my list of good contacts individuals list is deleted and all that remains is the name of the principal that joined you.
Why do this?
If you have the same contact in more than one group of Gmail, the droid will join them together. This prevents duplicates appear in the contacts list.
-
How to configure ASDM Cisco ASA 5505
I have a Cisco ASA 5505 firewall, and currently it is a command-line firewall. I want to configure ASDM so that I can use it as a Web based GUI interface.
I don't really know what to do. Can someone help me please how I can configure ASDM on my firewall.
Kind regards
Naushad Khan
Hi Naushad,
First of all, must load the image ASSDM on SAA and then use the command:
ASDM image dosk0: / asdm645.bin (if the image name is asdm645.bin)
then:
Enable http server
http 10.0.0.0 255.0.0.0 inside (if your machine is 10.0.0.0 subnet behind inside the inetrafce)
Go to the machine, open a browser and type:
It will open the GUI.
Thank you
Varun
Please evaluate the useful messages.
-
Major difference between the Group and the organizational unit?
Pls explain me what is the difference between the groups and the organization unit in simple terms with an example in real time.
Hello
https://en.Wikipedia.org/wiki/Organizational_unit _ (computing)
https://en.Wikipedia.org/wiki/Group _ (computing)
See you soon.
-
It is recommended to have a vulnerability for Cisco ASA device scan.
Dear everybody.
I have a doubt about the analysis of vulnerabilities for Cisco ASA device. Currently we have a vulnerability to network devices include firewalls. But after race for cisco ASA vulnerability scanning, found nothing in the analysis report.
Is it is recommended to have a Cisco ASA vulnerability scanning and it will defeat the purpose of the firewall?
I do not understand you ask you can set the ASA to allow an external user, run an analysis on the internal network?
If so the answer is generally no. The ASA, by default, not allow incoming connections (or attempts of connections) that are not explicitly allowed in a list of inbound access (applied to the external interface). In most cases there should also be (NAT) network address translation rules configured.
If you had a remote access VPN, you can allow external scanner to connect through that, then they would have the necessary access to analyze internal systems (assuming that allowed VPN access to all internal networks)
-
The difference between the groups and roles?
Hi all
What is the difference between the groups and roles?
Thanks for your time and your help.Oracle doesn't have anything called a 'group '.
A role is a named object that can contain a set of privileges. All members may be individual privileges or may be another role that contains its own set of privileges. Roles can then be granted to users (or other roles) so that the users (or roles) have the specified privileges.
See the SQL language reference - http://docs.oracle.com/cd/B28359_01/server.111/b28286/toc.htm
Read the topics for CREATE ROLE, GRANT and REVOKE
-
data tables store information of groups and users?
Hi all
I want to export all the information of users and groups on the Administration of BI tool. only I can copy them one by one. are there other methods?
who knows what data tables store information of groups and users?
Thank you
Dan.Hi dan,.
As you can not access the link which is very informative. Never I've implemented it but john's suggestion, it should work
Courtesy John: -.
OBIEE get all RPD users
I had to get all the users a repository very large because they where to implement a new security model. Wrote a small script to make life easier:' Read_Users.VBS
"John Minkjan
"http:// http://www.obiee101.blogspot.com/
' Get all the users from a repository
1: do an export the PRD UDML using nqgenudml.exe
2: change the location/name of file in this script
3: run the script in the cscript Read_Users.VBS command line > users.txt
Set objFSO = CreateObject ("Scripting.FileSystemObject")"this point your EXPORTSet UDML
objFile = objFSO.OpenTextFile ("E:\names.txt", ForReading)Const ForReading = 1
Dim arrFileLines()
Dim strRLinedim strTemp1dim strTemp2I have = 0
Up to objFile.AtEndOfStream
strRline = objFile.ReadLine
If left(strRline,12) = "USER to DECLARE" then
ReDim Preserve arrFileLines (i)
arrFileLines (i) = strRline
i = i + 1
end if
LoopobjFile.Close
"Then you can iterate over it like that"
For each strLine in arrFileLines
strTemp1 = MID (strLine, 15: 50)
IF instr (strline,"}" ") > 0 THEN
strTemp2 = MID (strLine, instr(strline,"{") + 1, (instr(strline,"}") - (instr(strline,"{") + 1))) ELSE strTemp2 = «»
END IF
WScript.Echo MID (strTemp1, 1, instr(strTemp1, """)-1) &"; '& strtemp2 '.
NextOBIEE get all users and roles of RPD
In this http://obiee101.blogspot.com/2009/06/obiee-get-all-users-from-rpd.html post I showed you how to get users to the RPD. That take as a point of departure it is a small step to get users and roles they have and put the export in a XLS:' Read_Usergroups.VBS 'John Minkjan' http: / / http://www.obiee101.blogspot.com/
' Get all the users from a repository
1: do an export the PRD UDML using nqgenudml.exe
2: change the location/name of file in this script
3: run the script in the cscript Read_Usergroups.VBS command line > users.txt
4: put the export in a pivot table XLSSet objFSO = CreateObject ("Scripting.FileSystemObject")
"this point your EXPORT UDML
Set objFile = objFSO.OpenTextFile ("E:\usergroup.txt", ForReading)
Const ForReading = 1
Dim arrFileLines()
Dim strRLine
Dim strTemp1
Dim strTemp2
Dim strTemp3
Dim intRoles
intRoles = 0
I have = 0
WScript.Echo "username; FULL_NAME; ROLE; COUNT. "
Up to objFile.AtEndOfStream
strRline = objFile.ReadLine
If left(strRline,12) = arrFileLines (i) 'DECLARE the USER', then Redim Preserve
strTemp1 = MID (strRLine, 15, 50)
strTemp1 = MID (strTemp1, 1, instr(strTemp1, """)-1)
IF instr (strRline,"}" ") > 0 THEN
strTemp2 = MID (strRLine, instr(strRline,"{") + 1, (instr(strRline,"}") - (instr(strRline,"{") + 1)))
ON THE OTHER
strTemp2 = «»
END IF
arrFileLines (i) = strTemp1 &"; "& strtemp2
intRoles = 1
i = i + 1
end if
If intRoles > = 1 then
If instr (strRline, "has ROLES (" ") > 0 then
intRoles = 2
end if
If intRoles = 2 and instr (strRline, "a of the ROLES (" ") = 0 then
strTemp3 = MID (strRline, instr (strRline, "" "") + 1.50)
strTemp3 = MID (strTemp3, 1, instr(strTemp3, """)-1)
WScript.Echo arrFileLines(i-1) &"; "& strTemp3 &"; 1 "
end if
If intRoles = 2 and instr (strRline)",") > 0 then intRoles = 0
end if
end ifLoop
objFile.CloseUPDATE POST
Is your on the right track, work these steps you will find glory... I force try it or needed me.hope helped you
Kind regards
Murielle.Published by: Kranthi.K on June 1st, 2011 02:28
-
Need help in the optimization of the query with the Group and joins by clause
I'm having the problem by running the following query... It takes a lot of time. To simplify, I added the two tables FILE_STATUS = stores the file load details and COMM table Board table job showing records treated successfully and which was communicated to the other system real. Records with status = T is trasnmitted to another system and traansactions with P is waiting.
Here's the query I wrote to give me the details of the file that has been loaded into the system. He reads the table of State and the commission files to display the name of the file, total records loaded, total at the table of the commission and the number of records which has finally been passed successfully loaded (Status = T) with other systems.CREATE TABLE FILE_STATUS (FILE_ID VARCHAR2(14), FILE_NAME VARCHAR2(20), CARR_CD VARCHAR2(5), TOT_REC NUMBER, TOT_SUCC NUMBER); CREATE TABLE COMM (SRC_FILE_ID VARCHAR2(14), REC_ID NUMBER, STATUS CHAR(1)); INSERT INTO FILE_STATUS VALUES ('12345678', 'CM_LIBM.TXT', 'LIBM', 5, 4); INSERT INTO FILE_STATUS VALUES ('12345679', 'CM_HIPNT.TXT', 'HIPNT', 4, 0); INSERT INTO COMM VALUES ('12345678', 1, 'T'); INSERT INTO COMM VALUES ('12345678', 3, 'T'); INSERT INTO COMM VALUES ('12345678', 4, 'P'); INSERT INTO COMM VALUES ('12345678', 5, 'P'); COMMIT;
In production, this request has several joins and takes a long time to deal with... the main culprit for me is the join on the COMM table to count the number of number of transactions sent. Please can you give me tips to optimize this query to get results faster? What I need to delete the Group and use the partition or something else. Help, please!SELECT FS.CARR_CD ,FS.FILE_NAME ,FS.FILE_ID ,FS.TOT_REC ,FS.TOT_SUCC ,NVL(C.TOT_TRANS, 0) TOT_TRANS FROM FILE_STATUS FS LEFT JOIN ( SELECT SRC_FILE_ID, COUNT(*) TOT_TRANS FROM COMM WHERE STATUS = 'T' GROUP BY SRC_FILE_ID ) C ON C.SRC_FILE_ID = FS.FILE_ID WHERE FILE_ID = '12345678';
Don't know if it will be faster based on the information provided, but analytical functions offer an alternative approach;
select carr_cd, file_name, file_id, tot_rec, tot_succ, tot_trans from (select fs.carr_cd, fs.file_name, fs.file_id, fs.tot_rec, fs.tot_succ, count(case when c.status = 'T' then 1 else null end) over(partition by c.src_file_id) tot_trans, row_number() over(partition by c.src_file_id order by null) rn from file_status fs left join comm c on c.src_file_id = fs.file_id where file_id = '12345678') where rn = 1; CARR_CD FILE_NAME FILE_ID TOT_REC TOT_SUCC TOT_TRANS ------- -------------------- -------------- ---------- ---------- ---------- LIBM CM_LIBM.TXT 12345678 5 4 2
-
Is supported PPTP vpn cisco ASA 5520 firewall?
Hi all
I'm Md.kamruzzaman. My compnay buy a firewall of cisco asa 5520 and I want to configure PPTP vpn on asa 5520 firewall. Is it possible to configure the PPTP vpn to asa firewall. If possible can you please tell me what is the procedure to configure the PPTP vpn.
Best regards
MD.kamruzzaman
Sorry, but the Cisco ASA firewall does not support PPTP VPN termination.
You may terminate IPSec and SSL VPN but not of type PPTP.
If you are new to the ASA, how best to configure the supported VPN types is via the VPN Wizard integrated into the application of management of ASSISTANT Deputy Ministers.
-
Hello
The problem:
Our technology smart tunnel doesn't seem to be forward traffic to our new customer from the view. I wonder what kind of configuration changes must be considered to enable such a connection. The error returned when searching for the host name goes in the direction of the hostname not found. Error finding of intellectual property is related to the time-out.
Background information and specifications:
We are in the process of upgrading our servers from 5.2 to 6.2 connection. As part of the upgrade, we want to improve our customers for the Horizon to use version 3.5.0. To make it easier on vendors and remote computers we prefer also to our Horizon View Client with ThinApp 4.7.3 ThinApp. We currently have a Cisco ASA, supporting a SSL VPN portal with "Smart Tunnel" technology. The ASA is currently on firmware 9.3.3 in production, but we have access to version 9.5 in test.
Preferred connection scenario:
User > PC > VMware View Client (ThinApp would be) > Cisco ASA Smart Tunnel > view connection server > Virtual Office
.exe running on the client to view ThinApp:
It seems the ThinApp Client version view is only launching VMware - view.exe.
.exe running from the customer view full/thickness:
VMware - view.exe
-ftnlsv.exe
-vmwsprrdpwks.exe
-ftscanmgr.exe
There is something else to consider when the view client configuration ThinApp or thickness to work with Cisco SSL VPN Portal and the Smart Tunnel? We should have ports configured in the client in connection with the same view Firewall works with SSL VPN Portal port redirector functionality.
We have not been able to find any documentation on how to properly configure the smart to work with the New Horizon 3.5.2 client Tunnel. A ticket of troubleshooting with Cisco suggests that the Smart Tunnel feature still perhaps not compatible with this new Horizon (thin or thick) client. Currently, we are looking at other options because it is not not clear whether Cisco will be able to get us the confirmation or offer a solution without delay of our project to upgrade. Maybe stick to the previous VMware View Client version 5.4.0 which we know work with Smart Tunnel in some situations and with the redirector port for others.
-
Initial installtion for firepower and cisco ASA
Hello
is there any clear guide to install the device VM firesight with integration of module power of fire ASA? I found some documents that explained the ASA device unit firesight recording. I did it properly. but I amd knows exactly how to create rules in firesight and apply it on the device of the asa.
Thanks in advance
Koffi bayet
Hi, Fabien,
This link would be useful.
To install the firepower on SAA
http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...
To install the firepower on ESXI Management Center
http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...
Once you save the Manager module using the link below, you should be able to navigate and create/modify the policy strategy to establish rules for the module of firepower.
http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...
You can check this link for the example configuration of url filtering.
http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...
The fire power user guide has all the information
http://www.Cisco.com/c/en/us/TD/docs/security/firepower/601/configuratio...
Rate if helps.
Yogesh
-
Problem with the Cisco ASA 5525 X SFR and Firesight high school
Hi team,
We have two ASA 5525 X installed on them and Firesight in a Linux VM whose two SFRs are registered with SFR failover mode. We use the SAA secondary off the hook if the primary fails to turn on the secondary manually switch the wan cable. I turn on the ASA secondary every weekend to take the configuration of the primary for the ASA and the SFR and close by button walk / stop.
Last week I turn on high school ASA and the Firesight couldn't see the secondary SFR and show the message below:
Module device heartbeat: device
> don't send heartbeats. (I should mention I can Pinger the IP ADDRESS)
I tried to study the problem without success.
I also deleted the sensor just Firesight devices management in case something is stuck, and I'm trying to re added without success.
I'm new in firepower so... any ideas?
Thank you
Finally, this problem has been resolved by the redefinition of firepower:
see detailed here procedure to perform this redefinition;
http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...
Before that, it appeared that firepower was not very healthy:
After a success "" configure Manager add xxxxx"command.
the command of managers show show nothing;
He should have shown this result:
> Display managers
Host: 193.193.2.75
Registration key: AZERTY
Inscription: pending
State of the PRC:on the other hand, in expert mode, the following command shows several processes (and not in the normal state):
sudo pmtool status | grep-i down
Last point,
After the recreation and reconfigure all this fire power, installed in the ASA secondary standby, was considered to be OK under Firesight health Monitor,.
but after 10mins, it appeared in critical condition with the following message:
"Interface"DataPlaneInterface0"receives not all packages.
This is normal and due to the fact that Eve ASA receives no flow and the same goes for firepower inside this ASA;
by performing a failover from the primary to the secondary ASA, this critical message disappeared for firepower inside the ASA Sec and appeared for firepower inside the ASA elementary school
-
The traffic load between the power of Cisco ASA and FireSight Management Center fire
Hi all
I have a stupid question to ask.
Can I know what is the traffic load and the e/s flow between firepower Cisco ASA and FireSight Management Center?
Currently working on a project, client require such information to adapt to their network. Tried to find in the document from Cisco, but no luck.
Maybe you all have no idea to provide.
It varies depending on the number of events reported from the module to the CSP. No event = only health controls and policy changes are exchanged. 10,000 events per second = much more traffic.
Generally it is not a heavy load, however.
-
VLANS with Cisco ASA 5505 and non-Cisco switch
I have an ASA5505 and a switch Netgear GSM7224 L2 that I try to use together. I can't grasp how VLANs (or at least how they should be put in place). When configuring my VLAN on the ASA5505 it seems simple enough, but then on my switch, I thought I'd create just the same VLAN numbers that I used on the SAA and then add the ports that I wanted to use for each VLAN.
Currently on my ASA, I have the following VLAN configured...
outside - vlan11 - Port 0/0
inside - vlan1 - Port 0/1
dmz_ftp - vlan21 - Port 0/2
Port of Corp - vlan31 - 0/3
I need to do the same thing on my switch as well... On my way, I'm a little confused as to how I need to configure the VLAN. Below is the screenshot of web GUI...
Note: Normally you can now change the VLAN ID (red), but in this case the default vlan (vlan id 1) may not be changed or deleted, you can does not change its settings.
Tagged (green), Untagged (purple) and Autodetect (yellow) you must select at least 1. I'm not sure how to in one place to tell my inner vlan (vlan1).
I want VLAN1 ports 1-8 on my Netgear switch used alone to talk to interface/0/1 on the ASA5505 port. I don't want to NOT port 9-24 able to talk to ports 1-8 on the Netgear switch ports OR 0/0, 0/2 - 0 / 7 on the Cisco ASA 5505.
So, how can I configure my inner Vlan1 on ports 1-8 on the switch? Do mark, UNTAG, autodetect them? What about tours? I've been a bit the impression that I would set up my VLAN on both devices, then trunk port 1 and dedicate this port on both devices to nothing other than the sheath and the security of vlan would then take the packages where they need to go. Is this the wrong logic?
Hi Arvo,
If the port of the ASA is just part of a single VLAN (i.e. e0/0 single door 11 VLAN), this is called an access port. If the port of the ASA had to carry several VLANs, it would constitute a Trunk port.
To access ports (VLAN unique), you must set the switch corresponding to be unidentified for port this VLAN individual. If you decide to configure a trunk port, then the port of the switch must be set for labelling for each of VLAN who win the trunk.
For example, ASA I have:
interface Ethernet0/1
switchport access vlan 20
!
interface Vlan20
nameif inside
security-level 100
ip address 192.168.100.254 255.255.255.0
With the above configuration, the configuration of the switch would look like this (assuming the e0/1 port of the SAA is connected to 0/1 on the switch):
VLAN 20 - 0/1 = untagged
If instead you use a trunk port, the config would look like this:
interface Ethernet0/0
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface Vlan10
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan20
nameif inside
security-level 100
ip address 192.168.100.254 255.255.255.0
Assuming that the ASA e0/0 port is connected to 0/1 on the switch):
VLAN 10 - 0/1 = tagged
VLAN 20 - 0/1 = tagged
Hope that helps.
-Mike
Maybe you are looking for
-
CF and it recharges from the update of the volte
Since the component volte/advanced OS update my turbo has been real flaky. Lots of FCs and the occasional reboot. Once he even factory reset. Any ideas?
-
I have VI moreover written in Labview 8.5. These programs can work well in labview 8.5. Should I convert these programs VI Labview 2012 when I want to run these programs in 2012 of Labview? Thank you.
-
HP touchsmart 300 pc tv tuner entry burned
I came home, I forgot that I had left my pc on all day, I smelled something that was burned. I noticed that the cable to the tv input wire was burned, about 4 inches from the end. Got cable, research in the area of entry on the pc, I see it is burned
-
"Several times I am receving the dialog box with" visual basic command-line compiler.
"Several times I am receving the dialog box with" visual basic command-line compiler.
-
Hidden view updates themselves!
Can someone tell me why I have hide, they come back a few days later? I'm sure they are hidden, and yet the next time there are updates. Windows tries to install the same updates that I had previously hidden me. I don't want updates for a reason! Tha