r.spiandorello

Member Since: Mar 16, 2001

English
r.spiandorello commented on two tunnels with the same crypto acl in VPN 3 years ago

Ju, that's what I've done, but I'd like to know if ASA apply stateful logic to the two tunnel, in...

r.spiandorello commented on two tunnels with the same crypto acl in VPN 3 years ago

yes sure, that was my solution but the cloud services provider requested two tunnels. Can I have...

r.spiandorello commented on PAP for anyconnect 3.0 to ACS RSA in VPN 3 years ago

Pratically, I'm not able to disable ms-chap-v2.I'm able to select pap, I'm able to disable chap and...

r.spiandorello commented on ACS 5.3 and authorization profile for RAS in AAA, Identity and NAC 4 years ago

Solved !In RADIUS, I've configured the followings:IETF RADIUS -> service-type -> framedIETF...

r.spiandorello commented on ACS 5.3 and AD connection with new DC in AAA, Identity and NAC 4 years ago

Hi, today ACS is in "connected status" and AD authentication runs well.Without ACS cli commands to...

r.spiandorello commented on ACS 5.3 and AD connection with new DC in AAA, Identity and NAC 4 years ago

Is there a forecast for ACS 5.4 availability ?thanksrs

r.spiandorello commented on ACS 5.3 and AD connection with new DC in AAA, Identity and NAC 4 years ago

Tarik, the reboot has not solved the problem so l'll verify with domain administrator.I'd like a...

r.spiandorello commented on ACS 5.3 and AD connection with new DC in AAA, Identity and NAC 4 years ago

Tarik, I don't need to change the domain, we have only new domain controller servers for the same...

r.spiandorello commented on ACS 5.3 SecurID and AD for vpn access in AAA, Identity and NAC 4 years ago

ok, but can I use RSA for authentication and AD for authorization (in case of user sync between RSA...

r.spiandorello commented on ACS 5.3 and wide chenges on network devices in AAA, Identity and NAC 4 years ago

Hi, ACS 5.3 patch 5, the file operation/update fails with "import failed, please try again later"....

r.spiandorello commented on CSA desktop agent not installing in Intrusion Prevention Systems/IDS 4 years ago

Hi, is there a "forced audit mode" for a CSA for an unsupported OS ? It happens on a vista 64-bit....

r.spiandorello commented on CSM 4.2 sp1 and strange deploy and monitoring behaviour in Security Management 4 years ago

Hi, I have modified the CSM configuration, as suggested in deployment guide, for large site. Now...

r.spiandorello commented on CSM 4.2 sp1 and strange deploy and monitoring behaviour in Security Management 4 years ago

Hi, I have no error if I deploy 4 devices, but if I try to deploy 10 or more devices I received the...

r.spiandorello commented on how to configure netflow on ASA with CSM in Security Management 4 years ago

Following the transcript:! COMMENT: BULK START! COMMENT: Continue on error is chosen for this bulk...

r.spiandorello commented on how to configure netflow on ASA with CSM in Security Management 4 years ago

Hi, it seems CSM 4.2 sp1 still uses "flow-export enable" depraceted command in place of the "flow-...

r.spiandorello commented on how to configure netflow on ASA with CSM in Security Management 4 years ago

Hi, I've found flow-export supported by CSM 4.2 sp1.I've removed flex-Config and I've enabled flow-...

r.spiandorello commented on CSM 4.2 sp1 and strange deploy and monitoring behaviour in Security Management 4 years ago

Hi, I've found the event manager enabled even if the server has only 8 GB of RAM.

r.spiandorello commented on ASA best-practise for ASA remote-access import into CSM in Security Management 4 years ago

Hi, I've imported the ASA 8.2(4) into CSM and the major issue is related to remote-access address-...

r.spiandorello commented on ASA best-practise for ASA remote-access import into CSM in Security Management 4 years ago

Hi, now I'm going to repeat the ASA VPN 8.2(4) import into CSM 4.2 sp1.Do you have suggests ?I have...

r.spiandorello commented on ACS 5.3 and wide chenges on network devices in AAA, Identity and NAC 4 years ago

Thank you very much for the answer !It's clear for the name update, but for the location and type...

r.spiandorello commented on ASA 8.4 and ssh login without asa in Firewalling 4 years ago

So I need "aaa authentication ssh console LOCAL"

r.spiandorello commented on ACS 5.2 and CS-MARS in AAA, Identity and NAC 4 years ago

Hi, it seems no packet has been received by the CS-MARS.Are you sure CS-MARS is compatible with ACS...

r.spiandorello commented on WLSE tacacs+ management in ACS 5.2 in AAA, Identity and NAC 4 years ago

Hi, following a screenshot of an ACS 4.2:thanksrs

r.spiandorello commented on Anyconnect 2.x, certificates and ACS 5.2 samples in AAA, Identity and NAC 4 years ago

Hi, we have realized a pilot with 2-factor authentication (ASA 8.2.x, anyconnect 2.5.x, certificate...

r.spiandorello commented on ASA 8.4 and proxy-arp for static with service in Firewalling 4 years ago

OK, I'll verify with the capture type ether-type arp, anyway can I solve the issue with the arp...

r.spiandorello commented on ASA 8.4 NAT static and dynamic with the same public IP in Firewalling 4 years ago

it's necessary to migrate from a check point solution that allows that.thanksSent from Cisco...

r.spiandorello commented on ASA ROMMON cmd ref in Firewalling 4 years ago

Please read my message

r.spiandorello commented on CSM 3.3.1 manual back-up in Security Management 4 years ago

All services are stopped and perl script retirns an error. Copy some dir ?thanksSent from Cisco...

r.spiandorello commented on Anyconnect 2.x, certificates and ACS 5.2 samples in AAA, Identity and NAC 5 years ago

In particular, I have a sample "ASA/PIX 8.x and VPN Client IPSec Authentication Using Digital...

r.spiandorello commented on Anyconnect 2.x, certificates and ACS 5.2 samples in AAA, Identity and NAC 5 years ago

Hi, the configuration needed of the ASA is a bit unclear because I need to use radius toward the...

r.spiandorello commented on Anyconnect 2.x, certificates and ACS 5.2 samples in AAA, Identity and NAC 5 years ago

Hi, I'm still looking for a samplethanksSent from Cisco Technical Support iPhone App

r.spiandorello commented on IOS zone-based firewall and syslog drop log level in Firewalling 5 years ago

Hi, I don't need to move the router syslog level, but the level of drop messages of IOS zone-based...

r.spiandorello commented on Anyconnect 2.x, certificates and ACS 5.2 samples in AAA, Identity and NAC 5 years ago

Hi Herbert, I want to use ACS 5.2, because I need to use ACS 5.2 as center of AAA for vpn remote-...

r.spiandorello commented on ACS 5.1 / ASA fallback to local AAA if user unknown in AAA, Identity and NAC 5 years ago

The sequence is really useful, but can I use an authorization policy for each identity store ?

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Yes, I confirm you there is no "Called-Station-ID" in cut-through, but why is so hard to find NAS-...

r.spiandorello commented on HTTP NONRESPONSIVE in ACS 5.2 in AAA, Identity and NAC 5 years ago

I had the same problem with 5.2 sp3.The only way to solve is to come back to ACS 5.2 sp2.rs

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Hi, I'm sorry but the firewall could receive a vpn request from inside, so Calling-Station-ID is...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Hi, do you have updates about the radius analysis ?thanksrs

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Hi, followibg the RADIUS and vpn ipsec client capture:following the RADIUS and anyconnect client...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Ok, thank you, it helps me in case of TACACS+ for cut through proxy, but now I'm more oriented on...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Ok thank you, I used the compund condition for IETF Radius selection, but where can I find the...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Hi, capturing RADIUS communication for http authentication, the first time I have found NAS-Port (...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

But also I see the following:AVP: l=6 t=NAS-Port-Type(61): Virtual(5)          Nas-Port-Type:...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

Yes sure, from a capture of radius request for vpn remote access, I've found the following:AVP:   l...

r.spiandorello commented on ASA 8.2 with ACS 5.2 and TACACS+ for device admin and Internet access in AAA, Identity and NAC 5 years ago

But for internet access autentication/authorization do you think it's better to move to radius ?...

r.spiandorello commented on AnyConnect without admin privileges in VPN 5 years ago

Hi, where can I find the requirements ?Is "pc admin priviledge" a requirement for the web...

r.spiandorello commented on ASA nat for vpn client to a single vlan in VPN 5 years ago

Hi, for that about security levels, do we need the same level ?Usually the outside is at a lower...

r.spiandorello commented on how to configure netflow on ASA with CSM in Security Management 5 years ago

Hi, in CSM 4.0 doc, it's still present the limit to the ASA 5580 platform.thanksrs

r.spiandorello commented on unique ASA IP peer for remote access from internal vlans in VPN 5 years ago

Ok, It's just a dns matter, vpn client utilize a name to reach the ASA vpn peer: - for outside, the...

r.spiandorello commented on DHCP-RELAY with interface dedicated servers in Firewalling 6 years ago

Thank you, but I need to associate a different dhcp server pool for each ASA vlan, through ASA dhcp...

Bio












r.spiandorello's Stats

Points0
Discussion started 142
Answers marked as Correct 0
Endorsed 0
Content Rated 16