Last week I completed the ASA configuration of one of our client. I completed the ASa configuration with Identity firewall, IPSEC VPN, SSL VPN, ACLs and CSC SSM.All the configuration worked just fine except CSC. The CSC was configured but it was hanging again and again. Raised the TAC with Cisco. 2 times but the issue did not got resolved. We (me along with cisco TAC) updated the CSC with the latest version i.e. 6.1125.0, reimaged the CSC but the issue was just there. But the funny thing was that the issue was not related to the CSC SSM. The customer had already allocated the IP address of the CSC SSM to one storage controller and he had given me the same IP address
for allocation of the CSC SSM.



I just did as the customer has given me the address I had not verified it. Because of this the ARP entries were getting mismatched and the whole Internet trafic was coming to standstill.We could not verify the duplicate IP address as the CSC was not giving any logs related to the same. And the more funny part was that I foudn it luckily. When I restarted the CSC, I kept the ping to the CSC in other window.When it restarted, the request time out error not appeared. So I did arp check and then I found that the client machine is resolving the arp entry to storage controller and not the CSC SSM. So I notified this to the customer and after changing the IP address of the controller the CSC SSM started flying like a plane. Whoa. What a problem an and what
a solution!!!

Other categories

Cisco Jokes Photos Tutorials Voip Goa


Bookmark this on Delicious

Home

Identity Firewall Step by Step Configuration on ASA 5510



Steps to be carried out on the ASA 5500
aaa-server domainRAD protocol radius (Here we will create a Radius Group which will act as ad-agent mode- domain is given as reference, you can give any name here)
ad-agent-mode
aaa-server domainRAD (IN10) host 10.0.0.21 (Here the IP address of the ADagent has to be given where Adagent is installed)
key ***** (the same key has to be given which is given on the ADagent server)
aaa-server domainAD protocol ldap (Here we will create ldap group-domain is given as a reference and you can give any name like "organizationAD")
aaa-server domainAD (IN10) host 10.0.0.21 (The same Ip address has to be given here of the ADagent)
server-port 389 (port is defined as 389 which is the default port)
ldap-base-dn DC=WHALE,DC=COM (where WHALE is a domain name used in your network)
ldap-scope subtree
ldap-login-password ***** (Enter the administrator password)
ldap-login-dn whale\administrator (the administrator username has to be given or any username with administrative priviliges,one thing I noticed that if you gie only username then groups does not get imported and the authentication also does not get successful
server-type microsoft (define the server type as microsoft)
user-identity domain whale aaa-server domainAD (the domain netbios name has to be mentioned here and we have to give the AD agent group name which we have created earlier
user-identity default-domain whale (the netbios name has to be given)
user-identity ad-agent aaa-server domainRAD (Here we are giving the radius group for the authentication)

This completes the configuration on the ASA and we have to give the commands on Windows agent server.

The adagent software you have to get from the cisco site only and the CCO login is required for the same.The procedure for ADagent is given on this URL.

https://supportforums.cisco.com/docs/DOC-20366

Some test commands to test your configuration
show user-identity user all list
show user-identity user active user domain\user-name list detail
test aaa-server ad-agent adagent


Other categories

Cisco Jokes Photos Tutorials Voip Goa


Bookmark this on Delicious

Home

Kleekbots- Control Lego Mindstorms through PC or Smartphones
You can control Lego Mindstorm Robots through PC or via smartphones like iphone and android phones. The kleekbots site provide necessary steps and software to control the mindstorms.






Other categories

Cisco Jokes Photos Tutorials Voip Goa


Bookmark this on Delicious

Home