ACS AD Integration and Management

After installing the iso onto a VM or booting the appliance with the basic network configuration, follow the below steps to integrate into Active Directory Joining ACS to Active Directory >> Users and Identity Stores >> External Identity Stores >> Active Directory >> General Tab Select ACS

Read more

Configuring ACS for TACACS+ via AD User Groups

This is assuming that ACS has already been configured for authentication via Active Directory Creating a Shell Profile >> Policy Elements >> Authorization and Permissions >> Device Administration >> Shell Profile Click on Create Under General Tab Enter name and Description Under Common Tasks Tab Default Priviledge

Read more

200-101 Exam Topics

The following topics are general guidelines for the content likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines

Read more

Cisco WSA issue joining MSA

Sometimes you may have to swap a WSA out whether its due to RMA or you have rebuilt it. This Error is on the MSA or Management Appliance. Error — The host key for 10.a.b.111 appears to have changed. It is possible that someone is trying to

Read more

Trubleshooting Cisco ACS Application

Show the version of ACS show application version acs Show ACS status show application status acs ACS role: PRIMARY Process ‘database’ running Process ‘management’ running Process ‘runtime’ running Process ‘adclient’ running Process ‘ntpd’ running Process ‘view-database’ running Process ‘view-jobmanager’ running Process ‘view-alertmanager’ running Process ‘view-collector’ running Process

Read more

Basic Cisco ACS Network Configuration

Below is the show running configuration for Cisco ACS and can be changed using the familiar Cisco router configuration commands. hostname HOME-LAB-ACS001 ! ip domain-name homelab.local ! ipv6 enable ! tcp timeout 60 no tcp recycle enable no tcp reuse enable ! interface GigabitEthernet 0 ip address

Read more

Verifying Cisco IOS Image

Follow the below steps to verify the integrity of the IOS software on Cisco IOS routers. Confirm the current IOS image the router is using to boot. router#show version <omited> System image file is “flash0:c3900-universalk9-mz.SPA.153-2.T.bin” <omited> Log into Cisco website and find the IOS image. Mouse over

Read more

DMVPN – Migrating encryption from 3DES to AES 256

Follow steps to migrate from 2DES to AES 256 Create keyring normally Create an ISAKMP policy for AES 256 Create an ISAKMP policy for 3DES (or vise versa) Create ISAKMP profile with matching keyring and identity address Create Transform-set for 3DES Create Transform-set for AES 256(or vise

Read more

DMVPN – Issue with Tunnel database

If you using multiple IPSec profiles, you may run into multiple issues. Changing tunnel protection without rebooting: Follow sequence interface tunnel 20 shut exit ! interface tunnel 20 no tunnel protection ipsec profile DMVPN_IPS shared exit ! interface tunnel 20 no shut ! end Showing ISAKMP SA

Read more

Resolve WSA blocking Windows and Adobe Updates

After deploying our Cisco WSA – IronPort, Wwindows and Adobe updates and were prevented. This include the ability for Windows to retrieve print drivers from Microsoft. This is primarily because we require authentication for all users accessing the internet. I added the following URLs to a white

Read more