Recent content by danr19

Hi, I have been testing ASA 5510 8.0.4 with a Windows Server 2003 AD + LDAP as an AAA server. Users can change passwords from Cisco VPN Client, applying a Windows GPO Password Policy. It works (length, complexity, expiration). However, when a user needs to change the password, either when it...

Hi, I asked CA for assistance and sent them logs. According to CA Support, it was a Microsoft issue with VSS Writers. There are a couple of Microsoft links to work around: http://support.microsoft.com/kb/940032/ http://technet.microsoft.com/en-us/library/cc734401.aspx After reading them, I...

KRS56, Same happens to me! Only in one server of six from time to time. I haven't found any further information at CA's portal yet. I really appreciate some help! Regards, danr19

Tomcat service doesn't start with memory parameters beyond 1536 MB. The error given in the log is the following: SEVERE: Servlet.service() for servlet invoker threw exception javax.servlet.ServletException: java.lang.OutOfMemoryError: Java heap space It's a Tomcat 5.5.12 with JRE 1.5.07...

Hi, I have a Windows NT 4.0 network with one PDC and 3 BDC distributed in many Wan sites. Day by day I've been joining more Windows XP Professional workstation and they share the same domain workgroup with servers. I don't want to create a new domain for these workstations and do a trust...

Dear Parcival21, I've read about it, but I'm looking for something simpler for many reasons. I want to do L2 security at the main office and branches, most of them with a few PCs and a satelital link. Besides, 70% of the PCs have still Windows 98, so I should install them an 802.1X client...

Dear Lui3, I just wanted to limit access at port level. My idea is to stop or block any port of that switch when somebody wants to connect there an unknown or unauthorizated PC. I should do it in that way because I have remote branches with one switch, no VLAN or L3 security, so I can't deploy...

Hi, It is possible to create a Mac address access list on Cisco Switches? I have 29XX, 35XX, 2950 and 3550 models in my job. I´ve tried to do it with Port Security. It works fine but it´s a mess administrate that. I think it´s good when you don´t have to move equipment but it´s complicated when...

Dear Bigmac, I think you should write: conduit permit udp host xxx.xxx.xxx.xxx eq isakmp any conduit permit ip host xxx.xxx.xxx.xxx range 50 51 any Because IPSEC uses IP ports 50 and 51. Regards, danr19

Hi, Does anybody know any Tacacs+ free software for Windows? Thanks in advance, danr19

Hi, You can monitor the traffic with PDM (version 3.01 is pretty good) and you can get the latest events. PDM has many graphic monitors that could help you. Besides, you should capture logs to a syslog server and then analyze them.

Hi, Thanks for your advice, it has solved my problem and you has won a star. I didn't have to open UDP 500 and IP 50. I think perhaps I'm using traversal-nat. After I've read your message, I've found a thread about ACL with VPN started on September 29th (multiple access lists per VPN). It was...

Hi, Does anybody know how to configure the PIX to limit some ports to the users connected through the VPN with Cisco VPN Client? Regards, danr19

Hi, PIX has an anti-spoofing feature, try those commands: ip verify reverse-path interface outside ip verify reverse-path interface inside Best regards, danr19

Hi Leo, Which kind of device does NAT? With some broadband routers like USRobotics and Linksys it works fine, but no with other like Micronet. Cisco says: "We recommend that you grant permission for ICMP unreachable message type 3. Denying ICMP unreachable messages disables ICMP Path MTU...