Recent content by stooo

Hi, That is what IAS does (or NPS in 2008), but I thought you could authenticate directly against a domain contorller?

I dont have a radius server, I have an ASA, and a load of windows servers, including a domain controller

Was hoping to do it with LDAP, but can look into using IAS if it need to be radius

Hi, I would like to allow different AD users access to different internal resources based on the AD group they are in e.g. Users in the Admin group get full access, users in another group get access to 1 particular server. Does anyone have some sample config or a guide on how to do this...

Hi I have an pair of ASAs that learn a route on an internal interface through ospf. in the event of that network not being available, ospf looses the route, and the traffic should be sent out via an IPSEC tunnel (using default gateway). The issue I have is there is a static used to pass...

Hi, I have a client who wants to run TDE on their SQL 2008 Enterprise Server. I am concerned that when we backup the database, the certificate etc will be backed up with the master db, along with the encrypted database, so basically we backup the encrypted db along with the key needed to...

ah, thats exactly what I need. thanks

Sorry, you've confused me. I only have 1 ASA, I would like that ASA to have 2 outside interfaces, and 2 inside interfaces

Is it possible to configure 2 outside and inside interfaces to allow some switch resiliency on an ASA? My server behind it has NIC teaming, and it connected up to 2 2960 switches, would be good if the ASA could also connect to both. The ASA also hangs behind another pair of 2960s uplinking to...

Thanks Supergrrover is correct, the plan is to allow a user at home on a dynamic ip, access to the remote server behind the pix. I guess I'll overcome it with a vpn client. Cheers Stu

Is it possible for me to create an access list dependant on a dynamic ip? For example access-list outside_access_in extended permit tcp stooo.dyndns.org host 1.1.1.1 eq 3389 or if there is some other way of achieving this? Thanks

that would stop the tunnel coming up at all as the other side is sending the 192.168.17.0/24 network

Am on a pix running 7.1(2) I have a VPN setup, which is using NAT due to overlapping domains, and customer wanting to keep traffic to servers public IP out of the VPN Server is 192.168.1.2 with a public nat of x.x.170.193 and a vpn NAT of 192.168.17.2 Remote side is 192.168.254.253 I have...

Thanks, I can do debug crypto ipsec, without the SA, and have it set to level 7.. not sure what the levels mean? This only shows me the details if the proposals are accepted. I get Received non-routine Notify message: Invalid ID info (18) in my logs, and wanted to see what I am being sent...

we back up our extreme configs to a standard tftp server using upload configuration tftpserver-ip filename every 4:00 uploads the config at 4am every morning and the tftp server deals with archiving it etc. Stu