Retiring of a signature is done by Cisco when the signature is no longer needed (generally the vulnerability is fairly old, the majority of systems have been upgraded to newer versions, and the attack is rarely if ever being seen on the Internet anymore). One of the main reason for doing this is that retired signatures will not use CPU cycles. Retiring a signature will force … [Read more...]

In order to configure a client machine to detect when the vlan changes you must define the appropriate registry keys on the client. The following required DWORD registry keys are all located in the same HKEY_LOCAL_MACHINE\Software\Cisco\Clean Access Agent\ registry location. RetryDetection 5 PingArp 0 VlanDetectInterval 5 You'll need to make these changes is you're in an OOB … [Read more...]

So you have a small remote office and want to permit SSH to the outside interface of the 871s. SDM does not seem to permit this. What you must is within the Zone Based Policy Firewall (at the CLI) to permit SSH is allow SSH from the outside zone to the self zone. … [Read more...]

To show active VPN then use Phase1: sh crypto isakmp sa Phase2: sh crypto ipsec sa To reset a VPN then use clear crypto isakmp sa or clear crypto isakmp sa 1.1.1.1 where 1.1.1.1 is the remote peer … [Read more...]

I've recently used CTA 2.1 with the 802.1x supplement, first the machine would authenticate upon boot up and then when the user logged in they would be re-authenticated and any particular user settings would be applied. This was all evident in the ACS logs.  However it seems when using native 802.1x on an XP machine with no CTA, first the machine authenticates but when the … [Read more...]