转到正文

天亮了说晚安's Blog

欢迎您的光临! http://www.tllswa.com

存档

分类: 路由器

本文转自:https://blog.51cto.com/cisco130/1228744 在2块HWIC-4ESW之间,一定要用一根网线连接起来,否则,VLAN无法使用,切记! 这次在一台路由器上配备了两块HWIC-4ESW,开始时没有注意,根本没法用这两块以太网交换模块,搞得自己很紧张,以为碰到不良总代,出了O货,后来到官网上查了一下,原来还有这么一说,算是思科的一个小小硬伤吧,为什么不在机框总线里把这个问题处理好,却一定要在外面飞线呢? 看来思科每次在嘲笑华为时,应该摸下自己的脸是否有点红了。 思科官方的文档:Configuring StackingStacking is the connection of two switch modules resident in the same chassis so that they behave as a single switch. When a chassis is populated with two switch modules, the user must configure both of them to operate in stacked mode. This is done by selecting one port from each switch module and configuring it to be a stacking partner. The user must then connect with a cable the stacking partners from each switch module to physically stack the switch modules. Any one port in a switch module can be d......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-troubleshooting.html Chapter: Clientless SSL VPN Troubleshooting Chapter Contents Recover from Hosts File Errors When Using Application AccessWebVPN Conditional DebuggingCapture DataProtect Clientless SSL VPN Session Cookies Recover from Hosts File Errors When Using Application Access To prevent hosts file errors that can interfere with Application Access, close the Application Access window properly when you finish using Application Access. To do so, click the close icon. When Application Access terminates abnormally, the hosts file remains in a Clientless SSL VPN-customized state. Clientless SSL VPN checks the state the next time you start Application Access by searching for a hosts.webvpn file. If it finds one, a Backup HOSTS File Found error message appears, and Application Access is temporarily switched off. If Application Acces......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-customizing.html Chapter: Customizing Clientless SSL VPN Chapter Contents Clientless SSL VPN End User SetupCustomize Bookmark Help Clientless SSL VPN End User Setup This section is for the system administrator who sets up Clientless SSL VPN for end users. It describes how to customize the end-user interface and summarizes configuration requirements and tasks for a remote system. It specifies information to communicate to users to get them started using Clientless SSL VPN. Define the End User InterfaceCustomize Clientless SSL VPN PagesInformation About CustomizationExport a Customization TemplateEdit the Customization TemplateImport a Customization ObjectApply Customizations to Connection Profiles, Group Policies, and UsersLogin Screen Advanced CustomizationModify Your HTML File Define the End User Interface The Clientless SSL VPN end user interface c......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-mobile-devices.html Chapter: Clientless SSL VPN with Mobile Devices Chapter Contents Use Clientless SSL VPN with Mobile Devices Use Clientless SSL VPN with Mobile Devices You can access Clientless SSL VPN from your Pocket PC or other certified mobile device. Neither the ASA administrator nor the Clientless SSL VPN user need do anything special to use Clientless SSL VPN with a certified mobile device. Cisco has certified the following mobile device platforms: HP iPaq H4150Pocket PC 2003Windows CE 4.20.0, build 14053Pocket Internet Explorer (PIE)ROM version 1.10.03ENGROM Date: 7/16/2004 Some differences in the mobile device version of Clientless SSL VPN exist: A banner Web page replaces the popup Clientless SSL VPN window.An icon bar replaces the standard Clientless SSL VPN floating toolbar. This bar displays the Go, Home and Logout buttons.The Show......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-users.html Chapter: Clientless SSL VPN Users Chapter Contents Manage PasswordsUse Single Sign-On with Clientless SSL VPNUsername and Password RequirementsCommunicate Security TipsConfigure Remote Systems to Use Clientless SSL VPN Features Manage Passwords Optionally, you can configure the ASA to warn end users when their passwords are about to expire. The ASA supports password management for the RADIUS and LDAP protocols. It supports the “password-expire-in-days” option for LDAP only. You can configure password management for IPsec remote access and SSL VPN tunnel-groups. When you configure password management, the ASA notifies the remote user at login that the user’s current password is about to expire or has expired. The ASA then offers the user the opportunity to change the password. If the current password has not yet expired, the us......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-remote-user-guide.html Chapter: Clientless SSL VPN Remote Users Chapter Contents This chapter summarizes configuration requirements and tasks for the user remote system. It also helps users get started with Clientless SSL VPN. It includes the following sections: NoteMake sure that the ASA has been configured for Clientless SSL VPN. Clientless SSL VPN Remote UsersUsernames and PasswordsCommunicate Security TipsConfigure Remote Systems to Use Clientless SSL VPN FeaturesCapture Clientless SSL VPN Data Clientless SSL VPN Remote Users This chapter summarizes configuration requirements and tasks for the user remote system. It also helps users get started with Clientless SSL VPN. It includes the following sections: NoteMake sure that the ASA has been configured for Clientless SSL VPN. Usernames and Passwords Depending on your network, during a remote ......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-policy-groups.html Chapter: Policy Groups Chapter Contents Create and Apply Clientless SSL VPN Policies for Accessing ResourcesConnection Profile Attributes for Clientless SSL VPNGroup Policy and User Attributes for Clientless SSL VPNSmart Tunnel AccessClientless SSL VPN Capture ToolConfigure Portal Access RulesOptimize Clientless SSL VPN Performance Create and Apply Clientless SSL VPN Policies for Accessing Resources Creating and applying policies for Clientless SSL VPN that govern access to resources at an internal server requires you to assign group policies. Assigning users to group policies simplifies the configuration by letting you apply policies to many users. You can use an internal authentication server on the ASA or an external RADIUS or LDAP server to assign users to group policies. See Chapter 4, “Connection Profiles, Group Policies......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-resources.html Chapter: Advanced Clientless SSL VPN Configuration Chapter Contents Microsoft Kerberos Constrained Delegation SolutionConfigure Application Profile Customization FrameworkEncodingUse Email over Clientless SSL VPN Microsoft Kerberos Constrained Delegation Solution Many organizations want to authenticate their Clientless VPN users and extend their authentication credentials seamlessly to web-based resources using authentication methods beyond what the ASA SSO feature can offer today. With the growing demand to authenticate remote access users with smart cards and One-time Passwords (OTPs), the SSO feature falls short in meeting that demand, because it forwards only conventional user credentials, such as static username and password, to clientless web-based resources when authentication is required. For example, neither certificate- n......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-gateway.html Chapter: Basic Clientless SSL VPN Configuration Chapter Contents Rewrite Each URLSwitch Off URL Entry on the Portal PageTrusted Certificate PoolsConfigure Browser Access to Plug-insConfigure Port ForwardingConfigure File AccessEnsure Clock Accuracy for SharePoint AccessVirtual Desktop Infrastructure (VDI)Use SSL to Access Internal ServersConfigure Browser Access to Client-Server Plug-ins Rewrite Each URL By default, the ASA allows all portal traffic to all Web resources (for example HTTPS, CIFS, RDP, and plug-ins). Clientless SSL VPN rewrites each URL to one that is meaningful only to the ASA. The user cannot use this URL to confirm that they are connected to the website they requested. To avoid placing users at risk from phishing websites, assign a Web ACL to the policies configured for clientless access—group policies, dynamic access......Read More

本文转自:https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-overview.html Chapter: Clientless SSL VPN Overview Chapter Contents Introduction to Clientless SSL VPNPrerequisites for Clientless SSL VPNGuidelines and Limitations for Clientless SSL VPNLicensing for Clientless SSL VPN Introduction to Clientless SSL VPN Clientless SSL VPN enables end users to securely access resources on the corporate network from anywhere using an SSL-enabled Web browser. The user first authenticates with a Clientless SSL VPN gateway, which then allows the user to access pre-configured network resources. NoteSecurity contexts (also called firewall multimode) and Active/Active stateful failover are not supported when Clientless SSL VPN is enabled. Clientless SSL VPN creates a secure, remote-access VPN tunnel to an ASA using a web browser without requiring a software or hardware client. It provides secure and easy access to a broad rang......Read More

备案信息