Cisco IOS – Enrolling for Certificates with NDES
KB ID 0000948 Problem To get your Cisco Router or Switch to enroll, and obtain a certificate from a Windows Server running NDES, this is the procedure you need to follow. Solution When dealing with certificates, it’s important that your device is maintaining the correct time. You can set this manually, but I’d recommend setting up NTP. Setting IOS Time (Manually and via NTP) 1. Choose either of the options below, (as...
Sync Microsoft Domain Time To A Cisco NTP Device
KB ID 0001038 Problem I’ve been posting domain time articles for a long time, and on more than one occasion I’ve really needed to take my Windows time from a Cisco Device and failed miserably. I’ve even used third party NTP software to solve this problem on my own test network. On a client network, my colleague deployed ACS5 this week, I secured the ASA5585-X for AAA and it failed authentication. Logging revealed a...
Cisco ISE NFR Appliance Setup
KB ID 0001066 Problem The Cisco ISE NFR appliance is for demos and test bench use, I’m currently building a test lab for ISE so I spun a copy up. I looked at the associated ReadMe.pdf for instructions on the basic setup, and found a hyper-link to the instructions, that didn’t work! bah. Solution The appliance comes as an OVA file for importation into vSphere/ESX, I’m assuming you have already imported the appliance....
Set Cisco ASA for Kerberos Authentication
KB ID 0000039 Problem You want to set up a Cisco ASA to authenticate users (VPN access for example). Solution Kerberos can only be used as an authentication protocol on the ASA, so its fine for allowing VPN connections but not for assigning policies etc. To work both the ASA and the domain need to be showing accurate time. Step 1: Set the ASA to get time from an External NTP Server 1. Log onto the ASA > Go to “Enable...
Cisco ASA – Configuring for NTP
KB ID 0000608 Problem With NTP, there will be two things you want to do, 1) Allow a device behind the ASA to take its time from a public NTP server, and 2) Set the ASA to take its system time from a public NTP sever (for accurate date stanps on the logs, and for time critical things like Kerberos authentication.) Solution Allow internal host(s) to get system time though the firewall. 1. Connect to the ASA, go to “enable...