Home > Blog

Blog

The contents of the blog posts below are for informational purposes only and as such are not open for comments or discussions. Please check the date of the post for the relevance of the information. Please read our Terms & Conditions before proceeding.

RSA AM7.1 – 90 days since last login report

This applies to RSA Authentication Manager 7.1 There is no canned report that will show users who haven’t logged in during the past 90 days, but with some modification it can be done. Method 1 – Using the GUI First go to Reporting > Reports > Add New Select the template ”Users with days since [...]
14 September 2011
Read More ...

Cisco – Limit output of debug ip command

The best way to limit the output of debug ip packet is to create an access-list that is linked to the debug. Only packets that match the access-list criteria will be subject to debug ip packet. This access-list does not need to be applied on any interface because it’s applied to the debug process. Before [...]
15 September 2009
Read More ...

Cisco – GRE Tunnel Keepalives

The GRE Tunnel Keepalives implemnetation is quite ingenious. The router sending the keepalive packet sends a GRE packet that would be sent back to it from the remote router. It’s effectively building its own GRE Reply. It sets the GRE protocol type to zero to indicate it’s a keepalive packet and sends the packet through [...]
08 September 2009
Read More ...

Cisco – QoS pre-classify

Think about where the encryption is taking place. Once a packet is encrypted – the original IP/ethernet headers are no longer accessible – only the new header is. When you encrypt traffic at the tunnel – the tunnel virtual interface will have the QoS policy applied. The classification will occur on the header when it [...]
02 September 2009
Read More ...

RSA – Authentication Manager Backups

Backing up Internal Database Backup backs up the log files that are stored in the database: Administrative Audit Runtime Audit System Use the Operations Console to do manual or automated backups of the internal database. To do a command line backup ssh to appliance rsautil manage-backups –action export –filename –addTimestamp –user Note: You will be [...]
19 August 2009
Read More ...

RSA – Authentication Manager 7.1 SDK Example

The RSA Authentication Manager SDK provides sample vbs scripts that you can run directly against the sql database. Below are a couple of examples. Note: This script outputs the result in a csv file in the directory it was run from… In this example, we’re running a report of users who have not logged in [...]
09 August 2009
Read More ...

Citrix – Netscaler Packet Capture

Here is what we can do to troubleshoot the NetScaler. In this example, we’re trying to capture authentication from Citrix AG to RSA Authentication Manager. The two RSA servers below are configured as Radius servers in Citrix AG. Primary RSA Server: 192.168.1.10 Replica RSA Server: 192.168.2.10 Citrix AG (Netscaler): 192.168.10.20 Start a trace on the [...]
05 August 2009
Read More ...

RSA – Radius changes require manual replication

In RSA Authentication Manager 7.1, SDI does automatic replication so any changes you make are replicated to the replicas. However, Radius does not do automatic replication. Whenever you make a change, such as adding a Radius client or modifying a Radius profile, force replication by going to the Security Console and selecting Radius > Radius [...]
03 August 2009
Read More ...

Cisco – Configuring EZVPN with PKI along with DMVPN tidbits

These are not documented by Cisco: On CA router: Create a pki server Create a trustpoint to the CA; make sure you give it a different name than the pki server Authenticate to the CA Enroll to the CA On Client router: Create a trustpoint to the CA Authenticate to the CA Enroll to the [...]
28 July 2009
Read More ...

IPv6 – Considering IPv6?

If you’re planning to deploy IPv6 in your organization, you need to consider quite a few factors. Here are some questions to think about:   What is the absolute number of IPv4 addresses currently available?   Also in percentage   What is the absolute number of IPv4 addresses currently in use?   Also in percentage [...]
26 July 2009
Read More ...

RSA – Key notes on migrating from AM6.1 to AM7.1

These are high level key notes to be aware of and a general guideline if you’re considering migrating your Authentication Manager 6.1 to Authentication Manager 7.1. Radius and AM architecture in 6.1 remains the same as 7.1. So, AM user groups and radius profiles continue working the same as in 6.1. AM migration. Do a [...]
13 May 2009
Read More ...

Cisco – Scheduled reload

Using a scheduled reload when making configuration changes on a Cisco router can save you from losing connectivity to a production router, especially a remote one you can’t easily physically power off and power back on. It’s very handy when you’re making access list changes that might make you lose connectivity. Use it with the [...]
12 September 2008
Read More ...

Linux – Mount a usb flash disk

The basic commands are: mkdir /mnt/usb-drive mount /dev/sda1 /mnt/usb-drive Let’s do it step-by-step… Display USB buses in the system: linux:/home/ydemissie # lsusb   Bus 002 Device 003: ID 08ec:0010 M-Systems Flash Disk Pioneers DiskOnKey   Bus 002 Device 001: ID 0000:0000   Bus 001 Device 001: ID 0000:0000 linux:/home/ydemissie # linux:/home/ydemissie # cd Desktop/ linux:/home/ydemissie/Desktop # mkdir flash [...]
20 May 2008
Read More ...

CVS – moving CVS server from one machine to another

The data will by and large be okay. You’ll have to beware of any scripts you may have, and obviously you’ll have to set up a new server. If you’ve got shares, etc. visible, they’ll have to propagate, too. But overall, you can tar up the data and move it. If the machine name is [...]
14 March 2006
Read More ...

SSH – Cannot login with ssh key with blank password

If you run into the error “cannot login with ssh key with blank password“, do the following: Run server in debug mode to see what’s going on: sshd –ddd Note the following error (in bold below): debug3: mm_answer_keyallowed: key_from_blob: 1166e8 debug1: temporarily_use_uid: 101/95 (e=0) debug1: trying public key file /export/apps/rsync/.ssh/authorized_keys debug3: secure_filename: checking ‘/export/apps/rsync/.ssh’ debug3: [...]
23 February 2006
Read More ...

Copyright © 2012-2017 Yared Consulting Inc. All Rights Reserved. | Privacy Policy | Terms & Conditions