[c-nsp] VPN3000 intermittent GUI login problem & hardening -2nd pose

[Cis Ckp]

Hi
 
Just to add :
I've just checked a while ago & looks like this problem
of "invalid login" at the http GUI login is still there - so
looks like it may need a reboot.
 
I've attached the savelogs here - apologies if this is not
appropriate.
 
Thanks
Ckp

Cis Ckp <cisckp8 at yahoo.com.sg> wrote:
Hi,

I recently took over the support of one VPN 3000 & was tasked to
harden it like : 
- use TACACS for login authentication
- insert login banner
- recovery password with "service password-encryption"

I'm not sure if all these requests from our security can be
supported on VPN3000 - can someone give input & provide
a url to harden it?


Secondly, I kept getting intermittent login problem (which
sometimes go away by itself & I heard from my predecessor
that sometimes it needs reboot). The message is :

Invalid Login or Session Timeout
VPN 3000 Concentrator
Login: admin
Password: xxxxxxxxxx

Copyright &#8976; 1998-2004 Cisco Systems, Inc.

I found that when this problem happens, the VPN clients
can still login while I can still login thru the console, only
the http/https web interface (via public interface) gave the
above login error. We thought it's a bug with the VPN
software so we upgraded using vpn3000-4.1.7.F-k9.bin
image (was 4.0.1x-k9 previously but this problem
still persists; cant remember what's "x")

If you need the savelog, I can email it to you but I cant
seem to find anything. As I'm new to this, I still havent
track down to which syslog server this box logs to.


Thanks for any help




Send instant messages to your online friends http://asia.messenger.yahoo.com 
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


		
---------------------------------
Meet your soulmate!
 Yahoo! Asia presents Meetic - where millions of singles gather