Wednesday, July 28, 2010

Single Sign on with Cisco SSL VPN and Sharepoint

We just deployed sharepoint at my job and I was looking for a way to have a single sign on with our ssl vpn using our Cisco ASA and Sharepoint. I was looking at cisco forums and couldn't get any answer. After playing around with the ASA settings 4 hours later, I was able to make it work and it was so simple to do. Make sure that you are using the same authentication you are using with SSL VPN and Sharepoint. Our VPN SSL is setup using LDAP or NTDomain authentication. With SSO enable, it will pass the credential you use to log in to SSL VPN to Sharepoint.

First you have to enable single sign by going in to

Configuration->Clientless SSL VPN Access->Group Policy choose the policy you want to enable single sign on click edit-> more options -> single sign on and click add
Auhtentication Type=Basic,NTLM, and FTP click OK.

Then go to Configuration->Clientless SSL VPN Access->Portal Customization If you don't have a customize page yet click add and name it SharepointSSO you can name it anything you want then click Edit, another browser will open up.

Under Portal on the left side disable everything in title panel, toolbar, navigation panel, application. Under Homepage choose
Mode=Custom Intranet Web Page
Custom Intranet Web Page URL=http://sharepointserver/_layouts/Authenticate.aspx (The site that let the users authenticate)
URL List Mode= No Group.

Save the custom page and login to your SSL VPN. You should automatically log in to sharepoint.

There are other ways to accomplish this but this is the simplest way so far. There is also a post plugin that you can download and use but I couldn't get it to work at the time I was doing this. Please let me know if you tried the same settings I did and how it work for you.

This settings also works with Citrix Web Interface as long as the client detection feature is NOT enabled.

Wednesday, April 21, 2010

McAfee false positive detection of w32/wecorl.a when using 5958 DAT file

McAfee has identified an issue where a specific DAT file version is causing a false positive detection of the w32/wecorl.a virus. When this false positive occurs, Svchost.exe is blocked and quarantined, which will cause the machine in question to shut down with a DCOM error, and can in some circumstances cause a blue-screen. This issue appears to only occur on Windows XP SP3 clients.

This issue is known to occur with version 5958 of the McAfee DAT file, released on April 21, 2010. McAfee has released an EXTRA.DAT file to suppress this false detection. After installing the EXTRA.DAT, you can restore the effected file from Quarantine within McAfee. To restore a file from Quarantine, please carry out the following steps:

1. Open the VirusScan Console.
2. Double-click Quarantine Manager Policy.
3. Click the Manager tab.
4. Right-click the required item and select Restore.

For more information, please refer to the following McAfee articles:

Wednesday, April 7, 2010

Cheap free internet hotspot gateway

I was given a task by our upper management to setup a free wireless access on our remote locations. I have been searching for an appliance or software that can provide a splash screen for end users to see to agree on the Terms of Use. I first look at nomadix which I know is popular but very expensive. I also tested the zone cd which was very easy to set up but there was a recurring cost. So I went ahead and tested antamedia hotspot software which really work well and very easy to configure even the splash screen was easy to customized. The caveat to this is that you still need a PC with dual NICs for it to work and it will cost you around $400 just for the software not including the PC. I was determine to get this software but when we were ready to get it, we had issues paying for it because we only do purchse orders not credit cards plus the company is not in the United States. It was a blessing in disguise that this company that I called before ( finally got back to me and told me that a new box just came in. I went ahead and ordered it and when I got the boxes it literraly took me less than 15 minutes to set it up with terms and conditions with customized splash screen. The box looks like a small router that runs on unix. The best part, It only cost us $190.00 per box without the need of another PC. For more info about the hotspot gateway from GIS follow the link below.

This is where I got it from

Thursday, February 18, 2010

Nexus 7018 Cable Management Part 2

Below is the final outcome of our cable management to the Nexus.

We ran all the cables on the left side so that we don't cover the air flow of the Nexus switch.

Nexus 7018 Cable Management Part 1

I promised that I will post some pictures as soon as we are done running the cables to the Nexus. We have 10 N7K-M148GT-11 module cards. We decided to have racks on two separate aisles in our data center and both going to Nexus. On the left picture, we ran the cables underneath the floor going from Nexus to the 1st rack.

Below are the final cable runs underneath our data center.
Below is the 1st rack we finished where all the servers will be connected. All the cables on the 1st rack goes underneath the floor.

The 2nd rack below is next to the Panduit rack and we ran all the cables on top.

Wednesday, February 3, 2010

Cisco VPN Client support for 64bit OS

Finally Cisco is doing something with this. As of February 18, 2010, Cisco published a VPN IPsec client beta support for Win-7 and Vista 64-bit.

Key Capabilities available for Beta Testing:
New Platform support – Windows 7 & Windows Vista 64-bit platform compatibility
Software Access: (under 5.BETA)

Software is available for download by any customer with a SMARTnet™ enabled login.
Please have customers communicate feedback (both positive and problems) to

Original post below:

Almost everyday we are getting calls from our remote users that they bought a new 64bit computer and they cannot work remotely because the Cisco VPN client does not support 64bit OS. It seems like Cisco has no plans on creating a VPN Client for 64 bit OS's. You can try to have Cisco change their hearts by opening up a TAC case. Request for them to create a VPN IPsec client support for 64bit. Also refer to BUG ID# CSCsb35984.

Cisco Support number 1 800 553 2447

You can also use a third party VPN Client that supports 64bit OS and it works with cisco.