Activity in Security
How to combine multiple ikev2 proposal in to single policy
Hi Team,Our Router having many ikev2 proposal, as per TAC suggestion we need to combine in to single policy. Please let me know for this activity any down time needed ?
Problems with SNMP on the ASA 5555-X
Hello everyone,I have a CISCO ASA 5555-X configured in multi-context mode and I want to monitor it via SNMP.However, I can't find the MIB files for this device.How can I get them?I don't have access to ftp://ftp.cisco.com/pub/mibs/supportlists/asa/as...
FTD's - Firepower dropping HTTPS traffic using TLS 1.3 Hybridized Kybe
HelloWe have a lot of clients getting the following error when contacting diffrent sites: ERR_SSL_PROTOCOL_ERROR, we have read that SonicWall and Palo Alto also have these problemes. Solution is to turn off "TLS 1.3 Hybridized Kyber Support" in chro...
Brute force attacks towards ASA
Hi! The last weeks it has been a big increase of brute force attempts from all over the world to our Cisco ASAs. We use two factors, so we're not to afraid that they will actually access any of our accounts, but the problem is that they manage to blo...
802.1x Cert Auth - What does the PSN Do with the Client Cert?
Please see the attached file. When a Windows client connects to the network and its supplicant is configured to send the computer certificate, what exactly is the PSN doing with this certificate? In the attached i have a use of Lab_dot1x_Certs (See...
Cisco Secure Client CVE-2024-20337
Following upgrading to upgrading to 5.1.2.42 to fix the vulnerability CVE-2024-20337Within Microsoft Defender this is still flagged as vulnerability for the CVEIt appears to refer to a component of the install:C:\Program Files (x86)\Cisco\Cisco Secur...
ise appliance migration from 35xx to 37xx
Hai All can any one please give best practices for below deployment customer has Cisco ISE 3515 running on 2.7 which is EOL/EOS we Proposed new 3715 model. For configuration migration suggestions.
Allowing Signal Desktop App through Cisco WSA proxy
Hello everyone,I have a Cisco Secure Web Appliance S300V for my company's proxy server. We have been recently directed to utilize the Signal Desktop App for communication and unfortunately I have run into every issue while getting this to work. The Q...
CVE-ID:- -2023-20269 to mitigate this vulnerability
As per the CVE, the detailed information is available in the advisory : Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerabilityhttps://sec.cloudapps.cisco.com/security/cente...
FMC IP fragmentation to no fragmentation settings can couse outage?
Hello everyone, I have the following issue:The customer would like to disable FMC packet fragmentation globally. According to the Cisco documentation it is quite straightforward.Source chapter: Fragment SettingsCisco Secure Firewall Management Center...
Lock AnyConnect profile to specific certificate
I have multiple AnyConnect connection profiles for various remote users that provide access to different internal networks. The authentication method needs to be certificate only, but there doesn't seem to be a way to prevent an issued certificate ho...
Create Python Script for Rest API Calls to FDM
The Cisco Document Team has posted an article. This document describes an example of using Python to make Rest API calls. Know of something that needs documenting? Share a new document request to doc-ic-feedback@cisco.com Y...
How to delete a previous joined ise node from Cisco ISE Node?
I did join ise1 as a join point on Cisco ISE GUI, and then deleted it, but now I want to rejoin it, but an error message showed up telling me that : "Resource with this name is already configured in DataBase."======> How to definitly delete it ? and...
Site-to-site vpn failover causing memory spike in spoke sites
Hi All. I would like to get your thoughts on the following issue i have been facing since implementing Dual ISP and failover for site-to-site vpn tunnels.Hub Site:ASA5515 using 9.6(4)42Spoke sites:Cisco ISRs using 15.1(4)M8, using voip services over ...
Resolved! No SSL trust-points configured
Working on VPN and we are getting errors stating no TP found. Did a sh ssl/ sh run ssl and got weird information back but need help with understanding TP's
| User | Helpful Count |
|---|---|
| 52 | |
| 47 | |
| 36 | |
| 25 | |
| 22 |
