Activity in Security
Allow ISE captive portal DNS entry on outside DNS.
Hello,We are having ISE for EAP/TACACS authentication and, hosted internally in our datacenter.Now we have configured BYOD captive portal that tied to AZURE SAML authentication, the current captive portal redirect URL from ISE has prepended the node ...
Site-to-Site IPSec with VTI - Initial delay up to 60 seconds
Hello,I have an IKEv2 Site-to-Site IPSec tunnel (VTI with static routing) between ASA firewall and 2 stateless HA routers configured with HSRP (IPSec end point is HSRP VIP hosted on the HSRP active router).Despite the fact it is not stateful (not sup...
Secure Client 5.1.1.42 with NAM and tethering to iPhone iOS 17.2.1
We have tried upgrading from Cisco AnyConnect 4.10.07073 to Secure Client 5.1.1.42 with NAM connecting to wired and wireless networks.After the upgrade NAM fails to acquire the IP address from the phone.Connecting to enterprise EAP SSIDs and other us...
AnyConnect Speed Issues
Hello,FTD's 2110 at 7.3.1.1.I have two datacenters running that code on 2110s. They have the same configuration for the most part and the same size fiber internet 500 Mbps circuit. Coming in on VPN1, running a speed test from my home connection is ab...
Posture Logs
Hello,In the AnyConnect client under the "Scan Summary" tab, it shows the names of the posture checks as they are defined in ISE. Is there a log on the workstation that will actually show WHAT those items in the Scan Summary are actually looking at?
Problems with SNMP on the ASA 5555-X
Hello everyone,I have a CISCO ASA 5555-X configured in multi-context mode and I want to monitor it via SNMP.However, I can't find the MIB files for this device.How can I get them?I don't have access to ftp://ftp.cisco.com/pub/mibs/supportlists/asa/as...
Installing Secure Client (5.x) AND Any Connect (4.x) on 1 computer
I have a weird situation I need to connect to two sepaate VPN (not at the same time).One of these requires Cisco Secure Client 5.x the second works with Any Connect 4.x.I have Cisco Secure Client 5.x installed, if i try connecting to the VPN that use...
anyconnect WSL 2 - Windows Substem for Linux
After starting anyconnect I find network connectivity stops working under WSL2 (Windows Substem for Linux)the fix seems to be: Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 400...
VPN Troubleshooting
Hello, as part of my preparation for CCNA Security I've been making up my own topologies and configuring them, however, I need a little help with this one. In the topology (included .pka), I configured VLANs, Port Security, OSPF, OSPF Authentication ...
Resolved! ISE 3.2 dot1x authentication with Intune issued certificates
Hi, Requirement is to enable dot1x wired authentication/authorization for Intune registered devices. There is only Azure AD and Intune. There is NO On premise component (no on premise/traditional AD, or ADCS) According to the following link, we need ...
Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0
The configuration below is an IBNS2.0-based config that puts all access-mode switch interfaces into an authorized state, with no MAB or 802.1x needed, to pull device-sensor information and ship it to ISE for profiling unintrusively. It is a nice...
Disable SIP ALG on Firepower 1010 by Web or Telenet
Hey allI have a Firepower 1010, I need to disable the SIP ALG on it, I have access to the Web Client and Telenet access to make changes, can someone give me an easy way to make these changes, I don't have the ASA Software that could access with.
[EDIT] How to retrieve the portal ID of a guest account?
We have two ISE ecosystems different and isolated (2.7 and 3.2)I must migrate guest accounts from one system to the other one.On 2.7 we have two sponsorportals and so it is on 3.2.I managed to retrieve captive portal users through a python script of ...
Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0
The configuration below is an IBNS2.0-based config that puts all access-mode switch interfaces into an authorized state, with no MAB or 802.1x needed, to pull device-sensor information and ship it to ISE for profiling unintrusively. It is a nice opti...
Resolved! need to block exe file
Hi All, Need to block below exe file path on server. Can anyone help me how can i do this in Cisco secure endpoint console. c:\program files\uvnc bvba\UltraVNC\winvnc.exe
| User | Helpful Count |
|---|---|
| 44 | |
| 43 | |
| 33 | |
| 23 | |
| 18 |
