Hi All, We have WLC9800 and Cisco ISE 3.3 . We have setup Guest WIFI with CWA on ISE. there is DACL(on ISE) and REDIRECT ACL(One WLC and ISE) has on been configured. All work perfectly for Windows and Iphone users. But for android user, the redirec...
We have implemented 802.1x with machine certificate authentication.The certificate validation is via OCSP and the question is does Cisco ISE support connection to OSCP via a Web Proxy? The assumption is that the connection would be using the system p...
Cisco WLC 9800 is configured to broadcast a SSID alias as "Original_SSID", the WLC is configured with a ISE controller IP, but in the client computer we see the available SSID alias as "Other_SSID".We do not access to the ISE configuration, can the I...
Hello, we recently had our cert for our VPN expire without notification via alert message. I've done some research in the FMC but can't find anything that monitors certificate expiration dates. A google search points toward REST API's of course but t...
Is it possible to run Radius with Cert and Radius only on the same interface. I have different profiles for the two. but they share the same tcp port. Need to do a POC, and it would be much easier to have user login with just Radius, not Radius and c...
I can't seem to overcome the following error when configuring AnyConnect with SAML according to https://community.cisco.com/t5/security-knowledge-base/configure-anyconnect-with-saml-authentication-on-ftd-managed-via/ta-p/4467779:Deployment Failed: Us...
Hi,on ISE 2.4 in the live logs pages the report that one got clicking on the repeat counter was very useful because the endpoints were sorted by repeat counters. So it was very easy to find the endpoints with high repeated counters.With ISE 3.2 the r...
Hello, We have observed both on HP and Dell laptops and workstations that if they are using Intel I219-LM NIC they intermittently do not respond to EAP Identity-Request. We have excluded and have confirmed with Cisco and Microsoft TAC any other poten...
Hi, I have one issue with IPSec tunnel Lan-to-Lan between ASA 5525x (v9.8) and ASA FPR 2110 (v9.16). My Tunnel is up but ping between each client was not successful. Both peer status sh cry isakmp sa in "MM_ACTIVE".I ran packet-tracer icmp between pe...
When a client connect to the HQ via AnyConnect vpn, they can access the HQ local subnet, but can´t access the subnet at the remote office, that has an site-to-site connection to the HQ.Can this be configuret via the Cisco Firepower gui?Cisco Firepowe...
object network obj-10.40.40.1 nat (inside,switch) static 172.10.10.5 What does the above NAT mean? what is the original source, original destination and the translated source?
Hello , Cisco FPR version 7.2.5 is possible make group lock for local user that connect to local network over AnyConnect. I want to make Anyconnect access in our network where we have more group policy, we can not find that we can lock local user fo...
Hi All, Need to block below exe file path on server. Can anyone help me how can i do this in Cisco secure endpoint console. c:\program files\uvnc bvba\UltraVNC\winvnc.exe
During the install of Cisco ISE you are prompted for a username / password. This account then appears to be the account you can use to SSH into ISE AND Web Auth to ISE. My question is are these two seperate accounts that just happen to have the sam...
Hi EveryoneI'm using a trial version of ASAv and i believe it has full functionality but is limited in 100kbps. I'm trying to set up remote access anyconnect vpn which authenticates to our NPS radius server. As you can see in the radius debug, it see...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: