Activity in Security
Trustsec Network Authorization not Working
Hi All,I am newly building trustsec in my environment,trying to add one of the switch under trustsec. Have configured Trustsec settings and COA on the ISE for the switch and added the appropriate aaa commands , radius servers and cts commands.But sti...
CiscoISE policy applying on switch problem
Hello,I have a problem with applying policies from CiscoISE 3.2 on switch C3750. It simply doesn't stop the unauthenticated users from logging in to switch, nor it prevent commands that are forbidden by the created policy. In Live Logs I can see that...
FDM DHCP Relay
HelloWe have Cisco 1140 with FDM Management, version is 7.2.5. How do I need to configure DHCP Relay? Because I did all configuration, but int not working
Azure SAML SSO Certificate Error, Firepower 1010
Hi, We are trying to implement Azure SAML SSO on our Firepower 1010. We are using ASA 9.19.1 and Secure client 5.0.02075. When we try the login via Azure by clicking the "Test this applicaton" the login works and there are no errors in the logs. The ...
Resolved! open ssh 9.3 multiple vulnerability in cisco sma
Hi folks recently our audit team have scanned our WSA and SMA for VApt and they have found that wsa(asyncos 14.5) and SMA (15.0) is having openssh version prior to 9.3 and should be upgraded .IS it possible to upgrade openssh alone? i searched docume...
Lock AnyConnect profile to specific certificate
I have multiple AnyConnect connection profiles for various remote users that provide access to different internal networks. The authentication method needs to be certificate only, but there doesn't seem to be a way to prevent an issued certificate ho...
ISE CoA Reauth for Aruba 2530
Hello everyone, Does anyone know the attributes to configure to make the CoA type reauth work on an Aruba 2530 switch (16.11)? I managed to make the CoA Disconnect and port bounce working but I don't have the solution for reauth and I need it for pro...
Cisco ISE 3.2.0.542 External Identity Store Cert Auth via Proxy
We have implemented 802.1x with machine certificate authentication.The certificate validation is via OCSP and the question is does Cisco ISE support connection to OSCP via a Web Proxy? The assumption is that the connection would be using the system p...
PXGrid 2.0 High Availability - Primary Pan Outage
I have an EVE-NG lab that consists of a Panorama, 1 FW, and 4 ISE nodes (see lab.jpg attached). The Lab ISE nodes are running 3.2 patch 5 and panorama and Firewall is running 10.2.7-h3. In reading the 3.2 and 3.1 admin guides they both state in the...
Renewall of Admin Certificate
I have to renew the admin certificate in a pair of ISE nodes (Prim / Sec) on Version 3.2.0.542 Patch 4. Currently both devices have the same admin cert that expires in little over 3 weeks. All the names and IPs in this thread are placeholders. I gene...
unknown IPs in FTD outbound logs
I am managing FTD-1120s with FMCv both running v7.2.1 software. In my ACP I have a GEO rule to block all outbound traffic to China, Russia, and I few other "hotspots". When I search for events that match this rule, most of the traffic is from inte...
About Errors When Connecting to [anyconnect VPN]
The following message is displayed when the connection button is pressed. Please tell me how to solve it. Certificate Validation Failure AnyConnect VPI version 5.0.04232 Secure Client UI version 5.0.00889 Certificate Expiration Date 2025/4/3
Resolved! Cisco FMC integration with TG 5004 and AMPv Private Cloud
Hello Experts, I have a Cisco FMC with managed Device AMP 8130 Appliance with on-premises Threat Grid and Private Cloud. I got issues about the Integration part of the FMC with TG and FMC with Private Cloud and also having trouble with TG to Privat...
BYOD client provision failing with NDES role on Windows 2019
Hi all;After conducting extensive investigations, during which I delved into various topics and related notes, deepening my understanding of the issue, I discovered that I couldn't implement SCEP with an External CA for BYOD scenarios due to a known ...
Cisco ESA - SMTP authentication best practice
Hello community, what is the best practice to use SMTP authentication ? If we have smtp authentication on mail server is it a good practice to switch it to Cisco ESA ? I can`t find, what is the mail flow when user is using smtp authentication on Cis...
| User | Helpful Count |
|---|---|
| 51 | |
| 43 | |
| 34 | |
| 22 | |
| 21 |
