Security

Lock AnyConnect profile to specific certificate

I have multiple AnyConnect connection profiles for various remote users that provide access to different internal networks. The authentication method needs to be certificate only, but there doesn't seem to be a way to prevent an issued certificate ho...

Cisco ISE integration with SCCM

Hi While Integrating ISE with SCCM 2012 based on below link, i am getting error related to DCOMhttps://community.cisco.com/t5/security-knowledge-base/how-to-integrate-cisco-ise-with-microsoft-sccm-for-patch/ta-p/3725035 Do any one having solution on ...

Site-to-site vpn failover causing memory spike in spoke sites

Hi All. I would like to get your thoughts on the following issue i have been facing since implementing Dual ISP and failover for site-to-site vpn tunnels.Hub Site:ASA5515 using 9.6(4)42Spoke sites:Cisco ISRs using 15.1(4)M8, using voip services over ...

Mitel - DHCP Discovery

Hi, I have a Mitel 5312 phone plugged into a switchport configured for ISE but when it boots up it gets stuck on DHCP Discovery. If I put the port to authentication open then it goes through and boots up as normal.The logs all look ok but I can't see...

Joining ISE to a Reversed DNS Zone

I have joined ISE on the same reversed zone as 50.168.192.in-addr.arpa (ise1.srvcore.local), but ISE have an address of 192.168.99.35.ISE could resolve and ping DNS domaine names on Windows Server and could PING its name "ise1.srvcore.local" and can ...

FMC IP fragmentation to no fragmentation settings can couse outage?

Hello everyone, I have the following issue:The customer would like to disable FMC packet fragmentation globally. According to the Cisco documentation it is quite straightforward.Source chapter: Fragment SettingsCisco Secure Firewall Management Center...

The operation took longer than expected.

I have just synchronized both Active Directory and Cisco ISE, ISE is using my server (AD) as an NTP server, everything is fine, but now I'm facing an issue "Status Summary: The operation took longer than expected. This may be caused by slow network c...

Duo Desktop not recognized

Hello, I am using Cisco Anyconnect to connect to VPN. The system is using Duo Desktop for device health. It is already installed, running and all the checks are ok. However, I am getting this error message and not able to proceed: Install Duo Desktop...

VPN route-based unable to ping remote IP

Hi, I am currently encountering issue on route-based ipsec vpn. I cannot ping my remote IP also the remote tunnel. I have verified that there is no decap showing on packets. I already configured static route between each site and still unsucessful of...

Cisco Secure Client CVE-2024-20337

Following upgrading to upgrading to 5.1.2.42 to fix the vulnerability CVE-2024-20337Within Microsoft Defender this is still flagged as vulnerability for the CVEIt appears to refer to a component of the install:C:\Program Files (x86)\Cisco\Cisco Secur...

Command uninstall siltent Cisco AnyConnect Secure Mobility Client V4.9

Hello,I try to uninstall  silent Cisco AnyConnect Secure Mobility Client v4.9.06037 :"%ProgramFiles(x86)%\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -remove -silent >>> Doesn't Work Msiexec /x {id] > not work.  Please help me.

Max number of licenses available for Cisco ISE

I'm speaking of Essentials/Advantage/Premier. We use on-prem SSM.is there way to know how many licenses Cisco ISE gets from the binding to a virtual account on Cisco SSM?The only piece of information is the consumed ones, like knowing how many you ar...

Service impact on ISE certificate renewal

Hello. I'm trying to renew the ISE's certificate, but I'm using both admin and eap authentication, portal, and radius DTLS. In this case, I would like to know if renewing this certificate will reboot the ISE or if it will cause downtime. The certific...

How to allow RTP protocol in NAT and access list in FMC