Activity in Security
FMC IP fragmentation to no fragmentation settings can couse outage?
Hello everyone, I have the following issue:The customer would like to disable FMC packet fragmentation globally. According to the Cisco documentation it is quite straightforward.Source chapter: Fragment SettingsCisco Secure Firewall Management Center...
Lock AnyConnect profile to specific certificate
I have multiple AnyConnect connection profiles for various remote users that provide access to different internal networks. The authentication method needs to be certificate only, but there doesn't seem to be a way to prevent an issued certificate ho...
Create Python Script for Rest API Calls to FDM
The Cisco Document Team has posted an article. This document describes an example of using Python to make Rest API calls. Know of something that needs documenting? Share a new document request to doc-ic-feedback@cisco.com Y...
How to delete a previous joined ise node from Cisco ISE Node?
I did join ise1 as a join point on Cisco ISE GUI, and then deleted it, but now I want to rejoin it, but an error message showed up telling me that : "Resource with this name is already configured in DataBase."======> How to definitly delete it ? and...
802.1x Cert Auth - What does the PSN Do with the Client Cert?
Please see the attached file. When a Windows client connects to the network and its supplicant is configured to send the computer certificate, what exactly is the PSN doing with this certificate? In the attached i have a use of Lab_dot1x_Certs (See...
Site-to-site vpn failover causing memory spike in spoke sites
Hi All. I would like to get your thoughts on the following issue i have been facing since implementing Dual ISP and failover for site-to-site vpn tunnels.Hub Site:ASA5515 using 9.6(4)42Spoke sites:Cisco ISRs using 15.1(4)M8, using voip services over ...
Resolved! No SSL trust-points configured
Working on VPN and we are getting errors stating no TP found. Did a sh ssl/ sh run ssl and got weird information back but need help with understanding TP's
Does XDR replace SIEM and SOAR?
Extended Detection and Response (XDR) - Versus - Security information and event management (SIEM). After the acquisition of Splunk as a SIEM and the launch of Cisco XDR, which one is better for detection and response?
Resolved! Route Based VPN FTD
HIWe have several Policy based VPNs, I have read in a Cisco document that the sysopt permit-vpn is not supported with Route based VPN and I will need to configure access control for this, so that being said does this affect our policy based VPNs whic...
Cisco ISE integration with SCCM
Hi While Integrating ISE with SCCM 2012 based on below link, i am getting error related to DCOMhttps://community.cisco.com/t5/security-knowledge-base/how-to-integrate-cisco-ise-with-microsoft-sccm-for-patch/ta-p/3725035 Do any one having solution on ...
Joining ISE to a Reversed DNS Zone
I have joined ISE on the same reversed zone as 50.168.192.in-addr.arpa (ise1.srvcore.local), but ISE have an address of 192.168.99.35.ISE could resolve and ping DNS domaine names on Windows Server and could PING its name "ise1.srvcore.local" and can ...
The operation took longer than expected.
I have just synchronized both Active Directory and Cisco ISE, ISE is using my server (AD) as an NTP server, everything is fine, but now I'm facing an issue "Status Summary: The operation took longer than expected. This may be caused by slow network c...
Service impact on ISE certificate renewal
Hello. I'm trying to renew the ISE's certificate, but I'm using both admin and eap authentication, portal, and radius DTLS. In this case, I would like to know if renewing this certificate will reboot the ISE or if it will cause downtime. The certific...
Trustsec Network Authorization not Working
Hi All,I am newly building trustsec in my environment,trying to add one of the switch under trustsec. Have configured Trustsec settings and COA on the ISE for the switch and added the appropriate aaa commands , radius servers and cts commands.But sti...
Mitel - DHCP Discovery
Hi, I have a Mitel 5312 phone plugged into a switchport configured for ISE but when it boots up it gets stuck on DHCP Discovery. If I put the port to authentication open then it goes through and boots up as normal.The logs all look ok but I can't see...
| User | Helpful Count |
|---|---|
| 52 | |
| 47 | |
| 36 | |
| 24 | |
| 22 |
