Activity in Security
ISE CoA Reauth for Aruba 2530
Hello everyone, Does anyone know the attributes to configure to make the CoA type reauth work on an Aruba 2530 switch (16.11)? I managed to make the CoA Disconnect and port bounce working but I don't have the solution for reauth and I need it for pro...
CISCO WSA upgrade alert error
We have upgraded our S1000v(wsa ) from 14.5.1 to 14.5.2 and upgrade was successful but when we checked the alerts we found an alerts as An application fault occurred: ('heimdall/svc.py send_command|195', "<class 'heimdall.exceptions.unknownprocess'="...
VPN route-based unable to ping remote IP
Hi, I am currently encountering issue on route-based ipsec vpn. I cannot ping my remote IP also the remote tunnel. I have verified that there is no decap showing on packets. I already configured static route between each site and still unsucessful of...
migrate policies from SMA
Is it possible to migrate policies and its dependencies alone from am SMA to another. Since both SMA are running different version backup restore is not working.
FTD's - Firepower dropping HTTPS traffic using TLS 1.3 Hybridized Kybe
HelloWe have a lot of clients getting the following error when contacting diffrent sites: ERR_SSL_PROTOCOL_ERROR, we have read that SonicWall and Palo Alto also have these problemes. Solution is to turn off "TLS 1.3 Hybridized Kyber Support" in chro...
The operation took longer than expected.
I have just synchronized both Active Directory and Cisco ISE, ISE is using my server (AD) as an NTP server, everything is fine, but now I'm facing an issue "Status Summary: The operation took longer than expected. This may be caused by slow network c...
SSM ON-Prem TACACS+ and Clearpass
Hi,I am trying to configure TACACS+ on our SSM On-Prem server so that I am able to login on the Webinterface with my AD user. The TACACS+ configuration is done in Clearpass. And the test in the configuration window on the SSM server was successful.Bu...
ise appliance migration from 35xx to 37xx
Hai All can any one please give best practices for below deployment customer has Cisco ISE 3515 running on 2.7 which is EOL/EOS we Proposed new 3715 model. For configuration migration suggestions.
Trustsec Network Authorization not Working
Hi All,I am newly building trustsec in my environment,trying to add one of the switch under trustsec. Have configured Trustsec settings and COA on the ISE for the switch and added the appropriate aaa commands , radius servers and cts commands.But sti...
Resolved! FTP gets Blocked by Zone-Based Firewall
Hello everyone,I have a problem with an IOS firewall. The thing is that I'm using an FTP client to collect data from the wan (it's on passive mode). The session gets established, through port 21 (wich is on my access-list). I cannot get the transfer ...
Resolved! ASA webdeploy AnyConnect 5.x linux image issue changing versions
I've noticed that as of Secure Client (AnyConnect) 5.x I get an error at the ASA CLI and ASDM when I try to change the Linux web-deployed AnyConnect client version. I have no issues with Windows or macOS AnyConnect clients. I've confirmed on ASA5585-...
cannot get to privileged enable mode via console
After searching through other posts, my config seems OK but still strange behaviourasa 9.20 running on FPWR chasisI cannot get in enabled mode when connecting to ASA via console.It used to work but stopped after I played (disable and restore) with aa...
Cisco ISE 3.2 OVA instable crashes
Hi Everyone,Cisco ISE 3.2 keeps crashing several days after the installation.The installation has been done successfully without any problems.After a couple of days the installation is malfunctioning.After several installations and change of the sel...
Anyconnect (Secureclient) 5.x issues with posture - No attributes sent
Hi, Has anyone had issues where you are running FTD with AnyConnect (secureclient) with Posture (DAP) enabled and some computers are sending the attribute endpoint.am=xxx and others aren't? I have several devices not sending the anti-malware attrib...
Resolved! Lock AnyConnect profile to specific certificate
I have multiple AnyConnect connection profiles for various remote users that provide access to different internal networks. The authentication method needs to be certificate only, but there doesn't seem to be a way to prevent an issued certificate ho...
| User | Helpful Count |
|---|---|
| 52 | |
| 47 | |
| 37 | |
| 27 | |
| 25 |
