Have done some searches but haven't come up with anything solid. Never have been good at searching this site, and I suppose I could be the first person to ask this type of question. But that's unlikely. Also not sure if thie community is the best fit or if I'd be better served in the ASA communities. Regardles . . .
Here's what I've got in place at the moment.
- Unified Communications Manager 9.x environment, including Call Manger 9.x and IM&P 9.x
- Cisco ASA 5555X's in an HA pair.
- AnyConnect Mobile
- AnyConnect Premium
- Advanced Endpoint Assessment
- IOS/Android devices running the Cisco Jabber client(s).
Here's what I'm trying to accomplish.
- Build an AnyConnect profile/Group Policy/Dynamic Access Profile for IOS/Android devices. (done)
- Set up split-tunneling/ACLs within the Group Policy to allow the Jabber client access to the UC environment, as well as allowing an RTP stream from an a device on AnyConnect to any telephony device in the internal environment. (Sort of done, not working the way I'd like.)
- Deny http/https traffic to any other internal corporate websites. (Sort of done, not working the way I'd like.)
I know for sure this is centered around ACLs, because if I don't define any for this profile, calls work as expected (with video too!). Unfortunately, access to internal web sites works too. If I activate the ACLs I've come up with so far against the AnyConnect profile, I'm successful in blocking internal web site access. Unfortunately I also get one-way audio to the Jabber client.
So far I've tried a mix of a Standard ACL applied against the split-tunnel, as well as an extended one. Have also tried pinning an ACL against the DAP too. I'm tantalizingly close, but haven't quite come up with the right combination of things. Looking to see if anyone has run through this particular scenario. And to see if there's any advice they might like to share.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...