To elaborate slightly: By using aggressive mode I can get the ASA to use a tunnel-group which has a name, not an IP, but I cannot figure out how to get rid of the destination in the tunnel definition, e.g.
Just for grins, I asked our partner for pre-sale help (since this is for a planned project), and was told that whether or not VTI on ASA can support a tunnel destination that is DHCP assigned is a post-sale, TAC question.
So ... buy it, and we'll tell you then if it works or not.
We're moving forward with a small router to terminate these tunnels on, at least I know that works. And nicely it supports EIGRP, so no need for BGP redistribution.
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...