Network Access Control

Resolved! Trustsec SGACL

I am creating rules (SGACL) for a trustsec matrix.I found a variation on how to permit and deny service ports.Please tell me if there is a way to deny and permit ip addresses of hosts?

Anyconnect Posture : USB mass storage check with Continuous Monitoring Interval

Hello,I want to check periodically the USB mass storage .I can check it every time I connect, but once the PC is connected, I cannot do the continuous monitoring.i.e. :I connect the PC without the USB.The posture assessment is OKThen I plug the USB, ...

Resolved! ISE - AD integration and Admin Service Account

What are the privileges that the Admin Account needs to have, after ISE has been integrated with AD? In other words: what are the minimum settings that the Service account, used to log in AD and create the ISE-AD integration, needs to have to contin...

ISE version suggestion 2.7 or 3.0

I have a customer running ISE 2.4 looking to upgrade. The current ISE golden image version is 2.7. But 3.0 is also available and it seems this will be the long term build going forward. I understanding the licensing implications of 3.0.Based on this ...

Resolved! ISE Stunnel frequent restart

I found suspicious messages in ISE Report -> Audit -> Operations Audit. There is Stunnel Service started aprox. every 30 seconds on one PSN node (the rest 3 PSN nodes in deployment does not do this). The whole message:----ISE process was restarted by...

Resolved! Best way or correct way to reload 2 ise nodes (pan/mnt)

Hello everyoneI need to reload two ise nodes due to a bug that caused licensing consumption page to show zero. ise1 primary(pan/mnt) and ise2 Secondary(pan/mnt). I have 4 psn nodes and they should stay up. I need to ensure no downtime. I know I have...

Resolved! ISE 2.4 Anyconnect VPN static IP assigment / DHCP -CoA

Hi all . I have specific situation/problem for Anyconnect VPN static ip assignment. -it does not work Anyconnect 4.6 client ASA 9.4.4 interim Authentication with cetificate Authorization with Posture check . 1. Users Authenicate on ASA with cer...

Resolved! use static IP for each identity of ISE

The AAA server for ASA Remote VPN is ISE.The DHCP server is the ASA.I want to use static IP of some identity of ISE.Is there a good way??

Resolved! Basic 2-node deployment

Hello AllThe current demand for Sessions requires a total of 50,000My device is Model for SNS 3600, a total of twoBuy a license for 25000 SessionsI set up the two deployments, can it reach Sessions 50000

Resolved! ISE failover impact

Hello, We have a power outage last week and the primary ISE went down, but the 2ndary didn't kick in, so we had to do it manually to promote to primary, the process took 1 hour and 30 minutes for initiating the services to be back in running mode. ...

Post migration from ASA to FTD, macOS users not redirected - AnyConnect

Hi Experts,I have posted this same query on AnyConnect forums, but also wanted get a view from ISE's end.Last week we have migrated from ASA to FTD. With no changes in policies or any other configuration on ISE's end. The configuration is good as it ...

Resolved! XIRRUS access points --> ISE guest portal

Hi,Does anybody have experience of getting XIRRUS APs to work with ISE guest portals?We've installed the Xirrus NAD profile and in the authz profile, ISE tells us that we need to statically configure a special redirect URL on the AP.When a user conne...

l2tp vpn client change password in ISE

Hii use cisco router (in edge)for remote access vpn server for windows clients (users connect from internet ) and routeruse aaa server (CISCO ISE 2.4) for authentication users .my problem :how remote access vpn users (L2TP Over IPSEC) can change pass...

Resolved! Authentication failed for client (Unknown MAC)

Hi All, something's going wrong with dot1x auth of some win10 802.1x clients. This is how the NAS port is configured: interface GigabitEthernet1/0/5 authentication host-mode multi-domain authentication port-control auto authentication violation p...

Resolved! Get certificates expiration due time points through an ISE API

Hello folks, I wonder if there is a way to retreive a list of all installed certificates on the ISE with their expiration time points through a HTTP call to either Monitoring API or ERS API. Their documentation seem to be uncomplete (compare https://...

Network Access Control

Forum Posts

Resolved! Trustsec SGACL

Anyconnect Posture : USB mass storage check with Continuous Monitoring Interval

Resolved! ISE - AD integration and Admin Service Account

ISE version suggestion 2.7 or 3.0

Resolved! ISE Stunnel frequent restart

Resolved! Best way or correct way to reload 2 ise nodes (pan/mnt)

Resolved! ISE 2.4 Anyconnect VPN static IP assigment / DHCP -CoA

Resolved! use static IP for each identity of ISE

Resolved! Basic 2-node deployment

Resolved! ISE failover impact

Post migration from ASA to FTD, macOS users not redirected - AnyConnect

Resolved! XIRRUS access points --> ISE guest portal

l2tp vpn client change password in ISE

Resolved! Authentication failed for client (Unknown MAC)

Resolved! Get certificates expiration due time points through an ISE API

Bulk Update Fails for customAttributes - Is it supported?

UserPrincipalName not showing in ISE Log for certain user

CISCO NAM installation by iso generated by System Center

can i USE 2 CISCO ISE posture policy in same time with 2 Anti malware

High Response time for Entra ID TEAP with ISE

ISE VM Smartnet

ISE 3.5 requests for SMB Version 2 from Active Directory

SSL VPN FOrtigate with Cisco ISE Posture

Certificate Services OCSP Responder nearly expired

ISE databases - which one has the endpoints?