Have you ever wondered what happens when an ISE admin certificate reaches its expiry date? Probably not, because we don't ever want to consider this situation because it just sounds like bad news.
We would normally heed the ISE certificate expiry warning in the Alarm viewer, and renew way in advance ... right? ;-)
But, what DOES happen when the ISE admin certificate has expired? Let's say the system has been left running for a long time and nobody looks at the alarms? It could very well happen to anyone.
Here is what you would see if you browse to the PAN using the FQDN
This is displayed in the Firefox browser - and any other security conscious browser should act the same. It refuses access to the ISE PAN. Oh dang! How do I get back in?
The Admin certificate has two SAN DNS entries, and an IP address (but I made an unintentional mistake with the IP)
DNS Name: ise01.net.local DNS Name: ise01
It turns out that the browser will turn a blind eye to this dilemma if I use the IP address of the PAN node instead. I will have to re-test to see what would have happened if I had entered the SAN IP address correctly.
I was able to log back in again!
I will have to create another cert with a valid SAN IP address and see whether that works too. This is only a lab node and it's okay if I lose access forever.
Hello!We are currently using ASA 5516 and AnyConnect for remote access VPN. The maximum connect time is set to 8 hours with a 30 minute time alert interval. Is there a way to prompt the user if they want to extend their VPN session beyond the maximum conn...
After following this document, I do not understand how to accomplish step 5 without over writing the cluster config. https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213585-esa-ces-procedure-to-register-clustere.html Step 5 - Sw...
The sponsor portal printouts have a huge border. I want users to be able to fold the printout up and the huge borders are making this like doing origami. I can't see an option but maybe I am missing something. Is there any way to reduce this border?
I hope everyone is doing well.
One of my health care customers is currently facing issue with ISE 2.4 in regards of authentication authorization when it comes down to PC coming back from sleep mode. Do we have recommendations, workar...
Hello Everyone, I need suggestion , I am trying to configure IPsec VPN with failover. The scenario ,I have two firewalls with Active/Standby configuration. I want to configure 2 VPN's from firepower to different remote peer IP address . I...