I had recently come across a scenario where Cisco wireless 7921G and 7925G handsets were rejecting ISE's certificate. I had setup the phones for EAP-TLS using MIC. I had uploaded Cisco's Root CA and Manufacturing CA Certificates and enabled "Trust for client authentication". A Certificate Profile was configured matching Common Name and is added to the Identity Sequence. The strange part was that Cisco wired handsets (7942,7945 and 7965) were working with identical configuration.
What I had discovered was that even though the phone is set to not Validate Server Certificate it still was, rejecting the EAP certificate signed by the local root CA. The issue was remediated by exporting the root CA certificate is DER format, accessing the Web Access webpage (Full Access Mode) and importing the root CA certificate to the handsets.
Hopefully this document saves someone a TAC call and some head scratching.
Hi Experts, I have couple of doubt. I am planning to do IOS upgrade in ASA firewall. 1. In the device primary is showing as Active and secondary as failed. In this case can I upgrade the IOS in secondary device?2. Normally when I perform I...
Our customer is asking us AAA policy as below: only "domain user + MAC address" can access to their internal network.
Can ISE support the combined the condition like that? We are using the ISE 2.4 Patch 8.
Highly appreciated ...
Hi everyone, I'm deploying ISE 2.6 with Anyconnect 4.7, users are authenticated via AD and EAP-FAST with user and machine success authentication. I have an issue when ISE Posture try to search a policy server it shows message "No policy server detect...
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...