Security

Posture lease and Cache Last Known Posture Compliant Status

Hi Experts,I need some further clarifications on the above two settings that are under Administration > System > Settings > Posture > General Settings...As per my understanding in the documentation, Posture Lease is used for a specified period of tim...

Cisco ISE Patch Installation and hot fix query

Multiple VMs and IEEE 802.1X multi-auth host-mode

Hello,I am doing a lab with a Windows host that runs VMWare WorkStation and has 3 Linux hosts as VMs. I have configured the switchport on the Cisco device that I am using (C112X) as the following:Note that MAB is enabled for 1 of the VMs that is not ...

Gre and IPsec

Similar set up as a recent project. New customer, I suspect financial companies are trying to button up and make sure everything is encrypted these days. Here’s the setup, this time it’s all static routes. HQ router connects on a leased line to a rem...

BGP ECMP and BFD between onprem to AWS

Hi All,We have 2 x 1Gbps Direct Connect between AWS and HA pair of FPR2140 (FMC managed) running FTD ver.7.4.2.1, BGP and ECMP to load balance the traffic. There are L2 switch in between them to split the single circuit to 2 firewalls.AWS's default k...

Dynamically import Public Keys from a Linux host to a Cisco router

Hello,I am doing a little lab with SSH over Public Key authentication, using a Linux host (Centos Stream 10) and a Cisco router (C112X-8PLTEPW). I have successfully generated the key-pair on the Linux host, then manually copy it and paste it on the C...

FMC 7.7.0 Health Alerts

I am getting the following Health Alerts on FMC running 7.7.0:How can I resolve these issues?

Multi-auth and unmanaged switch

Hi,I have several devices on unmanaged switch that I need to authenticate via MAB. Unmanaged and upstream switch are connected via access port.My idea is to configure MAB on a access port of upstream switch, and use multi-auth host-mode.Would this wo...

Multiple administrators committing changes simultaneously

I have a couple of questions: 1. If there are multiple users logged in as the 'admin' account on an ESA or WSA, and one of those users changes the 'admin' password, would that cause any impact to the other users' work? 2. If there are multiple users ...

Limite de tuneles en cisconsecure acsess

Buen dia comunidad!!Tengo una pregunta, estoy por implementar secure access para un cliente pero en el KO con el cliente comentan que se van a crear tunels IPsec en cada branch hacia secure access, el tema que este cliente tiene cerca de 200 branches...

ASA VPN Threat Detection - never shun an IP

Hello, I see there is no way to "never shun" an IP address from the VPN Threat Detection feature on the newer ASA code. This needs to be added.  With CGNAT being common ISP practice, we need to be able to tell the ASA to never shun a certain IP addre...

Configure Threat Detection for Remote Access VPN on Secure Firewall ASA

The Cisco Document Team has posted an article. This document describes the process of configuring threat-detection capabilities for Remote Access VPN on Cisco Secure Firewall ASA. Know of something that needs documenting? Share...

Anyconnect profile

New to Cisco and anyconnect. I have created a anyconnect profile and after users is beginning to use the profile users are getting is error "Connection attemt has failed". I have only entered one server in the Serverlist.

D316 Duo Release Notes for June 6, 2025

Hello everyone! Here are the release notes for our most recent updates to Duo.  Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out to commercial deployments. You can ...