Activity in Security
Roaming user redirection rules update: Germany and Ireland
Anycast routing is the default mechanism for Secure Web Gateway roaming user data center selection, but sometimes it does not result in an optimal data center selection, especially if a user is near a country border. SWG Roaming user data center se...
Trying to overcome OpenVPN Reneg-Seconds
I've installed a Unifi Dream machine and used Duo as it's Radius, I use LDAP for primary auth and Duo Push as MFA. All is well...For an hour then OpenVPN forces it's hourly renegotiation and another push is sent out which must be approved. Not keen o...
Implementation of VRF Aware IPSEC (IKEv1) VPN
VRF Aware IPSEC (IKEv1) VPN Introduction Lab Topology Basic Configuration IPSEC VPN Configuration Introduction Virtual Routing and Forwarding (VRF) is a technolo...
WSA Upgrade from 14.5.0-537 to 15.2.3-007 – What to check before
Hi Cisco Community, I'm planning to upgrade our **Cisco Web Security Appliance (WSA)** from **AsyncOS 14.5.0-537** to **15.2.3-007**. Should anyone tell me the best practices and what to check before the upgrade? Looking for advice on:1. Any **criti...
Ssl certificate error
Hi All, Facing an error where crowdstrike agent not able to connect to crowdstrike portal due to ssl certificate failed error. I have added the required url in allow list and decryption bypass policy, still the same issue. Pls note: Currently im usin...
Resolved! How to config Duo Authentication Proxy support 2 API ikey and skey
Hello: Due to the network security, the existing environment didn't have internet access and we are using Duo Authentication Proxy. However, we have 2 API with the same API Host. May I know how can I config Duo Authentication Proxy to have 2 API skey...
Resolved! User privilege level with Radius
Hello all, Currently I have several switches (IOS and Nexus) which use RADIUS for login. The RADIUS server is a Windows server and uses Active Directory authentication. I would like to assign the active directory users different privilege levels on t...
IKEv2 Remote Access VPN Failure to Connect
Good evening,I previously had an IKEv2 Remote Access VPN tunnel working properly on an ASA 5515-X but apparently made some changes that have broken this functionality, so I appreciate any assistance that can be offered in restoring functionality. I h...
ISSUE 12511 Unexpectedly received TLS alert message reject client
I am having an issue with TLS on Windows 10 Pro. When I log in to the SSID using my Active Directory username and password, it works, but then I get an error saying “Can't connect to this network.” How can I fix this?
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) in cisco Catalyst 9300 We have run vulnerability cisco Catalyst 9300 and we find the above vulnerability. All software is up to date.#show ip sshSSH Enabled - version 2.0Authentication method...
Cisco ISE Upgrade Best Practices
In the following ISE webinar, you will learn how to Validate ISE version complianceExecute efficient upgrade workflowsLeverage telemetry for enhanced visibility, data-driven troubleshooting, and consistent policy control across distributed environmen...
API-BASED TOOL for Bulk Object Creation in FDM
Problem How many times have you found yourself clicking through the FDM GUI, manually creating dozens (or hundreds) of URL and Network objects? This tedious process has probably cost you hours of valuable time and introduced the occasional typo or ...
Cisco ISE 3.3 patch-7
Good morning technology people,Has anyone applied patch-7 on your 3.3 ISE environment? I am almost 100% that this patch is NOT thoroughly tested by Cisco prior to releasing it. I have to patch my 3.3 patch-6 system in about two weeks (due to securi...
MIC (Manufacturer Installed Certificate) better than MAB auth
I have noticed that the security camera vendor, Axis, ships cameras with 802.1X EAP-TLS enabled and the camera cert is signed by the Axis Issuing CA. The expiration date is the year 10,000 (LOL). You notice the constant RADIUS Live Log errors in ISE ...
Resolved! ISE 2.7 VM to 3.3 upgrade
Hi all,Wondering what is the best way to upgrade ISE VM's (PAN/PSN and SAN/PSN) from 2.7 to 3.3 patch 3.I'm planning to do Backup&Restore method into 2 new VM's (assign temp IP addresses then change these to the production ones, when finished).Should...
| User | Helpful Count |
|---|---|
| 90 | |
| 41 | |
| 31 | |
| 29 | |
| 29 |
