Activity in Security
Resolved! ISE v3.0 - Trusted Certificate Store for 802.1x PEAP Certificate Authentication
Hi All, I'm trying to configure Wireless 802.1x with PEAP and I understand for ISE to verify the user certificate that it will present, I need to have a Root CA in the list of 'Trusted Certificates' within ISE. I've imported that as follows: That's ...
Resolved! Not able to ping gateway from system
Hi Team,I have implemented dot1x with cisco ISE.Below is switch configuration.SW1#sh runBuilding configuration...Current configuration : 6616 bytes!! Last configuration change at 21:06:15 UTC Mon Mar 1 1993!version 15.0no service padservice timestamp...
CISCO IOS issue
While i upload the boot system for firewall ASA 5506-x with image cisco-asa-fp1k.9.16.2.SPA and after reloading getting below error and I couldn't able to login to firewall. ##########################################################################...
Resolved! where can I find a log of failed logon attempt against ISE CLI?
I would like to find out who or what is failing to logon to ISE CLI. It could be a security scanner but where can I find info like source IP date/time etc.?
How to exclude DNS via anyconnect
Hi All , Now , I configure ASA for Client VPN via anyconnect and configure split-dns on group-policy If some IP or domain I need to use dns local (network adapter) . What is the edit configuration ?
Resolved! How to force a client to use specific MTU when using ISE EAP-TLS Auth
My client is using EAP-TLS Fragment as 1486, i configured the Authorization profile to push accept with RADIUS Attribute Framed-MTU = 1002 but the client is not using that obviously with EAP TLS communication to fragment the large packet. Wireshark s...
ASA 5545X & Firepower Issues
This is my first time posting here, so bear with me.Our company runs ASA5545X with Firepower in each of our 2 data centers. For the last 2 years, we have been having an ongoing issue where they stop passing traffic. In the last couple months, it has ...
READ ONLY ACCESS ON ASA 5525
Hello Sir,Please I am having issue with a user who I want to have read only access to the firewall. Below is the command I use:username DKamenuveve password xxxxxxxxxxxxxxxxxxx priv 5The user is still able to execute configuration commands and save.T...
Blocking Disney+ on the FMC also blocks ESPN
Hi all,I am successfully blocking Disney+ on the network with the FMC through Policies > Access Control. Disney+ is blocked via applications. But this also appears to be blocking ESPN. I tried applying a policy above this one that allowed all 3 (ESPN...
Active directory password shown in firepower
So, i integrate identity policy on firepower with my active directory. All works, but there one problem. Somehow when i see the traffics log, i can see the user password.Anyone know why this happen?For my use case, i just want to use identity policy ...
Where do i find my private key for my Certikate and export it
Hi Community,On an Asa 5505 i want to add a Identity Certifikate. I have a new Certificate File (.crt) But i need a Passphrase. What passphrase please?So this do not works.Next Idea: Converting the Certifikat. So i need my "private key" stored somewh...
ISE assign SGT base on AD Group
I have an ISE that connected to the AD. So, i want to assign the same group in AD (ip, devices, and all) to the SGT automatically. For example, if i have an IT group and HR group in AD, the ISE will automatically make SGT with the same group. And if ...
Cisco ISE Anomalous Behavior dhcp-class-identifier Imaging Issue
Hello Cisco brains, I recently deployed Cisco ISE (3.1P3) and I'm running into an issue with Anomalous Behavior and Detection. I understand that in order for ISE to trigger an anomaly, it must hit the following:NAS-Port-Type - Determines if the acces...
FTP to ASA not working
I am trying to re-mage an SFR module on an ASA but when I do a system install via ftp, I get a permission denied error. I have ruled out the FTP server as the issue as I am able to FTP to a totally different set of firewalls so that should rule out t...
ASA IPSec Site to Site VPN error
I am trying to get a site to site vpn up and running:All I am seeing is the following:%ASA-5-750002: Local:x.x.x.x:500 Remote:x.x.x.x:500 Username:Unknown Received a IKE_INIT_SA request%ASA-3-751002: Local:x.x.x.x:4500 Remote:x.x.x.x:4500 Username: x...
| User | Helpful Count |
|---|---|
| 1555 | |
| 1100 | |
| 640 | |
| 635 | |
| 610 |
.jpg "VIP Expert"){kind=icon}
