Activity in Security
ISE 802.1x Authentication Failure - 12535 The EAP-TLS session ticket
Hello,I have been experiencing a number of Windows endpoints failing 802.1x authentication with the failure reason of "12535 The EAP-TLS session ticket received from supplicant is expired". When this occurs the endpoint's Wired Event log shows this ...
Cisco ISE Primary Admin failover and failback issue.
I need advice from experts on this forum regarding a very strange issue that occurred in March 2025 at my current workplace, one month before I joined the company. We have a Cisco ISE 3.1 Patch 10 cluster deployed across two data centers as follows: ...
Resolved! ISE Posture State Synchronization - Real World Feedback
Hi All, I am working on an ISE deployment and I am considering enabling the posture state synchronization at the end of the deployment. From what I have read about the feature, it seems like it can be helpful but I also have some concerns about it. M...
Router Security: Snort IPS on Routers - Step-by-Step Configuration
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual Service using IOxConfigure Port GroupsActivate the virtual service and configure guest IPsConfi...
Subject and Destination ports in flows
Hi,How does SNA classifies source and destination IP addresses and ports for flows? I've noticed port 80 as subject port and random high ports as destination, which for me, is a typical client to server communication but the subject and peer are exch...
Cisco ASA: Automatically change ingress rules interface from "outside"
Hello,We are using a Cisco ASA 5525 firewall and have recently migrated our WAN interface and renamed it. As a result, we need to update all ingress rules by changing the interface from "outside" to "wan".access-list outside_access; 10509 elementsIs ...
Add AI (Artificial Intelligence) Category to OpenDNS
This is a feature request to add a new category to OpenDNS Category Blocking. AI is something that absolutely needs to be its own category and blockable without adding individual custom domains. Thank you for your attention to this matter
Load Sharing in Site to Site VPN using ECMP
I have FTD 3110 managed by FMC, both have version 7.6.4. The customer is using Zscaler proxy and I have created two Policy Based IPSec Tunnels. Tunnels are created on 2 sub-interfaces. So the Flow is like User >> Inside Interface >> FTD 3110 >> Outsi...
Cisco ISE not working with LDAPS for 8021.x Radius Authentication
Hello, I am configuring 8021.x Radius for Windows 11 Users, and I have integrated ISE 3.4 with Domain controller 2025 by using AD and LDAPS method and both integrated successfully, however when I use AD method then windows clients successfully auth...
ASDM privileges via ISE cisco
Hello,I would like to grant an administrator read-only access limited to Access Rules, NAT Rules, and Objects via ASDM.I have already configured TACACS+ authentication and authorization using Cisco ISE, however I’m struggling to identify the exact sh...
FlexVPN Spoke-to-Spoke Implementation with IKEv2 Routing
!! Last configuration change at 17:52:14 UTC Mon Dec 15 2025!version 15.9service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!!! Last configuration change at 17:58:54 UTC Mon Dec 15 2025!version 15....
Sievechar feature not working for LDAP queries with separators
Hello,We enabled the Sieve Email filtering feature that allows LDAP to accept/routing queries when email addresses contain separators (jdoe+123@cisco.com = jdoe@cisco.com) . This is not working since the ESA appliance still sends the whole email addr...
unravelling FTD DNS settings and configuration
I currently have an FTD that has public DNS configured on the management interface (>show network, >show DNS system have Umbrella IPs). I have internal DNS IPs assigned to inside data interface using the platform policy. I did not check enable DNS...
ASAv in AWS Cloud,vpnUser traffic blocked from VPN to on-prem site
I set up an ASAv in AWS i configured an IKEv2 IPSEC VPN between is and my on-prem juniper SRX.i also set up anyconnect VPN gateway, using the same outside interface as the VPN gateway. VPN user authentication is supposed to go thru the IPSEC tunnel t...
ISE 3.3 Patch 8– /opt Disk Utilization Increase and Considera0tion P-9
Hello, After installing Patch 8 on Cisco ISE version 3.3 Patch-7, we have observed a significant increase in /opt disk utilization. The disk usage increased from approximately 22% to 56% within one month after the patch installation and this is only ...
| User | Helpful Count |
|---|---|
| 107 | |
| 23 | |
| 21 | |
| 10 | |
| 8 |
