Activity in Security
Secure Client 5 for iOS URI handler problems
Hello,We have been using Clientless SSL VPN access on Apple iOS devices from our internal portal for many years without any problems. The connection is made VIA a URI (eg. anyconnect:[//]connect[/]?[name=Description|host=ServerAddress] [&Parameter1=V...
Resolved! ASDM 7-6-1 Font Size too small
Hi Everyone Wondering if someone can help here as I'm running out of ideas! I have a few ASA's that we monitor using the ASDM console (version 7-6-1). We recently changed our monitoring machine with a new one, OS is still windows 10 and we installed...
ASA Site-to-Site VPN Wizard Demonstration
This video has been deleted This video walks through the updated Site-to-Site IPsec VPN Wizard available within ASDM. The workflow has now been simplified and reduces the need for protocol specific knowledge.
Automating Cisco AnyConnect VPN Session Termination from Azure
Hello Cisco Community,I am currently researching a SOC automation use case and would appreciate guidance from the community.Our goal is to automatically contain compromised user accounts identified by Microsoft Sentinel. Today, when a user is determi...
how to determind which IP does the FTD uses for Syslog when IPSEC is e
Hey guys,I have a question , how do the FTD decides which ip address is assigning to its source IP of its syslog packets when the syslog is reachable via Route/Policy based VPN?in the platform setting it only says on which interface the Syslog is rea...
Group Policies dropping from clients randomly on firmware MX 19.2.8
With the recent firmware upgrade on all our MX security appliances to MX 19.2.8 we are encountering our users that are (VPN Client) & (Wired Client) dropping off their assigned group policies in an everyday basis. What would cause this issue and w...
ISE automation - import certificates and restart of application
I have questions regarding the automated import of ADMIN certificates in a multi-node Cisco ISE deployment using a multi-SAN certificate.Available guides typically only cover certificate import on only a single node.However, lets assume a deployment ...
NAC bypass with Basilisk - Automatic Ethernet Ghosting
Hello,Some tools like Basilisk can permit attacker to bypass NAC (event EAP-TLS)Basilisk - Automatic Ethernet Ghosting – Ringtail SecurityIs there a way to detect these type of device on the network and block them with ISE or directly with the switch...
Resolved! ISE 3.2 Azure AD - Intune authentication/authorization certificates
Hi, By reading many times this article would like to clarify the following on a Cloud only environment (Azure AD and Intune, NO ADCS and NO traditional AD): Cisco ISE with Microsoft Active Directory, Azure AD, and Intune - Page 2 - Cisco Community ...
Resolved! The number of ASDM sessions has exceeded 5 on ASA5520 running 8.2(1)
I have an ASA 5520 running version 8.2(1) and I am having an issue with ASDM sessions.I can SSH into the ASA and have tried to clear the sessions but they do not clear as per below.largoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dgu...
Resolved! Plugable with ISE
We use Cisco Identity Services Engine for MAC Filtering on our switches, and one issue that has come up are devices that use the Plugable Docking Stations. With these docking stations, they do not forward the MAC address of the machine's Ethernet Int...
Resolved! Cisco ISE 3.4 Ports for Elastic Search
Hello all,Upon checking on the Admin guides for 3.4 and 3.5, I can no longer find port 9300 which is used for Elastic Search. However, from the CLI for a 3.4 node I can see the following:ISE PROCESS NAME STATE PROCESS ID -----------------------------...
Family Shield not blocking porn
Hello Forum,I have a Unifi Network with a Pi-Hole with fixed IP address set as DNS Server. The Pi-Hole has the Cisco Family Shield as Upstream DNS Server. My four IP-addresses are:208.67.222.123208.67.220.1230:0:0:0:0:ffff:d043:de7b0:0:0:0:0:ffff:d04...
DUO v5
Hi,We recently updated workstations from v4 to v5 and before updates were applied, a user would receive a push on their cell phones but now DUO prompting for PIN #. Also, the authentication screen had a box to "remember me for 12 hours" and that box...
Announcement: GA Release of Resource Connector Group Upgrade Controls
We are announcing the general availability of Resource Connector Group upgrade controls in Cisco Secure Access. Administrators can now configure upgrade windows and delay connector software upgrades for a Resource Connector Group, giving teams more c...
| User | Helpful Count |
|---|---|
| 30 | |
| 12 | |
| 9 | |
| 8 | |
| 8 |
