Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Good day, we are having an issue where remote-vpn users connecting via the ASA are unable to access a resource. (Rough diagram attached). Whenever PC1 is accessing a given resource on the Internet, it has no issues.However whenever PC2 is accessing t...
Hi all, I have a client PC which occasionally needs to upload large amount of data to a server at another company who we have an IPSEC VPN tunnel with. I have attached a rough drawing of this setup. We recently upgraded from an ASA to Cisco FTD ap...
Good morning, we're currently in the process of deploying NAC on all our Wired ethernet ports. So far the process is going smoothly albeit we are having to leave some ports in open authentication state to allow for imaging of new computers by our en...
Hi everyone, need some advice. Recently upgraded IOS-XE to version 16.12.x (Gibraltor) and it removed my enable secret which was using level 5 encryption. Looks like this version of IOS-XE doesn't support level 5 secrets and removes all credentials t...
Hi all, here is a simplified version of a network I am designing. I have a single multilayer switch, connected to a router. Switch points to the router for it's default route. On the router I have a static route that points back to the switch for...
Thank you @liviu.gheorghe I was able to "go around" the issue by routing traffic from the ASA via an IOS router to the destination on the Internet for now. But I will keep this in my back pocket for future
@DannyDulinWhat's rather strange is that the dACL I am sending is simply permit ip any any and even then the issue occurs.Are you also using hostscan? We are using hostscan and as per TAC hostscan and CoA don't work together due to a bug.**Message f...
@DannyDulinAs part of the Authorization profile, do you use a dACL or another option? Sorry for all these questions. I've had a lot of issues with pushing dACLs as part of the Authorization policy from ISE to the VPN session on the ASA. Everything ...
@DannyDulinVery interesting and I am glad you found the answer. So just for my own clarification, you are doing two Authentications (i.e. SAML which is integrated with Azure MFA + ISE). ISE also does Authorization as it normally would. Or are you ...
