Good morning, we're currently in the process of deploying NAC on all our Wired ethernet ports. So far the process is going smoothly albeit we are having to leave some ports in open authentication state to allow for imaging of new computers by our en...
Hi everyone, need some advice. Recently upgraded IOS-XE to version 16.12.x (Gibraltor) and it removed my enable secret which was using level 5 encryption. Looks like this version of IOS-XE doesn't support level 5 secrets and removes all credentials t...
Hi all, here is a simplified version of a network I am designing. I have a single multilayer switch, connected to a router. Switch points to the router for it's default route. On the router I have a static route that points back to the switch for...
Good evening, from a firewall perspective, which interface does the ASA consider an Anyconnect VPN client coming in on? Here is the situation, I have allowed restricted access from INSIDE to our DMZ based on source and destination IP addresses. ...
Hi all, we have a unique one. There is an army engineering website https://nab.usace.army.mil that some of our users need to access however since we use Umbrella, they are not able to get to it. When performing NSLOOKUP against Umbrella, the abo...
@DannyDulin I believe we have on prem which also syncs with Azure AD. I am not 100% sure as it's a different team that manages AD. Yes @domain.com refers to our AD domain.
@DannyDulinIn my case, after AuthC succeeds, ASA sends the username to ISE and then from ISE I lookup that username in AD. If the user belongs to a particular security group in AD, ISE sends back a permit dACL to ASA. If not it will send a deny dAC...
@DannyDulin I actually ended up using ISE for both AuthC and AuthZ. On ISE however, I setup RADIUS authentication against Azure and then AuthZ would be taken care of via ISE as normal. This has worked extremely well. However, now there is a requir...