Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I have an FTD managed by FMC with Remote Access VPN enabled.Authentication: DUO ProxyAuthorization: On-prem Active Directory (LDAP)LDAP attribute map: memberOf → Group-PolicyAD Realm configured and synchronized correctlyIdentity Policy: Passive...
Hello Community,I have Active Directory successfully integrated with FMC.My goal is to apply a Dynamic Access Policy (DAP) to my FTD, where the DAP should match a specific Active Directory group and apply a corresponding access policy (for example, A...
Hi,I’m trying to secure SNMP access on a Cisco ISR router (ISR4331) using CoPP and extended ACLs from external public IP's, but only allowing specific whitelist range.As I notice some vulnerability with regular ACL applied on SNMP, I’ve applied the f...
I have a template generator built in PHP, VTL, and I have also tested Jinja. This setup works well for generating Cisco CLI templates offline with the exact configuration structure I need, doing this since years..Currently, I apply these configuratio...
Hello Team,I recently implemented an FTD Firewall managed by FMC, primarily using it as a VPN concentrator for internal subnet access.Here’s my current configuration:I created two connection profiles, each assigned to a specific Group Policy.Under th...
You can do easily like this:community-set COMMUNITY-165075:22end-setroute-policy POLICY_INif destination in (0.0.0.0/0) thendropelseif community matches-any COMMUNITY-1 thenpasselsepassendifend-policy
Hello,Some extra information if can help to identify the issue:Users authenticate through Duo using only the username format:user1They do not use domain\user or user@domain, so this should match the sAMAccountName in AD.Authentication works correctly...
Dear @malcolmsalmons ,For your requirement, and your situation, I recommend you use Traffic Engineering with an Explicit Path, so the PW is forced to stay on the primary link and does not reroute. Just make sure RSVP is enabled across the core.I also...
Hello @ez9 , I had this issue in the past and also tried using EEM scripting, but it had some limitations if some interlink goes down.The most reliable and way I found with ASR9k by using Ethernet CFM (MEPs + CCMs + AIS) together with propagate remot...
