Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi guys, I just upgraded our ACI infrastructure from 3.2 to 4.2. Now our security scan system within our network has alarmed stating "The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0" How would I disable this in the API...
Hi guys, I'm a bit confused in why we would use two signed certificates for anyconnect VPN to establish a trust point on the outside interface of the firewall. If look at the below article and follow the steps, it would go like this. 1. Create a CS...
Hi legends, I have just completed setting up RAVPN with MFA, one with Yubikey and one with Microsoft Azure NPS. The MS option is for general staff and the yubikey is for IT support staff. This is what the customer requested. Now, they would like VP...
Hi guys, We have a couple 9300 FTDs managed by a single 4600 FMC. We are getting a second FMC in a few weeks and wanted to know how would I add it to the existing setup? I can't find anything on Cisco's website. What I'm thinking is: 1. Restore th...
Hi Legends, I'm a bit stumped and trying to find a solution on parsing credentials when users authenticate via VPN/ISE and then trying to access data centre services. Our setup is as follows VPN USER > AnyConnect > FTD at the internet edgeOnce user...
Hi guys, For anyone else who might run into this issue. With version 4.2 Cisco has opened port 8989 to the OOB mgmt network. Once I created a filter to block traffic to the OOB mgmt network on port 8989, our security scans failed to see the open po...
Yes, that is one of them. I should mention, this is only on port 8989 for SSLv2 and 3. I have raised a case with Cisco TAC on this. I can't find any documentation related to it anywhere. Once I get an update, I will share it here. I did run netstat c...
hi Marcel, Yes, I have looked there, but there is no option to enable/disable SSLv2 or 3. I have raised a TAC case for this and just waiting on our Cyber ops team to provide their details to TAC on how they found the APICs responding to these servic...
