Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am setting up a DMVPN between several dozen sites using 2800, 2900 and 3900 series ISRs. The DMVPN Design Guide recommends current 12.4 or 12.4T IOS, but the DG was last updated in July 2008. I cannot seem to find any recommendations newer than t...
I am seting up an evaluation deployment of the Cisco ASA SSL VPN. Our intended use will be as Client (AnyConnect) Access for Employees and as Clientless Access for third parties (i.e. contractors, consultants, alumni, etc.). Both will use username/...
Curious if you every resolved this issue. I'm a new user to DNAC, running on 2.3.3.7. When discovering my network I regularly find the C9300 added as DISTRIBUTION, even though they are our L3 CORE. I'll update the Device Role tag, but I don't see ...
I will have three sites desiganted as regional hubs and the headends will be 3945E, 3945 and 3925 respectviely. Model selection was based on bandwidth at the site, I would expext DMVPN performance itself would have been fine on the 3925.I was just d...
Thanks for the suggestions, Marcin. I was thinking along these same lines. I had initially reached out to my SE and was steered towards 15.2.2T, but once I looked into that release I didn't come away with the best feeling. This release is over a y...
Vikas, we would be using two-factor authentication, AAA and Certificate. If an asset were lost or stolen we would be able to change the password or disable the AAA acount of the user. I know it's not ideal since the Certificate would still exist on...
Thanks for the information, Todd. Your post brings up an interesting point about leveraging DAP. As far as I am aware, DAP cannot check for the existance of a certificate itself, but if a Prelogin Policy validates that a certificate exists, I can s...
