Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am attempting an in-place upgrade of ISE 2.3 to version 2.7 on a virtual instance. The upgrade itself seems to have completed without issue. But the post-upgrade process is not cooperating. Specifically fixing the domain join to Active Directory.In...
I swear this sub interface used to give out addresses from this pool without issue. Something got wrecked though.Here's the interface + sub interface config:interface GigabitEthernet1/3
description SonosDirectConnectionPort
no nameif
no security-l...
I thought I had this sorted out earlier today but...not so much. Deploying a Cisco ASA 5506-x as firewall/router. Trying to accomplish some smarter VLAN'ing to segment traffic on my office/home network. Core switch is Cisco 3560cg. There's some other...
I have a 5506-X appliance running 9.9(2) software. Have been struggling to get IKEv2 support for native Apple clients working...macOS first then will worry about iOS.
At this point *I think* I'm close.
I've defined a custom IPSec IKEv2 proposal t...
I'm trying to setup at iterative identity policy for EAP-TLS authentication. Basically I'd like one rule to be tested then based on the result either proceed to authorization policy evaluation or go to the next identity policy rule.For example, I ha...
@Milos_Jovanovic so simple yet so genius. I was just about to build a new, replacement VM but figured I'd check the forum once more. I was using macOS Firefox. Just now I tried using macOS Chrome. The domain join worked!!! Thank you so much for the s...
Sheraz was on the right track. The dumb switch attached to 1/3 couldn't do VLAN tagging nor could any direct connected wired clients. So I changed the config to drop VLAN103 and assign the IP directly to the 1/3 interface. Everything working smoothly...
My main misunderstanding is that 'access-list <name> extended' implies that additional ACL statements with the same <name> append to the overall ACL. Sigh. So...appending a 'permit ip any any' to the end of the ACL that is applied via an access-group...
There may be an underlying issue with my config. Here's what I'd like to accomplish with EAP-TLS - client presents certificateACS looks at, say, SAN mail and tries to match a value in AD - success/failACS looks at, say, Subject and tries to match a ...
