About thomas.busse

thomas.busse · 12-18-2020

Hello all, we are running a two transport (MPLS/public internet) SDWAN network and the site interconnection is working perfectly fine. We now wanted to shift from using the proxy that is located in the central datacenter, to use the DIA feature fro...

thomas.busse · 11-29-2020

Hello, I do have a relatively simple SDWAN fabric that includes a public-internet line and a private line for all sites in the transport VPN0. The controllers are cloud hosted from Cisco within Azure DC and the private line does not have a connectio...

thomas.busse · 08-15-2019

Hello, we would like to globally rollout DUO Security to our users and therfore synchronize a specific AD-Group or AD-Groups that spread over multiple geographic domain trees (e.g. us.acme.com, de.acme.com, es.acme.com, etc.). To achive the user sync...

thomas.busse · 03-12-2019

Hello, I am trying to filter DNS request from VPN Clients calling for "_cisco-uds._tcp.*" but when I did the obvious from the Connection Events Tab and trying to add the domain to the global blacklist it says that it is an invalid domain. Privious...

thomas.busse · 02-08-2019

Hello Community, I was wondering if for e.g. especially for Inbound SSL-Decryption Rules it is possible to integrate Cisco Firepower appliances with any 3rd party HSM, so that private keys, etc. will remain outside the Firepower appliance ? Greet...

thomas.busse · 01-07-2021

Hello, just to let you know what the resolution of that error was, I had to change the IP MTU and TCP adjust mss values from the service VPN interfaces to another value, Cisco TAC was not sure why the previous values did not work. Old Settingsinterfa...

thomas.busse · 01-05-2021

Hello ITMonkey, I kind of had the same chellange when I had to synchronize users from different AD forrests using the Duo Authentication Proxy. The solution was to point the Authentication Proxy to the AD global cataloge server instead of an individu...

thomas.busse · 06-16-2020

Hi Chatataridge, yes that is possible. I am terminating the VPN Clients in the default group policy with a VPN Filter “deny any” and then assigning the specific group-policy via authorization policy on ISE. I guess when you configure the ISE as RADIU...

thomas.busse · 09-19-2019

Great Post!!Anybody knows if this feature is supported on a Catalyst 3650 with IP-Base License ?Kind regards,Thomas

thomas.busse · 06-04-2019

I know the original post is from 2016, but are there any news regarding a prebuild VM Appliance as an OVA file ? (Including OS Hardening, automatic updates, etc.) We have many customers, that expect that and are not willing to deploy and manage there...

Member Since	‎09-15-2011 06:10 AM
Date Last Visited	‎06-30-2021 12:30 AM
Posts	53
Total Helpful Votes Received	13

User Statistics

User Activity

DIA local breakout performance issues

Control Connections from private transport via NAT through another vEdge Router

Is it possible to AD-sync users from multiple child domains in a forest into Duo?

Firepower - DNS Inspection for _cisco-uds._tcp.* (Cisco Jabber)

FirePOWER - Hardware Security Module (HSM) Integration

Re: DIA local breakout performance issues

Re: Authenticating to multiple active directory domains

Re: Duo MFA with Cisco FTD and ISE

Re: Understanding Ethernet Virtual Circuits (EVC)

Re: Duoproxy as pre-built virtual appliance for VmWare