Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
How long are connection logs maintained by the AnyConnect client? We may want to see what VPN hosts were connected to on specific workstations and need to know how far back we could get this information from the AnyConnect Windows log or a DART bundl...
It's been several years since I assisted with a CES deployment but if I remember correctly Cisco instantiate the instance in their cloud data centers. My question is what version of AsyncOS is currently being deployed in Cloud Email Security, 12.x or...
I'm fairly sure this isn't possible with Meraki but hoped someone could confirm. Customer would like to verify that a device is corporate owned (reg key/file check etc. as with AnyConnect posture) when establishing a Meraki VPN connection with ISE pe...
We are integrating ISE with DNA-C, a Rockwell IoT controller and possibly some other systems for a customer that is using a wildcard SAN certificate from DigiCert for Admin, EAP and portals. What is the best path for pxGrid certificates, in this case...
This is an old thread but to aid those who may come across this community post in searching, the Management Tunnel feature may be what you are looking for: https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/2...
Sheraz, Thanks for responding. We need the logging on the AnyConnect host side not the head-end. This is so we can identify if a user connects to a non-corporate VPN.
IB1 - You configure Active Directory in ACS through the Users and Identity Stores > External Identity Stores > Active Directory menu. Beware that it's not just a case of changing to the new Active Directory though. If I recall correctly, you will nee...
Paul,Thanks for the response, appreciated as always. I thought that the certificates used for ISE, DNAC, IoT controller, etc. all had to be issued by the same CA chain and as I understand it DNAC only supports one certificate, so I didn't want to iss...
