I am trying to create a profile rule so separate shop floor computers from office computers. They are in different AD groups by host name but I don't have the MAC in AD. Is there a way to profile them using an AD group without the MAC address?
I am using ISE 2.2 and need to chagne the SMTP Server port. It defaults to 25 but I need another one. How is this done? I tried mail.company.com:2500 but it seems to strip off the 2500 and uses port 25.
I have been trying to get the Rest API to work with the ACS server and am struggling with the POST commands. I am using C# but to simplify things I am testing with the Rest Client plugin for Firefox. My URL is:
https://ACSServer01/Rest/Identity/User...
I understand Microsoft dropped IPSEC support in Windows 10. If this is true, does that mean you can't use FlexVPN with a router as a server with Windows 10 clients?
We have been using IPSEC tunnels forever but after upgrading to IOS 15.3, the tunnels stop working. It only happens when both ends are on 15.3. Has anyone seen this before?
I solved the REST client issue by adding a content-type=application/xml in the header and the following line at the top of the body.
<ns2:device xmlns:ns2="networkdevice.rest.mgmt.acs.nm.cisco.com">
So now I am back to the C#. I get an error 400 co...
Oh, well, I guess that isn't exactly true. I'm not going through an "nat inside" interface but it still could get hung up with NAT. After I make that change, is there a clear of some sort to make it effective?
Thanks Paul. I couldn't find that command exactly but found "crypto isakmp nat keepalive...". I assume that is the same thing? I tried that with no difference. I am bypassing NAT in my ACL so I shouldn't have a need for anything relating to NATing.So...
Well, that was my guess. I'm not a VPN expert but below is the ISAKMP debug. I have one hub that works with it's spokes but that one also has FlexVPN configured on it. So I suspect there is something I configured for FlexVPN that makes it happy. But ...
