Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi everyone. I have a small issue with a customer. We just implemented a RA-VPN service using Anyconnect (version 4.8) and Firepower 2130/4110 (Version 6.6). The problem is that the customer also have other Anyconnect version 4.5 on other sites. Is ...
Hi everyone. I can't find a concrete answer to this one.I have a Firepower 2130 with FTD, and an ISE server and I need to assign different permissions per user group.The only approach I've seen that's supported is by sending an attribute from ISE tha...
Hi everyone.This one is a bit tricky. We have 2 different Firepower devices, 21xx and 41xx, on different locations. The idea was to have them work independent from each other, but the customer wants some kind of automatic redundancy in case one fails...
Hi everyone. First a small background. My customer needs to run some Acceptance Test Protocols, which includes the complete deletion of a VM (which runs a ISE PSN), and restore it from scratch. We use one of the ovf files to create the VM, and we ne...
We have a "small" issue on a deployment (a migration from ACS, so we're using only Device Admin license):
The admin users (which weren't migrated from ACS) that we created ("promoting" the users as the documentation says) only should have permission ...
So I would need to define the DACLs in ISE, right? It kinda defeats the purpose of having all my objects and groups in FMC...The firewall guys won't like this approach =(
Yeah, I was thinking ahead with the vpn pools, but I assume it doesn't matter the IP address the clients get since in the actual configuration they do have separate pools per concentrator.The answer you gave me is the one I needed. Thanks for your ti...
Reviving a not so old thread (as I'm in the exact same situation as some people that have come across this), would this work for our purposes?https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs...
The issue here is that if one of the machines dies, to restore it we have to use the ISO/OVF file, then install patch 1, then 4, then 6 (and even 8 if we install it), and then register the server to the deployment. Will it work if I only install the ...
