About cnegrete

cnegrete · 06-15-2020

Hi everyone. I have a small issue with a customer. We just implemented a RA-VPN service using Anyconnect (version 4.8) and Firepower 2130/4110 (Version 6.6). The problem is that the customer also have other Anyconnect version 4.5 on other sites. Is ...

cnegrete · 05-10-2020

Hi everyone. I can't find a concrete answer to this one.I have a Firepower 2130 with FTD, and an ISE server and I need to assign different permissions per user group.The only approach I've seen that's supported is by sending an attribute from ISE tha...

cnegrete · 03-25-2020

Hi everyone.This one is a bit tricky. We have 2 different Firepower devices, 21xx and 41xx, on different locations. The idea was to have them work independent from each other, but the customer wants some kind of automatic redundancy in case one fails...

cnegrete · 05-21-2019

Hi everyone. First a small background. My customer needs to run some Acceptance Test Protocols, which includes the complete deletion of a VM (which runs a ISE PSN), and restore it from scratch. We use one of the ovf files to create the VM, and we ne...

cnegrete · 02-05-2019

We have a "small" issue on a deployment (a migration from ACS, so we're using only Device Admin license): The admin users (which weren't migrated from ACS) that we created ("promoting" the users as the documentation says) only should have permission ...

cnegrete · 05-10-2020

So I would need to define the DACLs in ISE, right? It kinda defeats the purpose of having all my objects and groups in FMC...The firewall guys won't like this approach =(

cnegrete · 03-25-2020

Yeah, I was thinking ahead with the vpn pools, but I assume it doesn't matter the IP address the clients get since in the actual configuration they do have separate pools per concentrator.The answer you gave me is the one I needed. Thanks for your ti...

cnegrete · 10-24-2019

Reviving a not so old thread (as I'm in the exact same situation as some people that have come across this), would this work for our purposes?https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs...

cnegrete · 05-22-2019

The issue here is that if one of the machines dies, to restore it we have to use the ISO/OVF file, then install patch 1, then 4, then 6 (and even 8 if we install it), and then register the server to the deployment. Will it work if I only install the ...

cnegrete · 11-22-2018

Excellent. I can go from here.It's a shame you can't just use a file to bulk delete on ISE.Thanks!!

Member Since	‎04-05-2006 07:56 AM
Date Last Visited	‎06-22-2020 10:32 AM
Posts	61
Total Helpful Votes Received	17

User Statistics

User Activity

Anyconnect with a no-upgrade option?

Anyconnect VPN with FTD and ISE (permissions set by user group)

VPN with Firepower/Anconnect over 2 different sites w/redundancy?

Uninstall redundant patches for quick redeploy on ISE 2.4

Correct role for Admins to change their own password?

Re: Anyconnect VPN with FTD and ISE (permissions set by user group)

Re: VPN with Firepower/Anconnect over 2 different sites w/redundancy?

Re: ISE and complete SYSLOG message list for clever event management

Re: Uninstall redundant patches for quick redeploy on ISE 2.4

Re: Bulk delete of network devices in ISE 2.4