Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I have a new Firepower running ASA image 9.14(2)15. It listens for Anyconnect connections on the standard port (443). We also have an existing ASA that is listening for Anyconnect connections on a custom port (let's say 8443). It would make our li...
Suppose I'm troubleshooting an issue and only want to display Radius authentication logs related to a certain user or mac-address. How do I do it? When I launch the interactive viewer, all of the handy search buttons are grayed out. So I thought ma...
From what I understand when using PEAP and EAP-TLS, it's the radius server that first determines which one to use.From draft-kamath-pppext-peapv0-00.txt : So my question is how does ACS select which one to use. I'm assuming its the "Access Services"...
Just wondering if anyone has run into this problem. I ran into it the other day at a customer site. We had a hard time tracking down the issue.Apparently Microsoft's SCCM has a new feature called "wake up proxy" whereby host a pretends to be host b...
Hello,Suppose I have 20 remote sites each connected to a metro ethernet provider with a simple layer 2 vpn back to a single "hub site".The hub site is where 99% of resources are (app servers, internet access, etc.). So the actual traffic flow will b...
Thanks for this thread! I was running into the same question during a new deployment where I upgraded the PRSM/CX from 9.1 to 9.3 and they relaxed the licensing quite a bit. The documentation doesn't really mention it except for sneaking it in on p...
I'm having the same issue and have a few questions/comments. I can get root/admin access working via NPS/radius by justing telling NPS to send PI the NCS:role0=Root (or Admin) and NCS:virtual-domain0=ROOT-DOMAIN radius attributes. But I also have so...
Not sure if doing things in my mac broke things because of the different "new line" characters or what. But I redid everything on a Windows box (and made sure the virtual-domain0 line existed... I put it at the end) and things work fine now.
Thanks for the response ravsingh! Because the logical communication of EAP messages is between the EAP components on the EAP peer and the authentication server, the EAP authenticator does not need to support any specific EAP methods. Sure, I totally ...
Thanks for the response ravsingh! I think collection filters are an overkill for what I want. I don't want to prevent anything from being recorded in the database. I just want a "display filter" to limit what I see while I'm troubleshooting. For e...
