Hi, I have ASA5540 with 1000 SSL-VPN License, then I would like upgrade from 1000 to 2000. Which part I have to add between L-ASA-SSL-1000= L-ASA-SSL-1K-2500= ASA5500-SSL-1000= Thanks, Pongsatorn
... View more
Hi Marco, I got the same issue as you, my Virtual Prime and Virtual MSE cannot integrate together. How can you integrate without any issue ? I try to make a new and fresh install on both Prime and MSE but no luck on the integration. Thanks, Pongsatorn
... View more
Hi Scott, I decide to install a new Virtual MSE then after complete setup the initial wizard. This error appears, when I check on the CLI of MSE, this message appears, Does anyone can solve these issues ? Need to resolve this since it gonna be on production soon. Thanks, Pongsatorn
... View more
Hi, I cannot integrate Virtual MSE 7.3.101 with my Prime Infrastructure 1.2 After I setup MSE via its wizard, I make a change on WCS username and password. When I try to integrate MSE with Prime Infrastructure, Prime notify me about the mismatch username/password. Both systems are fresh install on my UCS C220 M3. Does anyone has the same issue as me ? Thanks, Pongsatorn Maneesud
... View more
Hi Greg, Can you explain more about your deployment ? Can you expalin more about the Active Directory Infrastructure in your site ? What happen when you open your command-line and type "netdom query fsmo" ? However, this is my working solution for me I using this command below to fix my issue. "application configuration ise" Then I select option 3 to make a static Active Directory setting Parameter Name: dns.servers --> not change to anything you think before just type "dns.servers" Parameter Value: 1.2.3.4 --> Point to your AD IP address Then select option 5 after that option 4 Hope this help Regards, Pongsatorn
... View more
Hi jrabinow, Which details you would like to see ? Here is some infos. ISEs are deployed in 2 domains such as "acme.com" and "sub.acme.com" Each domain does not make a trusted relationship so these 2 domains cannot communicate between them. Each domain has owned Enterprise Root CA (Microsoft) Client who need to access the network need to authenticate with EAP-TLS. My environment My ISE node joined into domain "acme.com" User will be " name1@acme.com " Once the user from " name2@sub.acme.com " try to authenticate, I would like to forward the RADIUS request from ISEs (acme.com) to other ISEs (sub.acme.com) After ISEs in "sub.acme.com" return RADIUS-ACCEPT then ISEs in "acme.com" will process an authorization policy. Regards, Pongsatorn
... View more
Hi All, I would like to authenticate client by using External RADIUS. Once I create authentication policy using the new compound condition (wireless dot1x + Radius Username Matches "domainB\") I would like to forward the user authentication who make an authen using domainB\username to the External RADIUS Server Sequence. But when I check on the authentication dashboard, it still authenticate using the default authentication rule. Please suggest about this scenario. Regards, Sent from Cisco Technical Support Android App
... View more
Hi, Site and subnet is set. it still not working. But I fixes it already using CLI reference guide. "application configure ise" ISE should describe more integration requirements about this. :( Sent from Cisco Technical Support Android App
... View more
Hi jw 1. I'm join by GUI. 2. 4 Nodes in my deployment 2 for Admin with Monitoring 2 for Policy Service 3. Now I split ISE to Standalone node and try to join AD 4. I just see this CMD in the CLI document and do nothing with this command. 5. I run a Details Test then Its fail but it able to join Domain in my domain infrastructure, I have 4 Sites contain many subnets inside. Each site contains 2 Server for GC service DNS record found: _ldap._tcp.xxxx Found SRV records : more than 10 SRV records Thanks, Pongsatorn M.
... View more
Hi all, When I make the ActiveDirectory integration with Cisco ISE, I have complete with this integration. but when I try to read the Groups from Active Directory, ISE shows the message "Could not read groups data: Global catalog not found". My Domain has multiple sites and subnets, each contains GC for local logon. I have set ISE to the correct site and subnet. Forward and Reverse DNS are working with no error. Does anyone get this problem, please help. I have check into the ISE CLI Reference Guide 1.1.x You are about to configure Active Directory settings.
Are you sure you want to proceed? y/n [n]: y
Parameter Name: dns.servers
Parameter Value: 10.77.122.135
Active Directory internal setting modification should only be performed if approved by ISE
support. Please confirm this change has been approved y/n [n]: y
What shoud I set in the Parameter Name ? dns.servers or my dns hostname ? Please suggest for this too. Thanks and Regards, Pongsatorn M.
... View more