Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,Please assist me on one of the issues I am facing when performing Source NAT on FTD's IPsec VTI tunnel. Is this supported or am I missing something that needs to be addressed before NAT? Our goal is to achieve load-balancing of inter-region tra...
Hello, Can anyone help/share their experience and solution on the 3650 switches management interface. It is much simple configuration without altering anything. Configured with IP address in mngt vrf and IP address is reachable from NMS (Network mana...
Hello All, Can someone please help me with SNMPV3 configuration (CISCO ISE 2.4 Patch 10). It is not working for PSN node but same configuration is working fine for PAN, which is kind of puzzle to me and my team for not working from our NMS tool. Belo...
Hello, We have some strange behaviour with ISE 2.4 : in our infrastructure we have enabled dynamic VLAN matching to VLAN name for the assignment of IP.. Authentication - Dot1X --> Authorization - MAC matching --> Result is Dynamic VLAN with IP assi...
Hello, Do we have any options in cisco ISE to identify, which certificates has been used by endpoint to get authenticated.Is there anyways in pulling report based on above mentioned statement. CISCO ISE 2.4 patch 10 Thanks and regards Afeez Mali
Hello MHM,In multiple scenarios, I have used S2S vpn with PBR based IPsec, and I have been able to achieve NAT, but unable to achieve full mesh connectivity when I was trying to build IPsec ACLs (same SRC and DST) with both firewalls. Is the IPsec su...
Thanks MHM..In any case, I will try the Workaround, since I am experiencing another drawback with the crypto termination interface and real time traffic is within the same security zone.. I will let you know the outcome after I touch production infra...
Thanks MHM..I'm using NAT for the first time for traffic traversing through IPSec tunnels on firewalls, since packet encrypt/decrypt on firewalls' VTI interfaces may not recognize NAT configurations, in addition, the VTI interface changes its IP addr...
Hello, May be it is late but useful. Before proceeding with the upgrade to Cisco IOS Release 15.5(1)SY4, see Secure Field Programmable Gate Array and Performing FPGA Upgrade for complete information about the change in FPGA auto-upgrade procedure an...
Hello Rich, Sorry, got busy with other project work.. Luckily, my operation team reached me once before switch got live. CDP neighbour-ship is lost on Management port and via management port, we have routing enabled for management only and we can't r...
