Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Ricky S
07-17-2019
Stats
Member since
03-23-2012
170
Posts
10
Helpful
1
Solution
Created by
Ricky S
in Policy and Access
in Policy and Access
12-05-2018
12:22 PM
12-05-2018
12:22 PM
Hi Rahul, we are trying to do exactly what you explained in your post. We have a newly deployed ISE appliance for which I need to use our domain's wildcard certificate. We have exported the certificates from another server as a .pfx file.
When I go into ISE (2.4) and try to import the cert, it's asking for a certificate file and a private key file.
I already have a .pfx file. I can't figure out how to split it into a public and private key using OpenSSL as you suggested.
Can you help me?
... View more
Created by
Ricky S
in VPN and AnyConnect
in VPN and AnyConnect
11-12-2018
01:05 PM
11-12-2018
01:05 PM
Hi David, we already have that option checked via the GUI and via .xml profile. group-policy GroupPolicy_AnyconnectChicago attributes wins-server none dns-server value x.x.x.x vpn-simultaneous-logins 3 vpn-session-timeout 720 vpn-tunnel-protocol ssl-client group-lock value AnyconnectChicago split-tunnel-policy tunnelspecified split-tunnel-network-list value anyconnect_ace default-domain value acme.com split-tunnel-all-dns enable ! ! access-list anyconnect_ace line 1 standard permit 10.0.0.0 255.0.0.0 (hitcnt=0) 0xd39774f7 access-list anyconnect_ace line 2 standard permit 172.16.0.0 255.240.0.0 (hitcnt=0) 0x9b1240cf access-list anyconnect_ace line 3 standard permit 192.168.0.0 255.255.0.0 (hitcnt=0) 0xe546a0f4
... View more
Created by
Ricky S
in VPN and AnyConnect
in VPN and AnyConnect
11-12-2018
10:48 AM
11-12-2018
10:48 AM
Our Remote Access VPN configuration is setup to allow split-tunnelling to the Internet from the client machine. Cisco Anyconnect Secure Mobility Client encrypts all RFC1918 networks and tunnels them. While all other traffic (email, casual browsing etc.) is sent unencrypted. However due to this setup, our clients are not able to print to their local printers. I understand this is because of the above mentioned configuration which tunnels all RFC1918 networks (which also include local LAN networks) to the ASA. Is there a workaround we can use while still utilizing split-tunnelling where all internet based traffic splits right from the client’s local LAN and all corporate traffic is tunnelled?
... View more
Labels:
Created by
Ricky S
in Cisco Bug Discussions
in Cisco Bug Discussions
11-12-2018
10:42 AM
11-12-2018
10:42 AM
For all those that may come across similar issue in future, patching the ASA to 9.8.2.38 fixed this issue for me. I am now able to load up Profile editor without any issues.
Cheers!
... View more
Created by
Ricky S
in Cisco Bug Discussions
in Cisco Bug Discussions
09-25-2018
10:23 AM
09-25-2018
10:23 AM
Also just want to add that the workaround suggested on the Bug page about running ASDM in Java only no longer applies. Since March of this year Firefox has disabled support for Java Webstart, Chrome done away with it last year I believe. IE doesn't work either. So we are pretty much dead in water.
... View more
Created by
Ricky S
in Cisco Bug Discussions
in Cisco Bug Discussions
09-25-2018
08:30 AM
09-25-2018
08:30 AM
I can't be the only one in the world with this issue. Wondering if anyone else is running into this issue and how are you working around it. I followed all suggestions by Cisco's bug tool but neither works for me. I tested on several PCs all running a mix of operating systems (including one with Kali Linux) but keep running into this issue.
... View more
Labels:
06-04-2014
12:29 PM
No don't be sorry, I'm just glad I'm not totally crazy. So far what cmartyn_10 said seems to make most sense so let's go with that theory unless someone thinks otherwise.
... View more
06-01-2014
07:34 PM
Hi Jonathan, Switch A is a cisco WS-C2960S-48FPS-L In order to make my issue easy to understand, I had to simplify the topology. In actuality, this is how it's all hooked up. SWITCHB(3524) is plugged into Gi1/0/45 on SWITCHA (2960). SwitchA is then plugged into SWITCHC (3750) which then has a trunk uplink to the core switch (4500). I have all the requested configs shown below. SWITCHA#sh cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID Switch Gig 1/0/45 169 T S WS-C3524- Fas 0/24 SWITCHC Gig 1/0/1 159 R S I WS-C3750G Gig 3/0/12 ! ! SWITCHA# sh run int gi1/0/45 interface GigabitEthernet1/0/45 description Uplink to Infr.Lab Switch switchport access vlan 12 switchport mode access switchport nonegotiate srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone spanning-tree portfast service-policy input AutoQoS-Police-CiscoPhone ! ! SWITCHA# sh run int gi1/0/1 interface GigabitEthernet1/0/1 switchport trunk native vlan 12 switchport trunk allowed vlan 1,12,13,222,900 switchport mode trunk srr-queue bandwidth share 1 30 35 5 queue-set 2 priority-queue out mls qos trust dscp ! ! SWITCHA#sh dtp Global DTP information Sending DTP Hello packets every 30 seconds Dynamic Trunk timeout is 300 seconds 15 interfaces using DTP ! SWITCHA#sh dtp interface gigabitEthernet 1/0/45 DTP information for GigabitEthernet1/0/45: TOS/TAS/TNS: ACCESS/OFF/ACCESS TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q Neighbor address 1: 000000000000 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): never/STOPPED Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S1:OFF # times multi & trunk 0 Enabled: no In STP: no Statistics ---------- 0 packets received (0 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 0 packets output (0 good) 0 native, 0 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 0 link ups 157 link downs, last link down on Sat May 28 1994, 19:17:37 ! ! SWITCHA#sh dtp interface gigabitEthernet 1/0/1 DTP information for GigabitEthernet1/0/1: TOS/TAS/TNS: TRUNK/ON/TRUNK TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q Neighbor address 1: 00146A8FFF8C Neighbor address 2: 000000000000 Hello timer expiration (sec/state): 11/RUNNING Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S6:TRUNK # times multi & trunk 0 Enabled: yes In STP: no Statistics ---------- 79479 packets received (79479 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 79329 packets output (79329 good) 79329 native, 0 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 4 link ups, last link up on Sat May 07 1994, 12:56:23 3 link downs, last link down on Sat May 07 1994, 12:53:01 ! ! ! ! ! ! ! ! ! ! ! !!!!!!!!!!!!!!!!!!!!!!!! ! SWITCHC#sh cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID SWITCHA Gig 3/0/12 155 S I WS-C2960S Gig 1/0/1 CORE Gig 1/0/27 141 R S I WS-C4506- Gig 2/5 ! ! SWITCHC# sh run int gi3/0/12 interface GigabitEthernet3/0/12 description PcAndPhone switchport trunk encapsulation dot1q switchport trunk native vlan 12 switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust device cisco-phone mls qos trust dscp auto qos voip cisco-phone spanning-tree portfast end SWITCHC# sh run int gig1/0/27 interface GigabitEthernet1/0/27 switchport trunk encapsulation dot1q switchport trunk native vlan 12 switchport mode trunk end ! ! SWITCHC#sh int trunk Port Mode Encapsulation Status Native vlan Gi1/0/10 on 802.1q trunking 1 Gi1/0/27 on 802.1q trunking 12 Gi3/0/12 on 802.1q trunking 12 Gi3/0/21 on 802.1q trunking 1 Port Vlans allowed on trunk Gi1/0/10 1-4094 Gi1/0/27 1-4094 Gi3/0/12 1-4094 Gi3/0/21 1-4094 Port Vlans allowed and active in management domain Gi1/0/10 1,12-13,100,222-224,900 Gi1/0/27 1,12-13,100,222-224,900 Gi3/0/12 1,12-13,100,222-224,900 Gi3/0/21 1,12-13,100,222-224,900 Port Vlans in spanning tree forwarding state and not pruned Gi1/0/10 1,12-13,100,222-224,900 Gi1/0/27 1,12-13,100,222-224,900 Gi3/0/12 1,12-13,100,222-224,900 Gi3/0/21 1,12-13,100,222-224,900 ! ! SWITCHC#sh dtp Global DTP information Sending DTP Hello packets every 30 seconds Dynamic Trunk timeout is 300 seconds 83 interfaces using DTP ! SWITCHC#sh dtp interface gi1/0/27 DTP information for GigabitEthernet1/0/27: TOS/TAS/TNS: TRUNK/ON/TRUNK TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q Neighbor address 1: 000000000000 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): 13/RUNNING Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S6:TRUNK # times multi & trunk 0 Enabled: yes In STP: no Statistics ---------- 0 packets received (0 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 79489 packets output (79489 good) 79489 native, 0 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups, last link up on Sun Feb 28 1993, 19:02:03 0 link downs SWITCHC#sh dtp interface gi3/0/12 DTP information for GigabitEthernet3/0/12: TOS/TAS/TNS: TRUNK/ON/TRUNK TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q Neighbor address 1: 2C36F882E581 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): 28/RUNNING Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S6:TRUNK # times multi & trunk 0 Enabled: yes In STP: no Statistics ---------- 79338 packets received (79338 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 79489 packets output (79489 good) 79489 native, 0 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups, last link up on Sun Feb 28 1993, 19:02:05 0 link downs ! ! ! ! ! ! ! ! ! !! !!!!!!!!!!!!!!!!!!! CORE#sh run int gigabitEthernet 2/5 Building configuration... Current configuration : 239 bytes ! interface GigabitEthernet2/5 switchport trunk encapsulation dot1q switchport trunk native vlan 12 switchport trunk allowed vlan 1-998,1000-4094 switchport mode trunk switchport nonegotiate end ! ! CORE#sh int trunk Port Mode Encapsulation Status Native vlan Gi2/4 on 802.1q trunking 1 Gi2/5 on 802.1q trunking 12 Gi3/33 on 802.1q trunking 1 Gi3/34 on 802.1q trunking 1 Gi4/1 on 802.1q trunking 1 Gi4/2 on 802.1q trunking 1 Gi4/3 on 802.1q trunking 2 Gi4/4 on 802.1q trunking 2 Gi4/5 on 802.1q trunking 2 Gi4/6 on 802.1q trunking 2 Gi4/8 on 802.1q trunking 1 Gi4/11 on 802.1q trunking 1 Gi5/1 on 802.1q trunking 1 Gi5/2 on 802.1q trunking 1 Gi5/3 on 802.1q trunking 2 Gi5/4 on 802.1q trunking 2 Gi5/5 on 802.1q trunking 2 Gi5/6 on 802.1q trunking 2 Gi5/13 on 802.1q trunking 1 Po2 on 802.1q trunking 999 Po3 on 802.1q trunking 999 Port Vlans allowed on trunk Gi2/4 1-998,1000-4094 Gi2/5 1-998,1000-4094 Gi3/33 1,12-13 Gi3/34 1,12-13 Gi4/1 80,83,86,89,812,816,819,822 Gi4/2 80,83,86,89,812,816,819,822 Gi4/3 80,83,86,89,812,816,819,822 Gi4/4 80,83,86,89,812,816,819,822 Gi4/5 80,83,86,89,812,816,819,822 Gi4/6 80,83,86,89,812,816,819,822 Gi4/8 1,12-13 Gi4/11 1,12-13 Gi5/1 80,83,86,89,812,816,819,822 Gi5/2 80,83,86,89,812,816,819,822 Gi5/3 80,83,86,89,812,816,819,822 Gi5/4 80,83,86,89,812,816,819,822 Gi5/5 80,83,86,89,812,816,819,822 Gi5/6 80,83,86,89,812,816,819,822 Gi5/13 12-13 Po2 1,12-13,23,100,222-223,900 Po3 1,8-9,12-13,23,100,222-223,900,999 Port Vlans allowed and active in management domain Gi2/4 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901 Gi2/5 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901 Gi3/33 1,12-13 Gi3/34 1,12-13 Gi4/1 80,83,86,89,812,816,819,822 Gi4/2 80,83,86,89,812,816,819,822 Gi4/3 80,83,86,89,812,816,819,822 Gi4/4 80,83,86,89,812,816,819,822 Gi4/5 80,83,86,89,812,816,819,822 Gi4/6 80,83,86,89,812,816,819,822 Gi4/8 1,12-13 Gi4/11 1,12-13 Gi5/1 80,83,86,89,812,816,819,822 Gi5/2 80,83,86,89,812,816,819,822 Gi5/3 80,83,86,89,812,816,819,822 Gi5/4 80,83,86,89,812,816,819,822 Gi5/5 80,83,86,89,812,816,819,822 Gi5/6 80,83,86,89,812,816,819,822 Gi5/13 12-13 Po2 1,12-13,100,222-223,900 Po3 1,8-9,12-13,100,222-223,900,999 Port Vlans in spanning tree forwarding state and not pruned Gi2/4 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901 Gi2/5 1-2,8-9,12-13,16,60,80,83,86,89,100,222-224,231,812,816,819,822,900-901 Gi3/33 1,12-13 Gi3/34 1,12-13 Gi4/1 80,83,86,89,812,816,819,822 Gi4/2 80,83,86,89,812,816,819,822 Gi4/3 80,83,86,89,812,816,819,822 Gi4/4 80,83,86,89,812,816,819,822 Gi4/5 80,83,86,89,812,816,819,822 Gi4/6 80,83,86,89,812,816,819,822 Gi4/8 1,12-13 Gi4/11 1,12-13 Gi5/1 80,83,86,89,812,816,819,822 Gi5/2 80,83,86,89,812,816,819,822 Gi5/3 80,83,86,89,812,816,819,822 Gi5/4 80,83,86,89,812,816,819,822 Gi5/5 80,83,86,89,812,816,819,822 Gi5/6 80,83,86,89,812,816,819,822 Gi5/13 12-13 Po2 1,12-13,100,222-223,900 Po3 1,8-9,12-13,100,222-223,900,999
... View more
05-30-2014
12:59 PM
Hello Jonathan, thanks for the reply. This is how it's actually hooked up. Catalyst 4500 (core) -----TRUNK---SwitchA---SwitchB Core switch also has the domain controller (DHCP server) plugged in. Switch A has switchport mode access command. Switch B is fresh out of the box and I don't have remote connectivity to it currently since it's only used to hook some lab servers up. (Even though I should configure a management IP.) VLAN1 - IP Range = 172.18.1.0/24 Vlan12 - IP Range = 172.18.12.0/24 interface Vlan1 description Server VLAN ip address 172.18.1.192 255.255.255.0 ip helper-address 172.18.1.13 ip helper-address 172.18.1.12 no ip redirects end ! interface Vlan12 ip address 172.18.12.192 255.255.255.0 ip helper-address 172.18.1.13 ip helper-address 172.18.1.12 ! ! SWITCHA#sh int trunk Port Mode Encapsulation Status Native vlan Gi1/0/1 on 802.1q trunking 12 Port Vlans allowed on trunk Gi1/0/1 1,12-13,222,900 Port Vlans allowed and active in management domain Gi1/0/1 1,12-13,222,900 Port Vlans in spanning tree forwarding state and not pruned Gi1/0/1 1,12-13,222,900 ! SWITCHA#sh cdp nei Device ID Local Intrfce Holdtme Capability Platform Port ID SwitchB FE0/1 126 T S WS-C3524- FE0/1 Core_Switch Gig 1/0/1 157 R S I WS-C3750G Gig 3/0/12
... View more
05-27-2014
11:47 AM
Guys, thanks for your replies. But I'm still feeling lost and this concept is still foggy. I must say I am VERY embarrassed considering I've been doing this a for a while now. I already know the access ports don't tag frames. I'm just wondering why the DHCP server would assign an IP address on VLAN1 instead of VLAN12?
... View more
Created by
Ricky S
in Policy and Access
12-05-2018
12-05-2018
Hi Rahul, we are trying to do exactly what you explained in your post.
We have a newly deployed ISE ...
11-21-2018
Good morning, is there a way to reset the ISE appliance 3595 back where
it asks to type "setup" to b...
Created by
Ricky S
in VPN and AnyConnect
11-12-2018
11-12-2018
Hi David, we already have that option checked via the GUI and via .xml
profile. group-policy GroupPo...
Created by
Ricky S
in VPN and AnyConnect
11-12-2018
11-12-2018
Our Remote Access VPN configuration is setup to allow split-tunnelling
to the Internet from the clie...
11-12-2018
For all those that may come across similar issue in future, patching the
ASA to 9.8.2.38 fixed this ...
09-25-2018
Also just want to add that the workaround suggested on the Bug page
about running ASDM in Java only ...
09-25-2018
I can't be the only one in the world with this issue. Wondering if
anyone else is running into this ...
06-04-2014
No don't be sorry, I'm just glad I'm not totally crazy.So far what
cmartyn_10 said seems to make mos...
06-01-2014
Hi Jonathan, Switch A is a cisco WS-C2960S-48FPS-LIn order to make my
issue easy to understand, I ha...
Public Statistics
| Date Registered | 03-23-2012 08:22 AM |
| Date Last Visited | 07-17-2019 07:44 AM |
| Total Messages Posted | 170 |
| Total Helpful Votes Received | 10 |
Helpful Votes Given To
| User | Helpful Count |
|---|---|
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 |
.jpg "VIP Advisor"){kind=icon}
.jpg "Hall of Fame Community Legend"){kind=icon}
