About rick505d3

rick505d3 · 06-23-2022

Hi, I am setting up an ISE 3.1 cluster with dedicated PAN, MnT and PSN nodes for a customer. The certificate on ISE for Admin and EAP Authentication roles is signed by Corporate Issuing CA. The certificate contains the FQDN's of all the ISE nodes in ...

rick505d3 · 12-21-2021

Hi,This document has these restrictions on the use of IPSec profiles under tunnels - ref https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-share-ipsec-w-tun-protect.htmlThe tunnel source command on all tu...

rick505d3 · 11-24-2021

Hi,I have a VPN firewall (ASA) sending syslog to ISE (2.7 patch 6). ISE has Syslog Provider configured for passive identity feature. ISE is also configured with AD as PID provider using WMI. The VPN user testuser1 is an AD user account. When a user (...

rick505d3 · 06-29-2021

Hi,Configured an IOS device to send syslog severity debugging and above messages to Prime Infrastructure (3.9) which is acting as a syslog collector. logging trap debugging logging host 10.10.10.10 However, I only see 'Information' and above...

rick505d3 · 05-02-2021

Hi,In the network below, the objective is redundant reachability to prefix 1.1.1.1 (say public cloud hosting) routers csr2 and csr3 (internal network). In the order of operations, BGP was configured and verified first, followed by OSPF configuration....

rick505d3 · 12-21-2021

Thanks MHM. The Spoke won't allow "tunnel mode gre multipoint" because it currently has "tunnel destination 10.10.10.7" which tells it about the hub. spoke1(config-if)#tunnel mode gre multipoint Tunnel set mode failed. p2mp tunnels cannot have a tun...

rick505d3 · 12-21-2021

It a dual hub dual cloud design. Hub1 has Tun1 only with GRE Multipoint (tunnel mode gre multipoint). Hub2 has Tun2 only with similar config except different tunnel source IP, tunnel key, nhrp network-id and nhrp auth. Hub1 Tun1 config below: interfa...

rick505d3 · 12-21-2021

Thanks MHM, The Spoke end is in tunnel mode gre ip (default). The Hub needs to be gre multipoint to allow connecting all the spokes without requiring manual per spoke config on the hub. Is there another way? Also, on the spoke under both tunnels, the...

rick505d3 · 11-25-2021

Resolved it by disabling the "ISE Messaging Service". The Live Sessions are now getting displayed. It was enabled before, I think that is the default. The cert for the service is valid. It's a single ise node deployment. However, the status of this s...

rick505d3 · 06-30-2021

Debugs are enabled and debug logs show up on the router console as well as buffered (show logging). Packet capture on router interface facing Prime shows debug level syslog messages going out to udp 514. Prime GUI shows 'Information' and above level ...

Member Since	‎04-07-2013 05:14 AM
Date Last Visited	‎06-24-2022 12:06 AM
Posts	120
Total Helpful Votes Received	86

User Statistics

User Activity

ISE Certificate SAN

Separate IPSec Profiles for DMVPN Tunnel Protection

Passive Identity using Syslog Provider, no Live Sessions displayed

Prime Infrastructure 3.9 Syslog Severity Debug Messages

OSPF route preferred over BGP route

Re: Separate IPSec Profiles for DMVPN Tunnel Protection

Re: Separate IPSec Profiles for DMVPN Tunnel Protection

Re: Separate IPSec Profiles for DMVPN Tunnel Protection

Re: Passive Identity using Syslog Provider, no Live Sessions displayed

Re: Prime Infrastructure 3.9 Syslog Severity Debug Messages