Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
I am setting up an ISE 3.1 cluster with dedicated PAN, MnT and PSN nodes for a customer. The certificate on ISE for Admin and EAP Authentication roles is signed by Corporate Issuing CA. The certificate contains the FQDN's of all the ISE nodes in ...
Hi,This document has these restrictions on the use of IPSec profiles under tunnels - ref https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-share-ipsec-w-tun-protect.htmlThe tunnel source command on all tu...
Hi,I have a VPN firewall (ASA) sending syslog to ISE (2.7 patch 6). ISE has Syslog Provider configured for passive identity feature. ISE is also configured with AD as PID provider using WMI. The VPN user testuser1 is an AD user account. When a user (...
Hi,Configured an IOS device to send syslog severity debugging and above messages to Prime Infrastructure (3.9) which is acting as a syslog collector. logging trap debugging
logging host 10.10.10.10
However, I only see 'Information' and above...
Hi,In the network below, the objective is redundant reachability to prefix 1.1.1.1 (say public cloud hosting) routers csr2 and csr3 (internal network). In the order of operations, BGP was configured and verified first, followed by OSPF configuration....
Thanks MHM. The Spoke won't allow "tunnel mode gre multipoint" because it currently has "tunnel destination 10.10.10.7" which tells it about the hub. spoke1(config-if)#tunnel mode gre multipoint
Tunnel set mode failed. p2mp tunnels cannot have a tun...
It a dual hub dual cloud design. Hub1 has Tun1 only with GRE Multipoint (tunnel mode gre multipoint). Hub2 has Tun2 only with similar config except different tunnel source IP, tunnel key, nhrp network-id and nhrp auth. Hub1 Tun1 config below: interfa...
Thanks MHM, The Spoke end is in tunnel mode gre ip (default). The Hub needs to be gre multipoint to allow connecting all the spokes without requiring manual per spoke config on the hub. Is there another way? Also, on the spoke under both tunnels, the...
Resolved it by disabling the "ISE Messaging Service". The Live Sessions are now getting displayed. It was enabled before, I think that is the default. The cert for the service is valid. It's a single ise node deployment. However, the status of this s...
Debugs are enabled and debug logs show up on the router console as well as buffered (show logging). Packet capture on router interface facing Prime shows debug level syslog messages going out to udp 514. Prime GUI shows 'Information' and above level ...
