Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
It is highly impractical to upload a new IdP certificate -- especially if the IdP uses a common cert across multiple applications. Is this the correct mitigation advice?
A general question for this community as I troubleshoot connection behavior...
I'm observing it takes 15-20 seconds for AnyConnect to resume an IKEv2 connection when there is an interface change. This interval occurs regardless of whether AnyConne...
Has anyone here successfully enabled Cisco Directory Connector (DC) avatar syncing where the avatar is stored in Sharepoint? The Cisco documentation is very limited for this functionality.
I am attempting to pull photo data from Sharepoint, but a ...
I'm having a perplexing problem with certificate/AAA authentication on High Sierra. AnyConnect chooses the correct certificate, but appears to have problem accessing the private key. Sometimes. If I delete the ~/.anyconnect file and force quit Any...
Has anyone attempted the docker generation of the hybrid data security iso? We have an active instance of pro-pack.I am able to get all the way through the docker setup, until the last step, iso download. The console shows the following:GET /login....
This is highly impractical considering the general SAML standard is to use the same IdP certificate across multiple SPs. This is bad if Cisco is saying the resolution is to rotate the IdP cert.Unless I'm misunderstanding their resolution.
If possible, I would try lowering the MTU on your wireless interface. It is likely the default of 1500. Trying lowering (requires admin access) to 1460.
Try the 4.7 clients. See if those show the same error. If so, then a DART log is necessary.If you dont have DART, as root you can run:log show --predicate 'subsystem contains "com.cisco.anyconnect.vpn"' --debug --info --last 2d > log.txtThe resulting...
With the DAP you can place an ACL on their traffic, which would get you the restrictions you're after -- If I'm fully understanding your requirements. The problem is, it requires an on-demand request from the user for access. Something like: "This ...
