Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,
I have a new ask that is pretty straight forward: Right now, anyone with a valid account can download and connect to VPN using AnyConnect. We would like to restrict this to only allow corporate imaged assets connecting. This might be both W...
Hi All,
I am wondering a couple of specific things around AnyConnect client profiles. Current setup is: ASA 5545-X, 9.2(4)18, AnyConnect 4.4.00243. So, all very new. I would like to know specifically:
1) When does the AnyConnect client download a ne...
Hi, We use a particular solution for authentication and multi-factor which is a RADIUS agent. Authentication and all those parts work fine, but unfortunately there is a limitation in the RADIUS agent we deploy that doesn't allow Active Directory grou...
Hi Folks,Quick and hopefully easy question. Do VPN cryptomap (ACL) counters only increment upon first sight of "interesting" traffic, and then once an SA is established, no longer increment until the next re-key? Compare this to normal cisco access l...
Thank you, thats very helpful. We actually have both of those, currently. Right now we distribute certificates to clients to facilitate wireless auth (802.1x), so its possible we could leverage that.
Additionally, the way we currently do auth on An...
Basically you should be good to go once RRM is out of startup mode. Once that is complete, channels should be pretty much set and they wont change until your next RRM run. We have the RRM interval set at once an hour.
Generally you'll want to manually run RRM the night before you have clients arrive. So you stand up all 400 AP's, and then on your WLC you'll want to run:
config 802.11a channel global restart
config 802.11b channel global restart
This is recomme...
Where have you heard that 8.3.143 is the last release in that train? https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html does not indicate that. I'm trying to plan future upgrades an...
