Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am facing a very frustrating issue with newly imaged machines. Even when they have all the GPOs when connecting to wired or wireless the redirection to ISE does not happen. Proved this with a wireshark capture. They get redirected only when on VPN,...
We have a 9800 wlc in our environment. When a user joins an SSID broadcast by an AP joined to the 9800 they get a warning about not trusted certificate. The certificate is the self signed wlc cert. I am not exactly clear on who is presenting this cer...
After upgrading my 9800-CL to 17.3.3 PIV auth via GUI doesn't work. I can log in via CLI using the PIV card. This is my config ip http secure-serverip http secure-trustpoint HTTPip http secure-peer-verify-trustpoint HTTPip http secure-piv-based-auth ...
I need to purchase a standard certificate from Digicert for Cisco ASA. I need to use the public IP in the certificate CN because that's the requirement for the other peer. We don't own the IPs and Digicert needs us to validate the domain by placing a...
We use Mcafee Web Gateway and use wccp to redirect 80 and 443 traffic. Wccp is configured in our core, its a Layer2 rewrite. I am looking to move this config to the ASA. We don't modify the redirection list during work hours, because one time this ca...
I was able to solve it somewhat differently. I upgraded to 17.5.5 and installed my CA certificates and the APs weren't able to join the wlc. The app that was causing the warning was outlook. During posturing the email client was trying to get out on ...
Thank you for the reply, The authz profiles are all the same except for specific configurations to support VPN, wired and wireless. Wireless uses airspace-acl, VPN dacl is different than wired/wireless.Yes, there are separate policies that support al...
Thank you, I configured the call home list and its still not working. I'm not in front of the machine to check the content of the ISEPostureCFG file.By looking at the auth details in the switch the applied URL is correct. From my capture the machine ...
Thanks, TAC seems lost lol. They need me to recreate it and get captures which I will do in my next visit in the office.I was trying to replace the self-signed cert with a 3rd party one but then the AP won't join if you're using LSC certificates. Acc...
Yes, I am using the NAC feature. I'm using tunneled PEAP, the wlc is the authenticator. No local authentication involved.I am using flexconnect so if I understand correctly my traffic doesn't go through the controller, only the AP.Same ISE/radius con...
