Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,
I'm struggling to implement DTLS on Catalyst.
So far, I've got my DTLS certificate on ISE, and the configuration on switch is good enough to start sending DTLS to ISE. I can see in the packet capture that switch is trusting ISE :
ISE to NAD ...
Hello,
I'm working on a POC around posture, and we are using ISE for that.
Basically we would like to have a dedicated subnet for non-compliant endpoints, another one for compliant endpoints.
Now, when secure client connects the VPN, ISE sends the g...
Hello,
I'm trying to implement Posture using Secure Client module in latest version. As there is no automatic remediation to force the update of our anti-malware solution, I wanted to test a power shell script.
So I created a .ps1, signed with a co...
Hello,
I'm looking for a way to have Anyconnect (NAM) detects classical hotspot captive portals from a corporate endpoint that has Proxy settings pushed by GPO.
So basically users go remote, and sometimes they are located in airports or in hotels, wh...
Hello,I'm running 3.0 and since version 2.4, each time I perform a maintenance (either an upgrade, a patch, or a reboot), I loose the functionality offered by sponsor and guest portal certificates.They are still present in the configuration at the ri...
I finally found a way to make it work!
Actually the error message I could see with the debug crypto pki "%PKI-3-KEY_CMP_MISMATCH: Key in the certificate and stored key does not match for Trustpoint" is always present, and does not mean there is an is...
Here is my config :
crypto pki trustpoint MMEenrollment terminalusage ssl-clientsubject-name CN=myswitch.local.domainsubject-alt-name myswitch.local.domainrevocation-check crleckeypair MME-keyhash sha512!
running the debug crypto pki I found that up...
Hello @MHM Cisco World,
yes sending group policy is ok during authentication/authorization phase.
I confirm ACL and SGT work with COA.
Sending another group policy is just not working with COA as @Rob Ingram mentioned.
So the fingerprint of the PSN admin certificate + code-signing certificate are present in the AnyconnectLocalPolicy.xml.
I've no reason to doubt the signature block: my laptop policy is set to AllSigned and I'm able to execute the script from the lap...
