Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Experts,
I'm looking for a way to have a condition in the profiling policy trigger when a certain attribute is missing.
For example, I would like the condition to trigger when dhcp-class-identifier is missing from the attribute cache.
The conditio...
Hi Experts,I recently had to use a RADIUS proxy configuration in ISE 2.3 and, much to my surprise, I found that the new Policy GUI hides the Authorization Policy altogether when we point the Authentication rule to RADIUS Proxy Sequence. I did enable ...
Hi Experts,Have a customer on ISE 2.1 Patch 2. We have a policy set that matches on Wireless_802.1x and Called_Station_ID ENDS WITH :XYZ.In the Default Policy Set, we disabled all the rules, so anyone hitting that set will be blocked.When users authe...
Hi Experts,I'm experimenting with new posture capabilities in Anyconnect 4.4MR3 and ISE 2.2P1.I followed the guides to define an application condition to match everything and then add it to a requirement and to the posture policy.I see the posture ki...
Hi Experts,I know that when a sponsor user maps to multiple sponsor groups access rights get merged from all the matching groups.However, I'm running into an issue with Self-Registration approval.I have one Sponsor Group that has privileges to approv...
Check option 3b here: https://www.cisco.com/c/en/us/td/docs/security/asa/misc/anyconnect-faq/anyconnect-faq.html#Cisco_Reference.dita_105eff1b-bc10-4a33-b5e8-4768031f3782.
GSLB is used to direct traffic to the VIP in each DC. Once we reach that DC, V...
Yes, all ASA's that are a part of VPN load balancing need to be on the same outside subnet. This is one of a few posts about VPN load balancing: https://integratingit.wordpress.com/2020/03/14/asa-vpn-load-balancing/
@jewfcb001, all solutions listed in my blog allow you to use a global URL. You would just need to pick which one makes the most sense in your environment. Realistically speaking, if you don't already utilize VPN Load balancing, the second solution wo...
@jewfcb001. It turned out that the local-base-url feature was added in 9.18.3, not the first release of 9.18.
Prior to that version, you have to define each ASA appliance as an application in Azure AD.
