Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am running ISE 2.4 in my lab. Trying to configure the Self Registration Guest Portal in interface g1 using a certificate issued by internal Windows CA with CN=guest portal url. When connecting client to guest network, redirection policies are worki...
Per the bug ID that @andrewswanson mentioned, it is recommended to disable the NMAP OS scan for apple devices. I had to do this in my ISE 2.4 P9 environment for a different issue, and Apple devices on my wireless network still get profiled properly ...
Based on your scenario, there are two organizations using non RFC 1918 address space, that they don't own, as their internal address space. In my experience, this is extremely unlikely to happen, and as such I don't have an answer to your question. ...
What I have seen in production environments is leaving the SYSOPT in place and restricting traffic using VPN Filter lists. https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html
You may have found this already, but it seems like you're hitting this bug: ASA IKEv2:L2L tunnel failing with IN-NEGOTIATION SA LIMIT REACHEDCSCug95008 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCug95008
