Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Ok here's a strange one I'd like assistance on if you've seen this...We use the dynamic exclusion split tunnel custom attribute so that users, once connected to AnyConnect SSL VPN, can get to a handful of websites using their own internet like Zoom a...
I'm having a weird issue with DACLS for users that VPN in and belong to specific AD groups: Ultimately I have a DACL that I want assigned to users with a certain AD group membership when they hit our ASA via SSL VPN. My tunnel group uses ISE for aut...
Hello I'm running ISE 2.4 and I'm trying to get NAC via dot1x/radius working. I have a NX-OS 9K switch in my network devices with correct radius key. I also have a default policy set to accept dotx wired users and allow them to do anything. On the...
Is there a way to tie a user's client certificate (EAP-TLS authentication) to one endpoint? I'm looking to authenticate based on clients having the proper certificate but don't want them to be able to take that certificate, install it on another dev...
For my own clarification, if the AnyConnect client sends DNS queries to the DNS server (internal) assigned to the VPN group policy, at what point would it check the local DNS records above? Wouldn't that only be if it failed to hear from the interna...
Split-DNS seems like a good step though again, I'm hesitant to perform a global change over one user. Is there a more direct way to do this? tunnel-all-dns I'm not a fan of for similar reasons but moreso the fact that there's no fallback i.e. if ASA...
This would have to be enabled the group policy level no? Gonna be a hard sell on enabling a setting for everyone to help one person. Also, would that defeat the purpose of split tunnel by having a corporate DNS server respond to what should be an e...
Thanks everyone. Figured out my own problem. Turns out the dacl I was sending was over restrictive! Once I made some additions to the permissions things work great!
