Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have this challenge where customer has two separate domains, ISE has been added to both of them and importing users etc from both domains works fine. ISE version is 2.0.0.306.
Both domains have separate Windows CA servers, how does this work with ...
We are going to use the Anyconnect ISE Compliance module to run posture on clients. However we do not want to use the HTTPS Client Provisioning portal to distribute the client. It will be deployed during image installation or LAN software deployment....
I am working on a project where i need to create VPN site-to-site tunnels between an IOS Router and multiple ASA firewalls. This is very easy to do between ASAs but I am struggling a bit to get this to work as easily between IOS and ASA, and DMVPN is...
We have a working configuration where a Cisco 1921 router NAT overload the inside networks. it uses a standard Accesslist. Now i need to create a vpn tunnel and need to exempt some traffic. I therefore have to use an extended access-list for this. Bu...
Customer currently has a Cisco 5500 WLAN controller at one of our datacenters. They want to add a WLAN controller as redundancy at their local site which shall be used as a secondary failover controller. This site is reachable over VPN. Which redunda...
Got the exactly the same issue here in a new solution with version 2.2.0.470-Patch1.The client just starts reassesment and stays in a posturing state, nothing happens on ISE or switch tough so it seems like a client issue.
Thanks for answering, but this is quite not what I am looking for. I already have this up and running in my ISE lab. What the customer want to deploy Anyconnect and the compliance software from Group Policies so that users do not have to enter this w...
using route-map worked ! Thanks a lot for the suggestion. My final config ended up looking like this:
ip nat inside source route-map NONAT interface GigabitEthernet0/0 overload
route-map NONAT permit 10 match ip address 110 access-list 110 remark NA...
I tried just now to change it to numbered but it did not work, but thanks for answering. Seems that for some reason it only registers when using a Standard access list. When I swap back to a standard access list it starts working right away. I will p...
I also have this problem now, when you guys say a different server, do you mean a linux box that has the curl command? Because running this from another ISE server does not work at all.
