Hello,So, we have below requirement. We have firepower firewall and ciso ise version 3.1 on awsSetup a VPN profile for around 75 vendors. Each vendor will have its own access. I see currently following options1. Create single vpn connection profile o...
Hi,Hope you are doing well.Is it possible to create 2 different vpns on same ftd? say for example vpn1.xyz.com and vpn2.xyz.com. Each of the vpn will use its own dedicated outside interface on ftd like outside_vpn1 and outside_vpn2 and these interfac...
Hello Guys,I need a help is configuring posturing for mac os systems based on file condition. I didn t find any document for this. We already have posturing working fine for windows based system.The auto deployment of clients/ client provisioning mus...
Hi,Recently we deployed cisco firepower FMC and FTD and monitoring it via SolarWinds. We are unable to get the serial numbers on SolarWinds tool. When we list resources, we don't see hardware sensors. Please suggest what IODs are used for hardware se...
Hi, We know that Cisco supports anyconnect over SAML, but does OAuth also supported? If yes, how to confiurate it on cisco asa. I dont see any as such config document. Please need a quick response. Thanks in advance.
Hi @tvotna @Rob Ingram Assigning group policy attribute may work but i dont want to use that, as we have more than 50+ vendors and dont want to create so many group policies.
Hi @Rob Ingram Even I think it must work as FTD debug shows that it has received pool information from ISE but somehow it is not using it and vpn getting disconnected giving reason like - no ip to assign. IP pool object is there on firewall. Now log...
Thanks @tvotna for revert.Yes, you are correct user based access rules dont work for vpn if authentication is set as saml as described in https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa57876So, i was trying another option. Authentication SAML and...
Thanks @tvotna for the revert @Rob Ingram One more option i am evaluating since dACL wont enable us to add L7 features to control.I am trying following : Created realm with AD, created identity policy and added that to ACP. So I have ACP control base...
Thanks @Rob Ingram @tvotna The risk i see using dACL is, What is the limit for dynamic ACLs on firepower with a 6 cpu container? In the case of many users the number of DACLs on FTD will be more and there can be issues as the total number of ACEs wil...