Hi, I have noted recently that ISE allows to create two overlapped NAD objects in terms of IP. Does anyone have an idea how the matching process looks like then? In our company /24 object had preference causing issues. I am wondering if this is anywh...
Hey All, It seems Cisco made decision to go with FTD as only image for NGFW. Is anyone here who alrady implemented FTD across company (not pilot, not single firwall) ?
Hi, Actually our problem started when we had "IP range" object containing two IPs "80.80.80.8-9/32". It had been never matched despite the there were only one overlapped "80.80.80.0/24" IP address object. Then i asked this question why longer matche...
OK. I think concept is as follow.Lets assume there are 4 NAD objects as follow:TEST.IP1 = 80.80.80.0/24 (Type IP address)TEST.IP2 = 80.80.80.30/32 (Type IP address)TEST.IP3 = 80.80.80.16/32 (Type IP address)TEST.IP4 = 80.80.80.8-9/32 (Type IP range)M...
Hi All, I can confirm. The same issue on 2.4 Patch10. After opening case at Cisco TAC they confirm the problem: CSCvs05437: ISE 2.4p10 Conditional CoA ignored due to duplicate CoA upon EndPoint Identity Group change:https://bst.cloudapps.cisco.com/bu...
Hey Pablo, Thanks for answer.What about VPN functionalities. Both S2S VPN and AnyConnect Remote Access (group polices, Dynamic Access Polices, XML profiles)?