Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi
Its my understanding from previous machine tunnel configurations on ASAs/FTDs, that the machine tunnel XML profile name needs to be 'VpnMgmtTunProfile'. However, when I download the machine tunnel XML from Secure Access the file name is 'machine-t...
Hi, when configuring the AMP Enabler profile, can the Mac Installer URL point directly to the SE portal?
i.e. using the URL provided under Management > Deployment > Download Connector - selecting required Group, then copying the URL displayed under t...
Hi, I have the Anyconnect management tunnel feature configured on FMC/FTD which is working as expected:
- Mgmt tunnel establishes before user logins into Windows
- After Windows login, mgmt tunnel remains up, but disconnects when the user tunnel is e...
Hi I'm seeing an % Authorization failed error when I try to access my switch via the console port.I want to separate my VTY and console access -vty to use TACACS - this is workingconsole to use local database I have the following config in place: aa...
Hi, we have a 2 node ISE deployment with authentication requests going to ISE1. This is configured for multiple different connection types and all works as expected. However, when I test the PSN failover by removing ISE1 from the network I have issue...
Hi MHM
Thanks for your reply.
In the 'Cisco Secure Client Administrator Guide' is shows an example of the machine tunnel configuration on an ASA and states the following:
You can deploy only one management VPN profile to a given client device. The ma...
I thought that would be the case, but just wanted to double check that my understanding was correct and I wasn't missing anything.
I appreciate you both taking the time to reply.
Thanks
Hi MarvinThanks for your reply.Each node has its own certificate issued by the CA hierarchy with its FQDN in the CN, the SAN option is not being used.The identity certificate on both nodes have the EAP service associated and both have the correct CA ...
Thanks for your reply Rahul.
We had already tested the ASA posture / registry key option which worked fine.
My customer asked the question, so I just wanted to make sure I wasn't missing an option that could be used.
Kind Regards
Terry
Hi Marvin
Thanks for your reply.
I don't have console logging enabled on the ASA's.
When I look at the Terminal Server lines connected to the ASA's I am seeing noise and overruns, however, I am also seeing these on other lines that are working ok....
