Activity in Security
Resolved! ESA Communicating with Cisco Umbrella
Hi all. Recently, we noticed our ESA is communicating with Cisco Umbrella via TCP port 443.Based on our information, we are not using Cisco Umbrella services in our environment.Thus, we are wondering why. Is our ESA required to communicate with Cisco...
Questions about cisco ise and anyconnect
안녕하세요. 저는 LAB에서 ASA AnyConnect와 ISE를 구성하려고 합니다.ASDM의 aaa-server 그룹에서 테스트 기능을 사용하면 ISE에 기록되고 성공으로 표시됩니다. 그러나 VMPC에서 AnyConnect를 사용하여 로그인을 시도하면 ISE에 도달하지 못하고 로그에 다음과 같이 표시됩니다. 113015 AAA 사용자 인증 거부됨: 이유 = 사용자를 찾을 수 없음: 로컬 데이터베이스: 사용자 = *****: 사용자 IP = 1...
Cisco ISE sshd encryption-algorithm choices & OpenSSH
Hi,In the following Cisco ISE guide it is stated the four encryption-algorithm options supported for the sshd service are: aes128-cbc, aes256-cbc, aes128-ctr, aes128-ctr. However, I read somewhere Cisco ISE's ssh functionality is based on the OpenSSH...
ISE Posture support for Sangfor
Dear All,I have a question, i have unsupported product in AM ISE "Sangfor EDR client endpoint version 6.0.2EN". and i have open discussion in past you can see from this link "https://community.cisco.com/t5/network-access-control/ise-posturing-produc...
Resolved! One way tunnel establishment
I am working on establishing a site-to-site VPN connection with an XE router. I am only able to establish the tunnel when sourcing traffic from the router's end. After clearing the SA and initiating traffic from the inside interface (utilizing an IP ...
How to create additional tunnel groups for RAVPN on FTD
I was unable to use the migration tool so had to configure manually. Now I am in a situation where I only have one tunnel group showing on the anyconnect drop down as seen below.I should have three other tunnel groups showing here. How do I configure...
ISE, upgrade vs reformat?
So, in the 2.0 days it was usually recommended to reformat and restore a backup vs trying to upgrade as it seemed to fail 50% of the time. So, I just wanted to see if that is still what people do, or has it been fixed enough that if we try to go from...
FTD physcial interface not recieving packets but sub interface is
Can see packets on sub ints as expect FTD is reporting an error as no packets on physical how to turn this off?
ISE guest user can still access network after deleted from ISE databas
Hi All We use ISE 3.3.0We noticed a bit of odd behaviour with guest network access.Scenario:Guest user is created on ISE and is connected to network. Once user is deleted from ISE database, he is still able to browse internet, as user delete is not d...
ISE guest user self reset password
Hi,I have a problem with the visualization of the portal page where the guest user can self-reset its password, Cisco ISE 3.1 patch 9.In the effective portal, I don't see the Username field required to reset the password.This is the preview in the se...
ISE renew Root Certificate with the same private key
Hello all,We renewed our windows internal root ca server certificate using the same public key and we want to renew our ISE root certificate as well.For the certificate import into ISE server we go to the menu Administration > System> Certificates > ...
DNAC to ISE Integration - SSH
We've having some debate internally around when DNAC needs to log into ISE via SSH. In our environment ISE and DNAC are owned by 2 different teams thus we want to limit who knows what credential. What happened was because we learned that the SSH cr...
ISE renew Root Certificate
Hi all, We need to renew internal root certificate. When i try to import the new root certificate, it gives an alert “A certificate with the the same private key has already been imported. In some situations, it may be necessary to import a duplicate...
GRE tunnel is down, but the IPsec is up
Hello All,We have a Crypto map under the physical interface and a GRE tunnel over this IPsec,we have two tunnels, one is up and the second is down (protocol down), the setup is the same,can anyone have ideas?thanks
Cisco FPR1150 can not ping outside intrface from outside network
Hello, I have installed cisco FPR 1150 managed by FMC. i enabled allow ICMP protocol through Platform Policy, i can not ping my outside interface from outside network. Does anybody have same problem. Version is 7.2.4 Thnaks.
| User | Helpful Count |
|---|---|
| 58 | |
| 52 | |
| 46 | |
| 45 | |
| 29 |
