Hi, In a company where only IKEv2 is configured to form an IPSec tunnel, Pentest Test Tool (Cisco_IKE_Benigncertain scan) gave a positive response on "x.x.x.x:500 IKE Response Leak". Question1: in this senario: what will happen when a Responder Rout...
Hello, I am migrating an IKEv2 tunnel from ASA to FTD. In the ASA config, this tunnel is using different pre-shared keys for local and remote authentication, like this: tunnel-group x.x.x.x. ipsec-attributespeer-id-validate nocheckikev2 remote-authen...
Hi there,I am setting up a new Firepower to be used solely for Remote Access VPN purpose. One interface pointing to the external network, and one interface toward inside network. All AnyConnect VPN traffic would be pointing to another internal fi...
I'm using Cisco AnyConnnect V4.8 as my VPN running Ubuntu 20.04 on my Dell latitude 5490 laptop. My VPN connects then disconnects every 5 minutes. Depending on the network sometimes the connection will stay longer periods of time when hardwired direc...
Hello,We just configured Azure SAML MFA for Anyconnect VPN Access and it works fine. We utilize access-lists based on Microsoft LDAP Group Membership. We're using LDAP authentication too. I'm not seeing our Azure MFA Access recognizing or utilizing t...
Hello, Is it possible to apply multiple group policies to anyconnect user via SAML group claim? We have similar setup like this one:https://www.cisco.com/c/en/us/support/docs/security/secure-client-5/221173-configure-dynamic-group-policy-assignmen.ht...
This error pops up once I click on the download secure mobility for Windows. Thank you for registering with Cisco.com. In order to consume software or services werequire your full address. Please follow this link to return to profile manager to comp...
Is it possible using Radius (with Active Directory groups) and vendor codes to assign a group-policy of unlimited-vpn to the same connection profile? I know it's possible to assign anyconnect dhcp pools based off AD group and vendor code. I have two ...
Hi,Just after some information or technical advice on this. I am trying to set up Cisco Secure Client (any connect) on a multi-context firewall in ASA mode but keep getting "Internal Server Error", when visiting the firewall's URL. After reading more...
I have a Cisco ASA 5506 configured with Easy VPN with primary and secondary servers for headend. I need to make the secondary headend a Fortigate via an ipsec vpn. On the Cisco ASA, other than the standard ipsec configuration, what other configuratio...
Hello, I'm wondering if someone else has encountered this problem, I have a Cisco 1100 series router running 17.12.4a. I need to configure an IPsec VTI with FQDN destination as the remote side is using dynamic DNS and subject to periodic IP change. M...
Hello,My question is:Can i run Cisco DUO service for Secure Client with radius NPS server on FDM? Or is FTD managed by FMC required?
I have set up an IPsec VPN tunnel. It worked fine at the beginning but then all of sudden the traffic stopped passing the tunnel, although the tunnel is still up. When I do show crypto ipsec sa peer X.X.X.X detail I can see "pkts no sa (send) 65" -...
Hello Team,I am preparing to upgrade our AnyConnect VPN running on a Catalyst 8000V router to Cisco Secure Client. However, while reviewing Cisco’s documentation, I couldn't find a configuration guide for setting it up on the router like anyconnect.I...
We have recently implemented the FTP VPN threat detections outlined in this post: https://www.reddit.com/r/Cisco/comments/1g6cqfp/psa_success_against_vpn_attacks/We seem to be having at least 1 remote-access-client-initiations shun daily for a legit ...
