Good morning, we're currently in the process of deploying NAC on all our Wired ethernet ports. So far the process is going smoothly albeit we are having to leave some ports in open authentication state to allow for imaging of new computers by our en...
Hi everyone, need some advice. Recently upgraded IOS-XE to version 16.12.x (Gibraltor) and it removed my enable secret which was using level 5 encryption. Looks like this version of IOS-XE doesn't support level 5 secrets and removes all credentials t...
Hi all, here is a simplified version of a network I am designing. I have a single multilayer switch, connected to a router. Switch points to the router for it's default route. On the router I have a static route that points back to the switch for...
Good evening, from a firewall perspective, which interface does the ASA consider an Anyconnect VPN client coming in on? Here is the situation, I have allowed restricted access from INSIDE to our DMZ based on source and destination IP addresses. ...
Hi all, we have a unique one. There is an army engineering website https://nab.usace.army.mil that some of our users need to access however since we use Umbrella, they are not able to get to it. When performing NSLOOKUP against Umbrella, the abo...
@DannyDulinWhat's rather strange is that the dACL I am sending is simply permit ip any any and even then the issue occurs.Are you also using hostscan? We are using hostscan and as per TAC hostscan and CoA don't work together due to a bug.**Message f...
@DannyDulinAs part of the Authorization profile, do you use a dACL or another option? Sorry for all these questions. I've had a lot of issues with pushing dACLs as part of the Authorization policy from ISE to the VPN session on the ASA. Everything ...
@DannyDulinVery interesting and I am glad you found the answer. So just for my own clarification, you are doing two Authentications (i.e. SAML which is integrated with Azure MFA + ISE). ISE also does Authorization as it normally would. Or are you ...
@DannyDulin Under Configuration > Remote Access VPN > Network (client) access > Secure Client Connection Profiles, edit one of the tunnel groups. Then under Advanced, select General and it should be the 2nd check box.
@DannyDulin I believe we have on prem which also syncs with Azure AD. I am not 100% sure as it's a different team that manages AD. Yes @domain.com refers to our AD domain.