collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Recent Posts

Pages: [1] 2 3 ... 10
1
Routing and Switching / Re: Cisco 3750 !!! WARNING: The switch is not usable !!!
« Last post by pinyowit on June 24, 2018, 07:46:41 PM »

Thank you for this answer.
2
Security / Avaya 802.1x Deployment
« Last post by robalvarado on June 05, 2018, 12:56:43 PM »
Hello Experts!

Has anyone had experience deploying dot1x to Avaya phones using Cisco ISE?  I have tried with horrible results...

I've opened tickets with Avaya and they insist EAP-TLS has been enabled on the client side however each time I look a the radius logs the client sends an EAP-NAK and doesnt' even want to acknowledge the EAP exchange. 

So my hope is that someone here has had experience and if they could share that knowledge for the greater good :)

Warm Regards,
-Rob
3
Security / Re: EAP Chaining
« Last post by MC on May 10, 2018, 09:44:35 PM »
Absolutely, AnyConnect NAM allows two different type of credential for user and machine. You just need to configure it accordingly with the profile editor.
4
Security / EAP Chaining
« Last post by aris on May 07, 2018, 01:49:56 AM »
Hello,

We are using Anyconnect with EAP Chaining for machine and user authentication but it seems we are hitting bug CSCuc13862 for Win8 and Win10. As we don't want to use the registry workaround the solution would be to use certificates.

As we want to keep Anyconnect, is it possible to use certifacates for machine authentication and credentials for user authentication?

Thank you.
5
I think that this question is very good.
6
Security / Re: SEC0257 (DVTI Part 2) - Virtual-Access interface routes not working
« Last post by MC on March 11, 2018, 09:06:31 PM »
The video uses ISR4K router running 16+ code so if you are using anything lower, you might have the issue. Some people have also reported the same. Some have suggested to put "crypto ikev2 authorization policy default" on the spoke side to force the hub to inject the route. Give it a try and see if that works.
7
Security / SEC0257 (DVTI Part 2) - Virtual-Access interface routes not working
« Last post by ChrisD777 on March 09, 2018, 05:16:32 AM »
Hi,
I have recreated the topology of the the FlexVPN series in my own lab (another great video series BTW!)
So far, everything has worked exactly as per the videos, but I have now hit a roadblock:
In SEC0257 (DVTI Part 2) I have configured R1 to assign Tunnel IP addresses from a local pool.
The Branch Routers get the negotiated IP address correctly, and both Tunnels (to BR1 and BR2) come up OK.
However, R1 does not get the auto-generated static routes to the Tunnel endpoints via the Virtual-Access interfaces.
This means I don't have reachability across the tunnels and am unable to set up BGP routing.

I am using IOL 15.4(2)T4 images on EVE-NG for my Routers, but swapped R1 to CSR1000V (IOS XE 03.17.00.S / 15.6(1)S ) to see if it would help (it didn't).

Any ideas?


R1#show ip route static
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 1.1.1.1
      172.16.0.0/16 is variably subnetted, 6 subnets, 4 masks
S        172.16.0.0/16 [1/0] via 172.16.1.1

R1#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       1.1.1.11        YES NVRAM  up                    up     
GigabitEthernet2       172.16.1.2      YES NVRAM  up                    up     
GigabitEthernet3       unassigned      YES NVRAM  administratively down down   
GigabitEthernet4       unassigned      YES NVRAM  administratively down down   
Loopback0              172.16.0.2      YES NVRAM  up                    up     
Loopback1              172.16.255.1    YES NVRAM  up                    up     
Virtual-Access1        172.16.255.1    YES unset  up                    up     
Virtual-Access2        172.16.255.1    YES unset  up                    up     
Virtual-Template1      172.16.255.1    YES unset  up                    down   


BR1#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                2.2.2.2         YES NVRAM  up                    up     
Ethernet0/1                172.17.1.1      YES NVRAM  up                    up     
Ethernet0/2                unassigned      YES NVRAM  administratively down down   
Ethernet0/3                unassigned      YES NVRAM  administratively down down   
Loopback0                  172.17.0.1      YES NVRAM  up                    up     
Tunnel1                    172.16.255.61   YES NVRAM  up                    up   
8
Security / Re: Cisco ASA DNS
« Last post by MC on February 28, 2018, 07:53:27 PM »
In that case, the ASA should have no influence on the TTL. You can try to turned off DNS inspection on the ASA too.
9
Security / Re: Cisco ASA DNS
« Last post by Pankz on February 28, 2018, 03:47:17 AM »
Thanks MC for reverting.

No, the user PC is configured with our internal DNS servers.
10
Security / Re: Cisco ASA DNS
« Last post by MC on February 26, 2018, 09:51:47 PM »
Does your user have the ASA as the DNS server? If so, can you point it to another internal or public DNS server?
Pages: [1] 2 3 ... 10
SimplePortal 2.3.5 © 2008-2012, SimplePortal