collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Recent Posts

Pages: [1] 2 3 ... 10
1
Security / ISE - user does not have access when password expired
« Last post by mrimmune on February 19, 2020, 01:55:49 AM »
Hello team,
what maybe reason - I mean configuration , for behavior end user does not has access when password expired .. the user did not pay attention on popup in system tray.. only after machine restart gets notification to change password on windows login..
on ISE "enable change password" enabled and also on allowed protocols..

endpoint configuration:
Authentication mode - user or computer authentication
authentication :
method Microsoft PEAP
remember my credentials for this connection each time i'm logged on - UNCHECKED
fallback to unauthorized network access - UNCHECKED

thanks in advance
Michael
2
General Discussion / Re: Please add configurations for the LabMinutes Videos page.
« Last post by sec-guy on February 14, 2020, 06:39:24 AM »
please can you also share config for SWITCH 2... learning Cisco FlexVPN
3
Security / Re: ISE and Azure AD
« Last post by MC on October 14, 2019, 07:19:12 PM »
I am not familiar with Azure AD but if is nothing like Windows AD then you might need to try out LDAP.
4
General Discussion / SAD Videos
« Last post by alsoliman on October 08, 2019, 07:51:08 AM »
Hi Labminutes team;

I am planning to purchase the SDA Video kit . I am wondering about the LAB , if there's a LAB exist. and there's a lab documents available.

Thanks,
 
5
Security / Re: Problem: FLEXVPN with dVTI and assign ip address authomatic from hub
« Last post by Mikep on October 06, 2019, 06:06:20 PM »
You need to use the Route set interface command on the spokes. Not sure how it worked for Metha

On the spoke..

Code: You are not allowed to view links. Register or Login
aaa authorization network AUTHOR local
 !
 crypto ikev2 authorization policy FLEX_CONFIG
 route set interface
 !
 crypto ikev2 profile IKE_PROFILE
 aaa authorization group cert list AUTHOR FLEX_CONFIG
6
Security / ISE and Azure AD
« Last post by torkel on September 28, 2019, 06:05:17 PM »
Hi,

Does ISE support integration with Azure AD for 802.1x?

I'm finding very little information about integration with Azure AD.
7
Security / Wired BYOD error
« Last post by samyasa on September 24, 2019, 04:01:03 PM »
hi
i have ise 2.2 i made BYOD for Wired , i got the attached error if anyone can help, i made all the configuration step by step as the videos but i received below error when install the Network Setup Assistant to change the interface setting and install profile(LM_NSP_Wired) , i change the NSP (LM_NSP_Wired) profile setting from TLS to be PEAP the client install successful but when i chose TLS and CA internal certificate it give me attached error

"Secure access configuration for the 'Ethernet0' network failed"

SPW log

Wed Sep 25 19:04:44 2019] Logging started
[Wed Sep 25 19:04:44 2019] SPW Version: 2.2.0.52
[Wed Sep 25 19:04:44 2019] System locale is [en]
[Wed Sep 25 19:04:44 2019] Loading messages for english...
[Wed Sep 25 19:04:44 2019] Initializing profile
[Wed Sep 25 19:04:44 2019] SPW is running as High integrity Process - 12288
[Wed Sep 25 19:04:44 2019] GetProfilePath: searched path = C:\Users\TEST-PC\AppData\Local\Temp\ for file name = spwProfile.xml result: 0
[Wed Sep 25 19:04:44 2019] GetProfilePath: searched path = C:\Users\TEST-PC\AppData\Local\Temp\Low for file name = spwProfile.xml result: 0
[Wed Sep 25 19:04:46 2019] Profile xml not found Downloading profile configuration...
[Wed Sep 25 19:04:46 2019] Downloading profile configuration...
[Wed Sep 25 19:04:46 2019] Discovering ISE using default gateway
[Wed Sep 25 19:04:46 2019] Identifying wired and wireless network interfaces, total active interfaces: 1
[Wed Sep 25 19:04:46 2019] Network interface - mac:00-50-56-8B-01-4F, name: Ethernet0, type: unknown
[Wed Sep 25 19:04:46 2019] Identified default gateway: 150.1.7.230
[Wed Sep 25 19:04:46 2019] Identified default gateway: 150.1.7.230, mac address: 00-50-56-8B-01-4F
[Wed Sep 25 19:04:46 2019] DiscoverISE - start
[Wed Sep 25 19:04:46 2019] DiscoverISE input parameter : strUrl [http://150.1.7.230/auth/discovery]
[Wed Sep 25 19:04:46 2019] [HTTPConnection] CrackUrl: host = 150.1.7.230, path = /auth/discovery, user = , port = 80, scheme = 3, flags = 0
[Wed Sep 25 19:04:46 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:46 2019] Received redirect to location null
[Wed Sep 25 19:04:46 2019]  HTTP Response header: [HTTP/1.1 302 Page Moved

Location: You are not allowed to view links. Register or Login

Pragma: no-cache

Cache-Control: no-cache



] HTTP Content: []
[Wed Sep 25 19:04:46 2019] Discovered ISE - : [ISE01.tahaluf.com, sessionId: 0A0A08FE0000001A0C329774]
[Wed Sep 25 19:04:46 2019] DiscoverISE - end
[Wed Sep 25 19:04:46 2019] Successfully Discovered ISE: ISE01.tahaluf.com, session id: 0A0A08FE0000001A0C329774, macAddress: 00-50-56-8B-01-4F
[Wed Sep 25 19:04:46 2019] GetProfile - start
[Wed Sep 25 19:04:46 2019] [HTTPConnection] CrackUrl: host = ISE01.tahaluf.com, path = /auth/provisioning/evaluate?typeHint=SPWConfig&referrer=Windows&mac_address=00-50-56-8B-01-4F&spw_version=2.2.0.52&session=0A0A08FE0000001A0C329774&os=Windows All, user = , port = 8905, scheme = 4, flags = 8388608
[Wed Sep 25 19:04:46 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:57 2019] Warning - [HTTPConnection:RetrySendRequest] InternetOpen() failed with code: [12057], msg: [It was not possible to connect to the revocation server or a definitive response could not be obtained.

]
[Wed Sep 25 19:04:57 2019] [HTTPConnection] All CRL Checks are off
[Wed Sep 25 19:04:57 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:57 2019] Received redirect to location null
[Wed Sep 25 19:04:57 2019] [HTTPConnection] CrackUrl: host = ISE01.tahaluf.com, path = /auth/provisioning/download/2c45e5b5-357f-4c6b-87ce-421425bd6d66/LM_NSP_Wired.xml?sessionId=0A0A08FE0000001A0C329774&os=WINDOWS_10_ALL, user = , port = 8443, scheme = 4, flags = 8388608
[Wed Sep 25 19:04:57 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:57 2019] GetProfile - end
[Wed Sep 25 19:04:57 2019] Successfully retrieved profile xml
[Wed Sep 25 19:04:57 2019] using V2 xml version
[Wed Sep 25 19:04:57 2019] parsing wired connection setting
[Wed Sep 25 19:04:57 2019] Certificate template: [keytype:RSA, keysize:2048, subject:OU=IT;O=tahaluf;C=ue, SAN:MAC]
[Wed Sep 25 19:04:57 2019] set ChallengePwd
[Wed Sep 25 19:04:57 2019] Starting parsing proxy configuration
[Wed Sep 25 19:04:57 2019] ProxySettings key was not found in the configuration xml
[Wed Sep 25 19:04:57 2019] found redirect URL:
[Wed Sep 25 19:04:57 2019] Identifying wired and wireless network interfaces, total active interfaces: 1
[Wed Sep 25 19:04:57 2019] Network interface - mac:00-50-56-8B-01-4F, name: Ethernet0, type: unknown
[Wed Sep 25 19:04:57 2019] WirelessProfile::StartWLanSvc - Start
[Wed Sep 25 19:04:57 2019] Wlansvc service is in Auto mode ...
[Wed Sep 25 19:04:57 2019] Wlansvc is running in auto mode...
[Wed Sep 25 19:04:57 2019] WirelessProfile::StartWLanSvc - End
[Wed Sep 25 19:04:57 2019] Found
  • wireless interfaces ...
[Wed Sep 25 19:04:57 2019] Identifying wired and wireless interfaces...
[Wed Sep 25 19:04:57 2019] Found wired interface - [ name:Ethernet0, mac address:00-50-56-8B-01-4F]
[Wed Sep 25 19:04:57 2019] Wired interface [Ethernet0] will be configured...
[Wed Sep 25 19:04:57 2019] Host - [ name:TEST-PC1, mac addresses:00-50-56-8B-01-4F]
[Wed Sep 25 19:04:58 2019] ApplyProfile - Start...
[Wed Sep 25 19:04:58 2019] User Id: You are not allowed to view links. Register or Login, sessionid: 0A0A08FE000000130825B2ED, Mac: 00-50-56-8B-01-4F, profile: LM_NSP_Wired
[Wed Sep 25 19:04:58 2019] applying certificate for wired connection
[Wed Sep 25 19:04:58 2019] ApplyCert - Start...
[Wed Sep 25 19:04:58 2019] using ChallengePwd
[Wed Sep 25 19:04:58 2019] creating certificate with subject = You are not allowed to view links. Register or Login and subjectSuffix = OU=IT;O=tahaluf;C=ue
[Wed Sep 25 19:04:59 2019] Installed CA cert for authMode user - Failed, Error code:[1336]
[Wed Sep 25 19:04:59 2019] ApplyCert - End...
[Wed Sep 25 19:04:59 2019] number of wireless connections to configure: 0
[Wed Sep 25 19:04:59 2019] Configuring SSID proxies ...
[Wed Sep 25 19:04:59 2019] Failed to configure the device.
[Wed Sep 25 19:04:59 2019] ApplyProfile - End...
8
Routing and Switching / Re: SD-WAN use case (on behalf of Rica)
« Last post by Administrator on July 29, 2019, 08:27:23 PM »
DIA is covered under the NAT videos in SD-WAN (Advanced) video. SD-WAN requires sites to have common transport. In order for MPLS site to communicate with DIA site, the MPLS site must have a way to access internet either via MPLS or another hub site. Although it is possible, it is not recommended.
9
Routing and Switching / SD-WAN use case (on behalf of Rica)
« Last post by Administrator on July 29, 2019, 08:27:06 PM »
Hello, I have a question with regards to the implementation.. I don't believe I saw on your video about internet connectivity for network behind the vEdge routers. Basically, am trying to configure the vEdge so the devices behind will be able to still connect to the outside world. Second, is it possible to configure - for example - there are 3 locations, with 2 in an MPLS connection and 1 has a DIA to be able to be setup talk to each other? Please advise. Any information you can provide is greatly appreciated.

10
Routing and Switching / Re: SDWAN Demo License
« Last post by saz6710 on July 08, 2019, 10:42:15 AM »
Any idea how to fix the certificate issue with controllers. i tried to generate CSR and after certificates are issued by CA, i get UUID null error.

Any idea ?

Thanks
Pages: [1] 2 3 ... 10
SimplePortal 2.3.5 © 2008-2012, SimplePortal