collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Recent Posts

Pages: [1] 2 3 ... 10
1
Routing and Switching / Re: SDA DNAC Lab on behalf of Gregory D
« Last post by MC on February 06, 2024, 07:56:10 PM »
Cisco now offers Catalyst Center VM on ESXi but it has limited availability so check with your account manager. You can try to install a VM on your own using the official ISO but you will need to have comparable hardware resources and result is not guaranteed.
2
Routing and Switching / Re: Regarding Labs setup of your course videos on behalf of Gaurav
« Last post by MC on February 06, 2024, 07:51:48 PM »
It depends on which video series you are referring to. All lab videos were created with actual hardware but you may be able to rebuild them in a system like GNS3 or EVE-NG although it won't exactly match what are in the labs.
3
Routing and Switching / SDA DNAC Lab on behalf of Gregory D
« Last post by Administrator on February 06, 2024, 07:45:02 AM »
I want to be able to mock up your SDAccess/DNAC videos in my home lab, looks like you used a physical appliance. Have you done anything with DNAC on ESXi? Iv'e seen a few videos on it but not sure, if you have any experience would you mind sharing? Thanks,
4
I really liked your videos , Great content, How to practice the labs you have setup in the course videos ? please help and guide
5
So are you doing client cert auth or SAML auth or both using secondary authentication? When you enroll a cert on FTD, it forces you to install CA cert anyway, so unless client cert is signed by a different CA, you do not need to import it again.
6
I determined that using the ISE Computer/User auto-enrollment cert methodology, my domain computers authenticate with Duo SSO/SAML 2.0 no problem. Non-domain computers have the issue.  Upon visiting sslshopper, entering vpn.domain.com the certification path requires an Intermediate CA/Sub CA for this to work.  I'm building the Sub CA to satisfy this requirement.  It looks like the non-domain computers require both the Root CA certificate imported into the Local Computer > Trusted Root Certification Authority and the Identity certificate is imported into Personal > Certificates which was completed, however, in the FMC, the process was to take the contents of the Root CA paste into the Manual certificate textbox and then generate a CSR from the FMC, which I thought would remove the need to import the Root CA.  I'm not sure if you have any thoughts on that.  I'll let you know the results after installing the Sub CA.
7
If I understand correctly, you are trying to do client cert auth on a VPN but because the machine is not domain computer, it does not have a cert and you are trying to generate a cert separately and import it to the computer but then it fails authentication. Is that correct? Have you done any debug on the FTD to see why authentication fails? Also, client cert should be installed under Personal > Cert folder and not Trusted Root Cert. May be AnyConnect client couldn't locate the cert?
8
I generated an Enterprise CA on my domain (secops), and I'm trying to generate an identity cert for a client network so we can use Duo with FMC/FTD. Everything is working from "MY" domain joined computer (following the Microsoft/ISE export/CSR process), I have my ACC-ROOT-CA, pasted the contents into the FTD > Add Cert Enrollment > CA Certificate|Manual page, generated CSR, took the contents and back to the CA server to sign the cert, getting the .cer with my client's certificate information (O=IT, etc). My client gets an authentication server failed and so do I from any non-domain joined computer. How do we create a cert such that any computer with that cert stored in the Trusted Root Cert Authority can pass authentication? Once that is resolved, it will all work b/t Duo SSO and RAVPN with FTD!
Pages: [1] 2 3 ... 10
SimplePortal 2.3.7 © 2008-2024, SimplePortal