collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Recent Posts

Pages: 1 ... 3 4 [5] 6 7 ... 10
41
Security / FTD Multicast
« Last post by samyasa on January 06, 2021, 02:48:36 AM »
Hi
kindly I need to know how the FTD cluster will handle Multicast traffic?
if we have an example to be flow in the configuration

we have a cluster of 6 modules X 2 9300 chasses

thanks
42
Security / Re: Wired BYOD error
« Last post by JarvisDashiell on December 15, 2020, 02:06:56 AM »
 ;D ;D
43
Security / EAP Chaining failing on Reauthentication (Port Bounce)
« Last post by yagneshchouhan on August 18, 2020, 01:52:07 PM »
Hello Friends,

I am trying to solve a problem here with EAP Chaining. I have configured Machine authentication via Cert and User Authentication via MSCHAPv2. Created Authorization profiles for Machine and User and then Attached that to respective Policy for Machine Auth and User Auth.

Everything works as expected on the when the computer boots up and join the network for the first time. It hits the right Machine Authentication policy followed by right User Authentication.

Here is the problem, if the port is bounced or if user disconnects and reconnects to the network, Authorization will fail. I am using PACs and not sure why this would happen.

Any suggestions or help folks ??
44
Security / ISE - user does not have access when password expired
« Last post by mrimmune on February 19, 2020, 01:55:49 AM »
Hello team,
what maybe reason - I mean configuration , for behavior end user does not has access when password expired .. the user did not pay attention on popup in system tray.. only after machine restart gets notification to change password on windows login..
on ISE "enable change password" enabled and also on allowed protocols..

endpoint configuration:
Authentication mode - user or computer authentication
authentication :
method Microsoft PEAP
remember my credentials for this connection each time i'm logged on - UNCHECKED
fallback to unauthorized network access - UNCHECKED

thanks in advance
Michael
45
General Discussion / Re: Please add configurations for the LabMinutes Videos page.
« Last post by sec-guy on February 14, 2020, 06:39:24 AM »
please can you also share config for SWITCH 2... learning Cisco FlexVPN
46
Security / Re: ISE and Azure AD
« Last post by MC on October 14, 2019, 07:19:12 PM »
I am not familiar with Azure AD but if is nothing like Windows AD then you might need to try out LDAP.
47
General Discussion / SAD Videos
« Last post by alsoliman on October 08, 2019, 07:51:08 AM »
Hi Labminutes team;

I am planning to purchase the SDA Video kit . I am wondering about the LAB , if there's a LAB exist. and there's a lab documents available.

Thanks,
 
48
Security / Re: Problem: FLEXVPN with dVTI and assign ip address authomatic from hub
« Last post by Mikep on October 06, 2019, 06:06:20 PM »
You need to use the Route set interface command on the spokes. Not sure how it worked for Metha

On the spoke..

Code: You are not allowed to view links. Register or Login
aaa authorization network AUTHOR local
 !
 crypto ikev2 authorization policy FLEX_CONFIG
 route set interface
 !
 crypto ikev2 profile IKE_PROFILE
 aaa authorization group cert list AUTHOR FLEX_CONFIG
49
Security / ISE and Azure AD
« Last post by torkel on September 28, 2019, 06:05:17 PM »
Hi,

Does ISE support integration with Azure AD for 802.1x?

I'm finding very little information about integration with Azure AD.
50
Security / Wired BYOD error
« Last post by samyasa on September 24, 2019, 04:01:03 PM »
hi
i have ise 2.2 i made BYOD for Wired , i got the attached error if anyone can help, i made all the configuration step by step as the videos but i received below error when install the Network Setup Assistant to change the interface setting and install profile(LM_NSP_Wired) , i change the NSP (LM_NSP_Wired) profile setting from TLS to be PEAP the client install successful but when i chose TLS and CA internal certificate it give me attached error

"Secure access configuration for the 'Ethernet0' network failed"

SPW log

Wed Sep 25 19:04:44 2019] Logging started
[Wed Sep 25 19:04:44 2019] SPW Version: 2.2.0.52
[Wed Sep 25 19:04:44 2019] System locale is [en]
[Wed Sep 25 19:04:44 2019] Loading messages for english...
[Wed Sep 25 19:04:44 2019] Initializing profile
[Wed Sep 25 19:04:44 2019] SPW is running as High integrity Process - 12288
[Wed Sep 25 19:04:44 2019] GetProfilePath: searched path = C:\Users\TEST-PC\AppData\Local\Temp\ for file name = spwProfile.xml result: 0
[Wed Sep 25 19:04:44 2019] GetProfilePath: searched path = C:\Users\TEST-PC\AppData\Local\Temp\Low for file name = spwProfile.xml result: 0
[Wed Sep 25 19:04:46 2019] Profile xml not found Downloading profile configuration...
[Wed Sep 25 19:04:46 2019] Downloading profile configuration...
[Wed Sep 25 19:04:46 2019] Discovering ISE using default gateway
[Wed Sep 25 19:04:46 2019] Identifying wired and wireless network interfaces, total active interfaces: 1
[Wed Sep 25 19:04:46 2019] Network interface - mac:00-50-56-8B-01-4F, name: Ethernet0, type: unknown
[Wed Sep 25 19:04:46 2019] Identified default gateway: 150.1.7.230
[Wed Sep 25 19:04:46 2019] Identified default gateway: 150.1.7.230, mac address: 00-50-56-8B-01-4F
[Wed Sep 25 19:04:46 2019] DiscoverISE - start
[Wed Sep 25 19:04:46 2019] DiscoverISE input parameter : strUrl [http://150.1.7.230/auth/discovery]
[Wed Sep 25 19:04:46 2019] [HTTPConnection] CrackUrl: host = 150.1.7.230, path = /auth/discovery, user = , port = 80, scheme = 3, flags = 0
[Wed Sep 25 19:04:46 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:46 2019] Received redirect to location null
[Wed Sep 25 19:04:46 2019]  HTTP Response header: [HTTP/1.1 302 Page Moved

Location: You are not allowed to view links. Register or Login

Pragma: no-cache

Cache-Control: no-cache



] HTTP Content: []
[Wed Sep 25 19:04:46 2019] Discovered ISE - : [ISE01.tahaluf.com, sessionId: 0A0A08FE0000001A0C329774]
[Wed Sep 25 19:04:46 2019] DiscoverISE - end
[Wed Sep 25 19:04:46 2019] Successfully Discovered ISE: ISE01.tahaluf.com, session id: 0A0A08FE0000001A0C329774, macAddress: 00-50-56-8B-01-4F
[Wed Sep 25 19:04:46 2019] GetProfile - start
[Wed Sep 25 19:04:46 2019] [HTTPConnection] CrackUrl: host = ISE01.tahaluf.com, path = /auth/provisioning/evaluate?typeHint=SPWConfig&referrer=Windows&mac_address=00-50-56-8B-01-4F&spw_version=2.2.0.52&session=0A0A08FE0000001A0C329774&os=Windows All, user = , port = 8905, scheme = 4, flags = 8388608
[Wed Sep 25 19:04:46 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:57 2019] Warning - [HTTPConnection:RetrySendRequest] InternetOpen() failed with code: [12057], msg: [It was not possible to connect to the revocation server or a definitive response could not be obtained.

]
[Wed Sep 25 19:04:57 2019] [HTTPConnection] All CRL Checks are off
[Wed Sep 25 19:04:57 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:57 2019] Received redirect to location null
[Wed Sep 25 19:04:57 2019] [HTTPConnection] CrackUrl: host = ISE01.tahaluf.com, path = /auth/provisioning/download/2c45e5b5-357f-4c6b-87ce-421425bd6d66/LM_NSP_Wired.xml?sessionId=0A0A08FE0000001A0C329774&os=WINDOWS_10_ALL, user = , port = 8443, scheme = 4, flags = 8388608
[Wed Sep 25 19:04:57 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
 headerLength = 12 data =  dataLength = 0
[Wed Sep 25 19:04:57 2019] GetProfile - end
[Wed Sep 25 19:04:57 2019] Successfully retrieved profile xml
[Wed Sep 25 19:04:57 2019] using V2 xml version
[Wed Sep 25 19:04:57 2019] parsing wired connection setting
[Wed Sep 25 19:04:57 2019] Certificate template: [keytype:RSA, keysize:2048, subject:OU=IT;O=tahaluf;C=ue, SAN:MAC]
[Wed Sep 25 19:04:57 2019] set ChallengePwd
[Wed Sep 25 19:04:57 2019] Starting parsing proxy configuration
[Wed Sep 25 19:04:57 2019] ProxySettings key was not found in the configuration xml
[Wed Sep 25 19:04:57 2019] found redirect URL:
[Wed Sep 25 19:04:57 2019] Identifying wired and wireless network interfaces, total active interfaces: 1
[Wed Sep 25 19:04:57 2019] Network interface - mac:00-50-56-8B-01-4F, name: Ethernet0, type: unknown
[Wed Sep 25 19:04:57 2019] WirelessProfile::StartWLanSvc - Start
[Wed Sep 25 19:04:57 2019] Wlansvc service is in Auto mode ...
[Wed Sep 25 19:04:57 2019] Wlansvc is running in auto mode...
[Wed Sep 25 19:04:57 2019] WirelessProfile::StartWLanSvc - End
[Wed Sep 25 19:04:57 2019] Found
  • wireless interfaces ...
[Wed Sep 25 19:04:57 2019] Identifying wired and wireless interfaces...
[Wed Sep 25 19:04:57 2019] Found wired interface - [ name:Ethernet0, mac address:00-50-56-8B-01-4F]
[Wed Sep 25 19:04:57 2019] Wired interface [Ethernet0] will be configured...
[Wed Sep 25 19:04:57 2019] Host - [ name:TEST-PC1, mac addresses:00-50-56-8B-01-4F]
[Wed Sep 25 19:04:58 2019] ApplyProfile - Start...
[Wed Sep 25 19:04:58 2019] User Id: wbyod@tahaluf.com, sessionid: 0A0A08FE000000130825B2ED, Mac: 00-50-56-8B-01-4F, profile: LM_NSP_Wired
[Wed Sep 25 19:04:58 2019] applying certificate for wired connection
[Wed Sep 25 19:04:58 2019] ApplyCert - Start...
[Wed Sep 25 19:04:58 2019] using ChallengePwd
[Wed Sep 25 19:04:58 2019] creating certificate with subject = wbyod@tahaluf.com and subjectSuffix = OU=IT;O=tahaluf;C=ue
[Wed Sep 25 19:04:59 2019] Installed CA cert for authMode user - Failed, Error code:[1336]
[Wed Sep 25 19:04:59 2019] ApplyCert - End...
[Wed Sep 25 19:04:59 2019] number of wireless connections to configure: 0
[Wed Sep 25 19:04:59 2019] Configuring SSID proxies ...
[Wed Sep 25 19:04:59 2019] Failed to configure the device.
[Wed Sep 25 19:04:59 2019] ApplyProfile - End...
Pages: 1 ... 3 4 [5] 6 7 ... 10
SimplePortal 2.3.7 © 2008-2024, SimplePortal