Cisco IOS Route-Based VPN with IKEv1 PSK GREoIPsec and EIGRP

Posted in technicalLeave a comment

This article will look at a basic configuration for a route-based VPN between two Cisco IOS routers, using IKEv1 and IPsec for tunnel protection, and EIGRP for dynamic route advertisements based on the above topology. Workflow: Verify basic routing and reachabilityCreate and configure: LAN networksTunnel interfaceEIGRP processVerify basic GRE tunnel status and reachabilityCreate and configure:…… Continue reading Cisco IOS Route-Based VPN with IKEv1 PSK GREoIPsec and EIGRP

Basic AnyConnect on Azure-hosted Meraki vMX

Posted in technicalLeave a comment

In this article, we’ll take a look at deploying a Meraki Virtual MX (vMX) in Microsoft Azure, and enabling a basic AnyConnect configuration on it for remote access VPN. This configuration includes a couple of specific steps required on the Azure side in order to properly allow inbound Anyconnect traffic to the vMX. Additional configurations…… Continue reading Basic AnyConnect on Azure-hosted Meraki vMX

Duo MFA for the ISE Admin GUI

Posted in technicalLeave a comment

So, you’ve adopted ISE: 802.1x everywhere, maybe some CTS/SDA, posture for remote VPN endpoints, even dabbling with Threat-Centric NAC and some pxGrid integrations – life is good! The network feels secure, you’ve got lots of visibility and control. SASE and ZTA feel like attainable goals. Then, it hits you: you’ve put MFA in front of…… Continue reading Duo MFA for the ISE Admin GUI

Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth

Posted in technicalLeave a comment

One of the foundational steps when configuring your Network Access Devices (NADs) in ISE is adding the NADs to relevant Network Device Groups (NDGs); NDGs allow you to create a descriptive and hierarchical attribute tree which you can apply to your NADs in order to streamline context visibility, reporting, Policy Set/rule match conditions, or simply…… Continue reading Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth

Shutting down the WebVPN Portal on FTD with FlexConfig

Posted in technicalLeave a comment

The Cisco ASA and FTD have a nice usability feature for client software distribution when running AnyConnect: by default, you can leverage the ASA/FTD itself as the AnyConnect software repository for your end-users. Navigating in a browser to your RAVPN URL will bring up the WebVPN login screen, which allows the end-user to authenticate and…… Continue reading Shutting down the WebVPN Portal on FTD with FlexConfig

AnyConnect (FTD), PKCS12, and OpenSSL

Posted in technicalLeave a comment

The time has arrived: you’ve been tasked to install an SSL certificate for your AnyConnect configuration running on an FMC-managed FTD. You have a pre-issued certificate – an existing wildcard, perhaps – in PKCS12 format. You also have the issuer CA chain so you can import it for trust so the wildcard ID cert will be accepted. …… Continue reading AnyConnect (FTD), PKCS12, and OpenSSL

ISE, Active Directory, and Adblock

Posted in technicalLeave a comment

So you’re deploying Cisco Identity Services Engine (ISE) and say to yourself “hey, you know what would be great? If we joined ISE to our Microsoft Active Directory domain.” Great idea! ISE’s ability to tie into different types of external identity sources, including multiple AD domains, is one of its many great features. Naturally, you…… Continue reading ISE, Active Directory, and Adblock