One of the foundational steps when configuring your Network Access Devices (NADs) in ISE is adding the NADs to relevant Network Device Groups (NDGs); NDGs allow you to create a descriptive and hierarchical attribute tree which you can apply to your NADs in order to streamline context visibility, reporting, Policy Set/rule match conditions, or simply…… Continue reading Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth
Category: technical
Shutting down the WebVPN Portal on FTD with FlexConfig
The Cisco ASA and FTD have a nice usability feature for client software distribution when running AnyConnect: by default, you can leverage the ASA/FTD itself as the AnyConnect software repository for your end-users. Navigating in a browser to your RAVPN URL will bring up the WebVPN login screen, which allows the end-user to authenticate and…… Continue reading Shutting down the WebVPN Portal on FTD with FlexConfig
AnyConnect (FTD), PKCS12, and OpenSSL
The time has arrived: you’ve been tasked to install an SSL certificate for your AnyConnect configuration running on an FMC-managed FTD. You have a pre-issued certificate – an existing wildcard, perhaps – in PKCS12 format. You also have the issuer CA chain so you can import it for trust so the wildcard ID cert will be accepted. …… Continue reading AnyConnect (FTD), PKCS12, and OpenSSL
ISE, Active Directory, and Adblock
So you’re deploying Cisco Identity Services Engine (ISE) and say to yourself “hey, you know what would be great? If we joined ISE to our Microsoft Active Directory domain.” Great idea! ISE’s ability to tie into different types of external identity sources, including multiple AD domains, is one of its many great features. Naturally, you…… Continue reading ISE, Active Directory, and Adblock
CCIE #TBD 