In this article, we’ll take a look at deploying a Meraki Virtual MX (vMX) in Microsoft Azure, and enabling a basic AnyConnect configuration on it for remote access VPN. This configuration includes a couple of specific steps required on the Azure side in order to properly allow inbound Anyconnect traffic to the vMX. Additional configurations…… Continue reading Basic AnyConnect on Azure-hosted Meraki vMX
Tag: cisco
Duo MFA for the ISE Admin GUI
So, you’ve adopted ISE: 802.1x everywhere, maybe some CTS/SDA, posture for remote VPN endpoints, even dabbling with Threat-Centric NAC and some pxGrid integrations – life is good! The network feels secure, you’ve got lots of visibility and control. SASE and ZTA feel like attainable goals. Then, it hits you: you’ve put MFA in front of…… Continue reading Duo MFA for the ISE Admin GUI
Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth
One of the foundational steps when configuring your Network Access Devices (NADs) in ISE is adding the NADs to relevant Network Device Groups (NDGs); NDGs allow you to create a descriptive and hierarchical attribute tree which you can apply to your NADs in order to streamline context visibility, reporting, Policy Set/rule match conditions, or simply…… Continue reading Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth
Shutting down the WebVPN Portal on FTD with FlexConfig
The Cisco ASA and FTD have a nice usability feature for client software distribution when running AnyConnect: by default, you can leverage the ASA/FTD itself as the AnyConnect software repository for your end-users. Navigating in a browser to your RAVPN URL will bring up the WebVPN login screen, which allows the end-user to authenticate and…… Continue reading Shutting down the WebVPN Portal on FTD with FlexConfig
AnyConnect (FTD), PKCS12, and OpenSSL
The time has arrived: you’ve been tasked to install an SSL certificate for your AnyConnect configuration running on an FMC-managed FTD. You have a pre-issued certificate – an existing wildcard, perhaps – in PKCS12 format. You also have the issuer CA chain so you can import it for trust so the wildcard ID cert will be accepted. …… Continue reading AnyConnect (FTD), PKCS12, and OpenSSL
ISE, Active Directory, and Adblock
So you’re deploying Cisco Identity Services Engine (ISE) and say to yourself “hey, you know what would be great? If we joined ISE to our Microsoft Active Directory domain.” Great idea! ISE’s ability to tie into different types of external identity sources, including multiple AD domains, is one of its many great features. Naturally, you…… Continue reading ISE, Active Directory, and Adblock
CCIE #TBD 