Many good posts 1, 2 are out there with details so I’m just posting it here my reference. User from ASA inside network is trying to hit internal server on its public IP. Internal server is behind the same ASA. Internal user is PATed to ASA IP and server is …
Blog Posts
How to enable API on Cisco ISE, FMC, and ASA? The first two are easy but ASA was not. Cisco ISE. Follow this link. Very straight forward. Check if working by going to https://ISE_FQDN:9060/ers/sdk. Cisco Firepower Management Center (FMC). Not very intuitive but in the nutshell follow this setup. By …
I ran into this issue with 3800 AP when trying to join it to Mobility Express (ME) WLC over VPN. AP was one minor version off and was showing up on the ME but with an un-joint state. It also had this error message. AP having MAC Address [“***”] currently …
After IOS XE switch upgrade from 3.6.x to 16.9.x I lost port-channel configuration. While trying to apply it back on to the interface I got this error Command rejected: conflicts with IPv6 Snooping (FHS). This can be a potentially dangerous situation if the upgrade was done on the remote switch …
Another addition to posting about DUO and ISE integration. This time it is about password change. After researching various option I came across the following 3 solutions. 1. Add a dedicated connection profile, call it Password_Reset and authenticate users directly to LDAP or ISE. This works OK for this setup …