While testing different Posture scenarios with the Cisco Anyconnect VPN client (version 4.10.05085) I came across an interesting issue. I was using the same PC and was switching test accounts back and forth. I needed to enforce a Posture policy on User1 while letting User2 login without deploying the Anyconnect …
Tag: Cisco ASA
I saw this issue with redundant internet up-links. Check routing for VPN gateway. I had encrypted subnet routing through secondary Internet connection but secondary VPN gateway IP was still routing through default primary Internet gateway. Once all the routing matched, VPN tunnel came up. …
Came across this issue when an un-answered DUO push takes down AAA servers on ASA into a failed state essentially preventing everyone from VPNing in. Design was similar to this post. In short un-answered DUO push on DUO proxy would cause ISE “Radius request dropped” log message due to “11353 …
Many good posts 1, 2 are out there with details so I’m just posting it here my reference. User from ASA inside network is trying to hit internal server on its public IP. Internal server is behind the same ASA. Internal user is PATed to ASA IP and server is …
How to enable API on Cisco ISE, FMC, and ASA? The first two are easy but ASA was not. Cisco ISE. Follow this link. Very straight forward. Check if working by going to https://ISE_FQDN:9060/ers/sdk. Cisco Firepower Management Center (FMC). Not very intuitive but in the nutshell follow this setup. By …