Another addition to posting about DUO and ISE integration. This time it is about password change. After researching various option I came across the following 3 solutions. 1. Add a dedicated connection profile, call it Password_Reset and authenticate users directly to LDAP or ISE. This works OK for this setup …
Tag: Cisco ASA
In continuation to my previous post about DUO and ISE integration, I came to a problem where I had to integrate ISE posture into the mix. Passing standard Radius attributes with the existing setup was not an issue but since posture required a bit more complicated authentication flow it did …
After upgrading a pair of Nexus-6k from 6.x code to 7.3(5)1 I’ve noticed a strange behavior where OSPF adjacency from Cisco ASA to Nexus was not forming over vPC peer link. All was working fine on 6.x code. Took a bit to figure it out and this article helped to …
Came across this task to set up a posture assessment for workstation domain membership check when connecting with Anyconnect (AC) VPN to Cisco ASA and enforce access based on compliance. ISE was already deployed for simple VPN authentication so, first of all, I had to make a decision on what …
After migration from Catalyst 3750-X to 9300 switch all of a sudden OSPF adjacency to ASA was not establishing. Since configuration did not change I started debugging it. Switch side was stuck in “INIT/DROTHER” state. ASA side had no neighbors. “Show OSPF” indicated that Area BACKBONE(0) was (Inactive). The interface …