Cisco ISE – Basic 802.1x With Windows Part One (Active Directory Integration)
KB ID 0001074 Problem To carry out this procedure you should have your ISE appliance deployed, with all the basic settings on it. Over the next few articles I’m going to connect the ISE appliance to Active Directory, then configure the ISE Appliance for 802.1x. Configure RADIUS on both the appliance, and on my Cisco Switches. Then finally configure Windows Group Policy to enable the clients to authenticate to 802.1x. Solution 1....
Cisco ISE – Basic 802.1x With Windows Part Two – Configuring 802.1x Policies
KB ID 0001075 D Problem Back in Part One, we joined Cisco ISE to Active Directory, now we we will take the built in ISE policies and change them. This will allow our clients to authenticate, with the correct protocols. Solution 1. By default ISE will use pretty much any available protocol, we are going to use PEAP, although I’m also going to allow EAP-TLS (it’s more secure and if I start rolling out certificates I’ve...
Set Cisco ASA for Kerberos Authentication
KB ID 0000039 Problem You want to set up a Cisco ASA to authenticate users (VPN access for example). Solution Kerberos can only be used as an authentication protocol on the ASA, so its fine for allowing VPN connections but not for assigning policies etc. To work both the ASA and the domain need to be showing accurate time. Step 1: Set the ASA to get time from an External NTP Server 1. Log onto the ASA > Go to “Enable...
Cisco ASA – Enrolling for Certificates with NDES
KB ID 0000948 Problem To get your ASA 5500 firewall to enroll, and obtain a certificate from a Windows Server running NDES, this is the procedure you need to follow. Solution When dealing with certificates, it’s important that your firewall is maintaining the correct time. You can set this manually, but I’d recommend setting up NTP. Cisco ASA – Configuring for NTP 1. Make sure the firewall can contact the NDES...
iPhone / iPad – Using the Cisco AnyConnect Client
KB ID 0000474 Problem You have an Apple device and you would like to create a remote VPN connection to a Cisco device running AnyConnect. Note: This is not a walkthrough on how to configure AnyConnect, for that go here. Be aware that in addition to your SSL VPN licences your Cisco ASA device also needs a “AnyConnect Mobile – ASA 5510” license. If not you will receive this error. Solution 1. Firstly you need to...