In this post I will share with you how to fix AnyConnect Management Tunnel Disconnected (connect failed) error, but before jumping in here is a quick heads up on what AnyConnect Management Tunnel is. AnyConnect Management Tunnel is a very cool feature that allows us to do some maintenance works on the remote endpoints without asking the users any interaction.…
This post will cover one interesting root cause of getting AnyConnect Certificate Validation Failure. I was working on setting up a Cisco AnyConnect Management Tunnel, which I will cover in another post, and for some reason when I was trying to establish AnyConnect SSL VPN from a Windows client, it was just failing dropping the message Certificate Validation Failure on…
This post covers a potential issue that might cause a Palo Alto VPN tunnel to be up but with no traffic flowing between the encryption domains. Here is the scenario I came across with a site to site VPN tunnel between a Palo Alto and a Cisco ASA behind a NAT device. Basically, the VPN tunnel was configured with no…
This post will cover how to configure Palo Alto site-to-site VPN with Cisco ASA. However, the post will not cover any of the ASA configuration parts, but please check out Cisco documentation on this link if required. Configuring a site to site VPN tunnel on Palo Alto firewalls is not difficult, but it could be a little bit challenging for…
When it comes to security, the word blacklist is always tied to something bad. However, this is not the case when we deal with health policies in Cisco FMC. FMC offers a nice feature called health monitor blacklist. This feature allows us to suppress the health alerts related to one or more FTD appliances. Not only, the health monitor blacklist…
In this post I will show you how to promote ISE secondary PAN to be the primary. The process is pretty easy, the only thing is that there would not be a way to do this from the primary PAN. So, to promote the secondary PAN to be the primary we need to log into the secondary PAN, and promote…
In this post I will show you how easy is to use Active Directory OUs in Cisco ISE authorization rules. Although it is not very common, but there are still a lot of companies around that are using the Active Directory OUs to segregate the users in Active Directory rather than using the groups. In our lab we have an…
In this post I am going to show you how to shutdown Cisco FMC. I know it might seem basic, but some of us might not came across this task before. That would be the case if you are not a 100% focus on the FMC on a day to day activities. Anyway, there are three ways to shutdown Cisco…
In this post I am going to share with you how an FMC can register an FTD that was already registered with another FMC. In my lab I had two FMCs, and one FTD. The FTD was already registered with an FMC, and it had another FMC registration in pending state. What I have tried to do was to register…
In this post I am going to show you how to delete the pending manager in FTD. The reason why we would have a pending manager in the first place would be right after we register a manager (FMC) in the FTD, but before we add that FTD to the FMC. That is basically a pre-req before we can add…
