Blog About All Things Technology

  • Netscaler for ISE Deployments

    In this post, I’ll detail the configuration for Netscaler ADC Load Balancer when it’s deployed for the purposes of load balancing multiple ISE nodes There’s already a great post by Brad Johnson available here: https://community.cisco.com/t5/security-knowledge-base/citrix-netscaler-cli-configuration-for-cisco-ise-radius-and/ta-p/4679861. I will expand on that configuration and add screenshots on how things are configured through the GUI. Topology I’m going […]

  • ASA VPN DNS Load Balancing with SAML

    It is very common for customers to place a set of ASA firewalls for remote access behind a single DNS entry. Specifically, Cisco Secure Client (Anyconnect) client on the users’ computers are configured to connect to a single URL and that URL resolves to external IP addresses of different ASA’s. Sometimes, the DNS entry is […]

  • Deploying CDO-Managed FTDv Cluster in Azure

    Many companies are shifting their workloads to the cloud and it’s important to deploy a level of segmentation to protect from Internet threats as well as Internal. Cisco has a next-generation firewall that has a perfect fit to handle this requirement. Starting with version 7.3, Secure Firewall Threat Defense (aka FTD) supports clustering capabilities that […]

  • Deploying CDO-Managed FTDv Cluster in AWS

    Many companies are shifting their workloads to the cloud and it’s important to deploy a level of segmentation to protect from Internet threats as well as Internal. Cisco has a next-generation firewall that has a perfect fit to handle this requirement. Starting with version 7.2, Secure Firewall Threat Defense (aka FTD) supports clustering capabilities that […]

  • Capture WiFi Credentials with GTC Downgrade

    Many security best practices discourage using corporate credentials such as Active Directory for connecting to wireless network. In this post, I’ll demonstrate just how easy it is for an attacker to capture iPhone user corporate credentials in clear text using GTC downgrade attack Background There are a number of protocols available for 802.1x authentication. However, […]

  • Intune for ISE Engineer

    I speak to many Cisco ISE customers and a lot of them are moving to Intune as their MDM platform. ISE has a robust integration with Intune which is documented in a few different documents. I wanted to put this document together that shows the entire flow of integration with screenshoots to help ISE engineers […]

  • Testing RADIUS from CLI

    When working with RADIUS products such as Cisco ISE, we frequently need to test authentication to validate that our policies are working. The obvious method to perform this testing is to stand up a network device such as a Wireless Controller, Switch or a VPN headend and connect to them using real endpoints. All of […]

  • ISE and F5 AWS Deployment with Terraform and Ansible

    In my first post, I’ll walk through configuration of Terraform and Ansible to fully automate deployment and configuration of ISE nodes behind an F5 Load Balancer with just one command. We will use AWS for this configuration. I plan to add a similar document for Azure in the near future aws.ciscodemo.net domain is used for […]