Tried to migrate ACS 5.8 to ISE 3.0 but I was getting following message: “The server selected protocol version TLS10 is not accepted by client preferences [TLS12]”.
Since TLS 1.0 is disabled by default I had to enable it in java control panel (Oracle java 1.8) and also edit file C:\Program Files (x86)\Java\jre1.8.<some_version>\lib\security\java.security, remove TLSv1 from option jdk.tls.disabledAlgorithms and finally restart the migration application.
You can do the same in linux environment for openjdk by editing /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security
Tnx to stackoverflow
“Troubleshoot DHCP in Catalyst Switch or Enterprise Networks” as explained here.
“ASA DHCP Relay Configuration Example” with nice packet capture examples.
ssh to device, and connect to fxos
FTD> connect fxos
FXOS# scope chassis 1
FXOS/ chassis# show chassis inventory expand
Create bash script:
#!/bin/bash
wget -q https://talosintelligence.com/documents/ip-blacklist
ipblack=( $(cut -d ';' -f2 ip-blacklist ) )
echo "conf t"
for ip in "${ipblack[@]}"
do
echo "name $ip TALOS_BLACKLIST_$ip"
done
echo "no object-group network TALOS_BLACKLIST"
echo "object-group network TALOS_BLACKLIST"
for ip in "${ipblack[@]}"
do
echo "network-object host $ip"
done
echo "!"
echo "exit"Run it, copy-paste output to your ASA:
./talos-ipblacklist.sh > talos-blacklist.cfg
ASA(config)# management-access mgmt_interface
ASA(config)# nat (outside,mmgt_interface) source static RAVPN_POOL RAVPN_POOL destination static ASA_MGMT_IP ASA_MGMT_IP no-proxy-arp route-lookup
ASA(config)# ssh RAVPN_POOL management