Net Worker World

  Problem : ISE consumed license exceeded, but active sessions are less than consumed licenses. Solution 1 : Enter the command: # Application configure ise It will list out the Option to choose the command [1]Reset M&T Session Database Press 1 and Enter #Please note that, reset MNT session DB will restart the service, MW recommended. ** After this finish choose the below: [5]Refresh Database Statistics Press 5 and Enter Solution 2: On a windows 10 PC \windows\system32\ curl -X DELETE --ssl-no-revoke -u admin  https://ise-server/admin/API/mnt/Session/Delete/All or to ignore cert error curl -X DELETE -k -u admin  https://ise-server/admin/API/mnt/Session/Delete/All will see status SUCCESSFUL returned, Verify: https://ise-server/admin/API/mnt/Session/ActiveCount https://ise-server/admin/API/mnt/Session/ActiveList https://developer.cisco.com/docs/identity-services-engine/3.0/#!using-api-calls-for-session-management/stale-sessions To manuall

  ===== Backup and Restore method to upgrade ISE to 3.x ==== Current Deployment: two ISE nodes ISE01: Primary Admin Node, Secondary Monitoring Node. ISE02: Primary Monitoring Node, Secondary Admin Node. Upgrade steps: 1. Backup ISE configuration and optional operation data. 2. Export Certificates from both nodes (including private keys) 3. Export Running Configuration from both nodes into separate notepad files 4. Disconnect or shutdown ISE02 5. Build a new VM ISE3.x node with the same IP address, hostname, DNS, NTP, Domain Name and all other settings as ISE02 (all details are saved in the notepad file). 6. Restore backup to this new VM, this VM will be in standalone mode. 7. Import certificate and private key, install the patch to this new VM. 8. Make this new VM as Primary PAN/MnT, verify its functionality. 9. Disconnect or Shutdown ISE01 10. Build the 2nd new VM ISE3.x  with the same IP address, hostname, DNS, NTP, Domain Name and all other settings as ISE01 (all details are saved i

Summary: DMVPN stands for Dynamic Multipoint Virtual Private Network. DMVPN is used to create a hub-and-spoke VPN architecture. DMVPN Phase 1 provides hub-and-spoke communication. Spoke-to-spoke communication will always traverse the hub router.  DMPVN Phase 2 supports dynamic spoke-to-spoke tunnels (appropriate routing configuration required).  DMVPN Components: mGRE - Multipoint GRE eliminates the need for numerous point-to-point GRE tunnels. NHRP - Next Hop Resolution Protocol, used for mapping the WAN IP address to the GRE tunnel IP address. IPSec - IP Security, used for securing TCP/IP traffic. IPSec is optional but recommended. The Hub maintains a special NHRP database with the public IP Addresses of all configured spokes. Each spoke registers its public IP address with the hub and queries the NHRP database for the public IP address of the destination spoke it needs to build a VPN tunnel. mGRE  Tunnel Interface is used to allow a single GRE interface to support multiple IPSec tun

  1. FMC Following only download the updates (patches), not the major upgrade packages. System > Updates > [Download updates] downloaded updates are in the following directory. root@fmc:~# ls /var/sf/updates Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar.METADATA Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4-57.sh.REL.tar Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4-57.sh.REL.tar.METADATA Cisco_VDB_Fingerprint_Database-4.5.0-342.sh.REL.tar Cisco_VDB_Fingerprint_Database-4.5.0-342.sh.REL.tar.METADATA fix_sudoers.tgz sf.xml root@fmc:~# Update log and status root@fmc:~# ls /var/log/sf Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4   device_connection.log  sru-2019-08-12-001-vrt  verify_signature.log VDB_update_info.txt                        initial_setup.log      update.status data_service.log                           online-help            vdb-4.5.0-309 db_manage.log                              policy_deployment.log  verify_file_integ.log root@fmc:~# root@fmc://