https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517580#M511144 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote" style="color: #000000; font-family: -webkit-standard;"><P></P><P><SPAN style="color: #44546a; font-size: 14.6667px;">Dear TME,</SPAN></P><P></P><P><SPAN style="color: #44546a; font-size: 14.6667px;">I need to know about Compatibility of Microsoft Direct Access VPN along with Cisco ISE &amp; Cisco any connect.</SPAN></P><P></P><P><SPAN style="color: #44546a; font-size: 14.6667px;">I could not find alot of data about it. So :</SPAN></P><P></P><P>1- Can ISE see the Microsoft direct access VPN server as a NAD &amp; communicate with it via Radius &amp; Issue COA?</P><P>2- Can anyconnect coexist with the Microsoft direct access VPN agent to do the posture part only?</P><P></P><P>Kindly do share more details or links about this.</P><P></P><P>Thanks,</P><P>Wissam</P><P></P></BLOCKQUOTE></BODY></HTML> Mon, 02 Apr 2018 14:16:37 GMT welchari 2018-04-02T14:16:37Z https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517580#M511144 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote" style="color: #000000; font-family: -webkit-standard;"><P></P><P><SPAN style="color: #44546a; font-size: 14.6667px;">Dear TME,</SPAN></P><P></P><P><SPAN style="color: #44546a; font-size: 14.6667px;">I need to know about Compatibility of Microsoft Direct Access VPN along with Cisco ISE &amp; Cisco any connect.</SPAN></P><P></P><P><SPAN style="color: #44546a; font-size: 14.6667px;">I could not find alot of data about it. So :</SPAN></P><P></P><P>1- Can ISE see the Microsoft direct access VPN server as a NAD &amp; communicate with it via Radius &amp; Issue COA?</P><P>2- Can anyconnect coexist with the Microsoft direct access VPN agent to do the posture part only?</P><P></P><P>Kindly do share more details or links about this.</P><P></P><P>Thanks,</P><P>Wissam</P><P></P></BLOCKQUOTE></BODY></HTML> Mon, 02 Apr 2018 14:16:37 GMT https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517580#M511144 welchari 2018-04-02T14:16:37Z https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517581#M511146 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #000000; font-family: -webkit-standard, serif; font-size: 10.5pt;">I am pretty sure that Microsoft direct access doesn't act like a </SPAN><SPAN style="color: #000000; font-family: -webkit-standard, serif; font-size: 14px;">traditional</SPAN><SPAN style="color: #000000; font-family: -webkit-standard, serif; font-size: 10.5pt;"> VPN service like anyconnect where you would bring up a tunnel and be required to do </SPAN><SPAN style="color: #000000; font-family: -webkit-standard, serif; font-size: 14px;">posture</SPAN><SPAN style="color: #000000; font-size: 10.5pt; font-family: -webkit-standard, serif;"> and then do a COA after posture is complete. Regardless only cisco VPNs support COA </SPAN></P><P></P><P>Therefore there is no integration or co-existence.</P><P><A href="http://techgenix.com/microsoft-directaccess-overview/" title="http://techgenix.com/microsoft-directaccess-overview/">Microsoft DirectAccess: An Overview</A></P><P><SPAN style="font-size: 10.5pt; font-family: '-webkit-standard',serif; color: black;"><BR /></SPAN></P><P><SPAN style="font-size: 10.5pt; font-family: '-webkit-standard',serif; color: black;">Added our VPN SME as well to keep me honest<BR /></SPAN></P><P><SPAN style="font-size: 10.5pt; font-family: '-webkit-standard',serif; color: black;"><A href="https://community.cisco.com//u1/148562">pcarco</A><BR /></SPAN></P><P><SPAN style="font-size: 10.5pt; font-family: '-webkit-standard',serif; color: black;"> </SPAN></P></BODY></HTML> Mon, 02 Apr 2018 15:54:51 GMT https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517581#M511146 Jason Kunst 2018-04-02T15:54:51Z https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517582#M511148 <HTML><HEAD></HEAD><BODY><P>Hello Wissam &amp; Jason,</P><P></P><P>Microsoft Direct Access is a Machine Tunnel and uses a certificate to achieve this tunnel - there is no user auth&nbsp;&nbsp;&nbsp; The tunnel is established by the machine and not the user which is completely different than AnyConnect.&nbsp; </P><P></P><P>CoA requires Radius for the AuthN&nbsp; or AuthZ so an endpoint with Direct Access is not going to work with ISE the way AnyConnect / System Scan and ISE integrate for CoA.</P><P></P><P>No, it can not co-exist the way you describe if the user is remote then then AnyConnect must establish the tunnel to the ASA and Auth to ISE.&nbsp; </P><P></P><P>Best regards,</P><P>Paul</P></BODY></HTML> Mon, 02 Apr 2018 20:15:12 GMT https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517582#M511148 pcarco 2018-04-02T20:15:12Z https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517583#M511149 <HTML><HEAD></HEAD><BODY><P>Thanks alot guys for the helpful answers.</P></BODY></HTML> Tue, 03 Apr 2018 07:14:45 GMT https://community.cisco.com/t5/network-access-control/microsoft-direct-access-vpn-interoperability/m-p/3517583#M511149 welchari 2018-04-03T07:14:45Z