https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570385#M540948 <HTML><HEAD></HEAD><BODY><P>We have a customer evaluating ISE for his global Deployment. They are currently using&nbsp; Microsoft Direct Access as their VPN solution. Can we use ISE as a Policy engine for VPN Users while he continues to use Microsoft Direct Access as their VPN</P></BODY></HTML> Tue, 09 Feb 2016 06:27:39 GMT angogate 2016-02-09T06:27:39Z https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570385#M540948 <HTML><HEAD></HEAD><BODY><P>We have a customer evaluating ISE for his global Deployment. They are currently using&nbsp; Microsoft Direct Access as their VPN solution. Can we use ISE as a Policy engine for VPN Users while he continues to use Microsoft Direct Access as their VPN</P></BODY></HTML> Tue, 09 Feb 2016 06:27:39 GMT https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570385#M540948 angogate 2016-02-09T06:27:39Z https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570386#M540952 <HTML><HEAD></HEAD><BODY><P>if you're looking at pointing their VPN solution to use for RADIUS AAA then yes it should work via standard radius support, not really sure what you're gaining by doing this as to me it would seem that just using Microsoft DA against AD would be enough? Unless the solution requires RADIUS?</P><P></P><P>micrsoft direct access requires special servers that terminate ipsec tunnel and then forward access to their services</P><P></P><P>For ise posture services </P><P></P><P>ASA VPN supports radius coa and URL redirect to correctly work with ISE posture</P><P></P><P>otherwise for non cisco deployment you would use the following setup</P><P></P><P>ise requires special setup to work with IPN (inline posture node) where the radius server needs to talk to ISE</P><P></P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_ipep_deploy.html#pgfId-1261555" title="http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_ipep_deploy.html#pgfId-1261555">Cisco Identity Services Engine User Guide, Release 1.2 - Setting up Inline Posture [Cisco Identity Services Engine] - Ci…</A></P></BODY></HTML> Tue, 09 Feb 2016 11:35:00 GMT https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570386#M540952 Jason Kunst 2016-02-09T11:35:00Z https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570387#M540956 <HTML><HEAD></HEAD><BODY><P>Keep in mind if you are on ISE 2.0 or plan to upgrade to 2.0, IPNs are no longer supported.</P><P></P><P>It is best to design ISE without IPNs at this point as ISE 2.0 and above will see an increase in 3rd party devices support.</P></BODY></HTML> Tue, 09 Feb 2016 14:48:44 GMT https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570387#M540956 Cory Peterson 2016-02-09T14:48:44Z https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570388#M540961 <HTML><HEAD></HEAD><BODY><P>Very good point</P><P></P><P>We will be making third party support better in future releases but not likely to help with Microsoft direct access, will direct to the team to make sure</P></BODY></HTML> Tue, 09 Feb 2016 14:59:13 GMT https://community.cisco.com/t5/network-access-control/using-ise-with-microsoft-direct-access-da-vpn/m-p/3570388#M540961 Jason Kunst 2016-02-09T14:59:13Z