https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4267015#M564560 <P>Hi,</P><P>&nbsp;</P><P>You can collect values for your VPN users via Anyconnect ACIDex, but there are limited on ISE.</P><P>Check the following presentation</P><P><A href="https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-2725.pdf" target="_blank">https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-2725.pdf</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Jan 2021 13:23:27 GMT Panos Bouras 2021-01-05T13:23:27Z https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4266651#M564550 <P>Hello all,</P><P>I had a series of questions come my way regarding the profiling of devices that communicates to our internal/DMZ network either over the Internet or VPN tunnels.&nbsp; It is my understanding that ISE will only profile devices directly attached to our internal network as there are some configs that needs to be added to switches in order to ensure the necessary probes being used can profile the device appropriately.</P><P>&nbsp;</P><P><EM><STRONG>Question:</STRONG></EM> <EM>Is it possible to use ISE to also profile a device coming from an external network, such as the Internet or VPN tunnel, for the sole purpose of simply identifying (device type &amp; IP address) that device for security purposes?</EM></P><P>&nbsp;</P><P>My thinking is along the lines of how some Internet apps may use your device type to identify if you've ever logged into their service from that device before OR may send you a notification if a login was detected from a specific device that may be a security alert.</P><P>&nbsp;</P><P>Thanks in advance!</P><P>Terence</P> Mon, 04 Jan 2021 20:06:14 GMT https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4266651#M564550 Terence Lockette 2021-01-04T20:06:14Z https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4266878#M564557 <P>all depends on the attributes that are being sent along with the authentication, so if vpn user is authenticated with ISE and the firewall sends the accounting, this accounting packets usually contains mdm-tlv attributes that can be used for profiling the endpoint&nbsp;</P> <P>&nbsp;</P> Tue, 05 Jan 2021 09:08:48 GMT https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4266878#M564557 yalbikaw 2021-01-05T09:08:48Z https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4267015#M564560 <P>Hi,</P><P>&nbsp;</P><P>You can collect values for your VPN users via Anyconnect ACIDex, but there are limited on ISE.</P><P>Check the following presentation</P><P><A href="https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-2725.pdf" target="_blank">https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-2725.pdf</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Jan 2021 13:23:27 GMT https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4267015#M564560 Panos Bouras 2021-01-05T13:23:27Z https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4267018#M564561 <P>Thanks for your reply.&nbsp; I should've been clearer in my original post.&nbsp; I'm referring to external devices that do not belong to our network coming across an external network such as the Internet or IPsec VPNs.&nbsp; For instance, a vendor has a VPN tunnel set up to communicate with our internal servers, can ISE be used to identify the device attempting to talk to our server?&nbsp; Or, an employee using their personal device to connect to a server over the Internet in our DMZ.&nbsp; Can ISE be used to identify this device?</P> Tue, 05 Jan 2021 13:25:44 GMT https://community.cisco.com/t5/network-access-control/device-identification-over-the-internet-using-ise/m-p/4267018#M564561 Terence Lockette 2021-01-05T13:25:44Z