topic Re: LogOn Event for VPN Users in Network Access Control

LogOn Event for VPN Users

MSJ1 — Tue, 27 Jul 2021 01:58:28 GMT

Hello,

I knew that when a Cisco AnyConnect VPN user connects , for that user there is no VPN Logon Event is created in AD.

I normally use AD based rule in Firewall Rule , but for VPN Users not able to use any Firewall Rule using AD Group. This does not seem like work. And I use User Agent in FMC to get the IP to Username Mapping Info.

My question is , if use ISE instead of "User Agent" does this behavior will change for VPN user ?

Looking to know some user experience , who is aware of this problem and resolved the issue.

Any reference documentation, for this issue will be much appreciated.

Re: LogOn Event for VPN Users

Marcelo Morais — Tue, 27 Jul 2021 03:55:00 GMT

Hi @MSJ1 ,

please take a look at: AD Integration with Cisco ISE 2.x. and ISE Configuration for VPN.

Hope this helps !!!

Re: LogOn Event for VPN Users

MSJ1 — Wed, 28 Jul 2021 17:43:10 GMT

Hello @Marcelo Morais

I looked at this tube you shared ( ISE Configuration for VPN ) , here radius authentication is with ISE but in my scenario it is not.

in my scenario , FMC is managing firewall where I am thinking to implement ISE as Passive Identity Solution , when ASA is doing radius authentication from another radius server not the ISE.

Hence was asking If I can use ISE/ISE-PIC for my below issue

"normally use AD based rule in Firewall Rule , but for VPN Users not able to use any Firewall Rule using AD Group. This does not seem like work. And I use User Agent in FMC to get the IP to Username Mapping Info.

My question is , if use ISE instead of "User Agent" does this behavior will change for VPN user ? Will I be able to use AD Based Rule in FMC if I use ISE as Passive Identity Solution for VPN Subnet ?