10-02-2018 12:08 PM - edited 02-21-2020 08:18 AM
I found the ASA RADIUS attribute
CVPN3000/ASA/PIX7x-IE-proxy-lockdown 134
in the ISE Dictionary as well as listed here:
https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253
If at all, what ASA versions exactly do supported this attribute ?
Whats its Data Type ? string ? integer ?
What Values are valid ?
I found noting in the official ASA documentation about it,
but returning it from ISE for a successful SSL Authentication
a ASAv 9.8.3 seems to understand it at least halfways and
produces a syslog message
%ASA-4-113036 Group... IP ... AAA parameter <msie-proxy-lockdown> value invalid
Maybe some could have a quick look into the ASA sources ?
Thanks a lot !
Frank
Solved! Go to Solution.
10-04-2018 03:07 AM
Solved.
Systems tested on are ISE 2.3.0.298 Patch 5 and ASA 9.8.(3)11 interims
Attribute CVPN3000/ASA/PIX7x-IE-proxy-lockdown
has datatype INTEGER/uint32
Valid values apparently are:
0 - do not lockdown / hide the connections tab from IE settings
1 - lockdown / hide the connections tab from IE settings
To get it working, you have to correct the datatype in ISE System directory
and add the allowed values.
Now you can use the attribute in an authorization profile the on ISE
and assign values to users dialing in.
Would be great to see an updated ASA documentation in future
BR,
Frank
10-04-2018 03:07 AM
Solved.
Systems tested on are ISE 2.3.0.298 Patch 5 and ASA 9.8.(3)11 interims
Attribute CVPN3000/ASA/PIX7x-IE-proxy-lockdown
has datatype INTEGER/uint32
Valid values apparently are:
0 - do not lockdown / hide the connections tab from IE settings
1 - lockdown / hide the connections tab from IE settings
To get it working, you have to correct the datatype in ISE System directory
and add the allowed values.
Now you can use the attribute in an authorization profile the on ISE
and assign values to users dialing in.
Would be great to see an updated ASA documentation in future
BR,
Frank
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: