Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
3
Helpful
3
Replies

Easy Connect CWA compatibility

Go to solution
rovargas
Cisco Employee
Cisco Employee

‎07-04-2017 03:31 PM

What is stopping us to support Easy Connect along with CWA? According to Configure EasyConnect on ISE 2.1 - Cisco it is not supported.

I sucessfully tested it in my lab by merging the Limited Access Authorization profile with the CWA Authorization profile (adding "Passive ID Tracking" along with a limiting DACL to the normal CWA Authorization Profile and tweaking the URL-Redirect ACL to stop redirection to DC traffic).

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-04-2017 03:47 PM

What you did sounds very reasonable, but CWA + Easy Connect has not been tested by our product teams. The doc is written by TAC so I would suggest you to either leave a feedback at the doc site or contact him directly.

View solution in original post

3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-04-2017 03:47 PM

What you did sounds very reasonable, but CWA + Easy Connect has not been tested by our product teams. The doc is written by TAC so I would suggest you to either leave a feedback at the doc site or contact him directly.

Go to solution
Craig Hyps
Level 10
Level 10
In response to hslai

‎07-06-2017 06:49 AM

Correct.  At that point in policy it is simply a MAB auth result (or could even be 802.1X).  Only the tracking option in AuthZ Profile will specify whether CoA sent on successful MnT merge of passive ID info.  This was one of the core goals of rework done for 2.1 release to ensure EZC was based on standard MAB.

I assume you are specifically asking about the use of same Authorization Profile for dual use case?  If asking if CWA can be chained with EZC, then that certainly has not been tested.

0 Helpful

Go to solution
Juliano Luz
Level 1
Level 1

‎09-06-2018 03:38 AM

Hi, Rovargas,

 

Can you provide the screenshot with the policies you applied? We have contractors here that use their own laptop and I think easyconnect + CWA could be used to grant secure access to the network.

 

Regards,

0 Helpful
Customers Also Viewed These Support Documents